{"meta":{"status":200,"terms-of-use":"All data returned by this API is confidential and proprietary information of Tidal Cyber Inc. ('Tidal Cyber'). Use of the data returned by this API is governed by the Tidal Cyber Terms of Use, available at https://www.tidalcyber.com/terms-of-use, or, if applicable, the agreement between Tidal Cyber and the organization on behalf of which you are using this API and the information returned by this API."},"data":[{"id":"a869abd5-6c61-4c08-878e-1aa581a867f0","name":"032Loader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3799","tidal_id":"8380bd7e-373d-5268-b46b-9e47d30e128a","created":"2025-12-24T14:57:26.687287Z","modified":"2025-12-24T14:57:26.687291Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3179","group_id":"66b0f5f6-3377-4f5d-ac79-605dad9221f1","name":"Ink Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d1c1dea1-049d-4916-8347-f814c305f3fc","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"44a0a2b2-75c9-4a7f-9946-59bc5a341516","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"1f7542d1-809d-46e0-8a40-92c29f0d6593","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"04548638-7d44-4b0f-b180-31e27b23edd7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"71d76208-c465-4447-8d6e-c54f142b65a4","name":"3PARA RAT","type":"malware","source":"MITRE","software_attack_id":"S0066","tidal_id":"5b36a0d5-b28d-59b5-ac62-c95169389c9c","created":"2017-05-31T21:32:44.131000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]</sup>","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8ec16667-1db5-491a-8696-38f7948e5e5d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a15142a3-4797-4fef-8ec6-065e3322a69b","name":"4H RAT","type":"malware","source":"MITRE","software_attack_id":"S0065","tidal_id":"1a0414d3-a79d-5e69-9678-3c63e413d3ff","created":"2017-05-31T21:32:43.664000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]</sup>","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b14b2554-d61e-4cd0-93be-bcc53a6ae976","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4665e52b-3c5c-4a7f-9432-c89ef26f2c93","name":"7-Zip","type":"tool","source":"Tidal Cyber","software_attack_id":"S3023","tidal_id":"e57d34bd-aa4f-528d-be4d-6e0ebfc5bab2","created":"2023-08-18T18:56:18.474536Z","modified":"2023-08-18T18:56:18.474545Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"056f26b0-23b1-4724-8b75-9f3c5602f84e","name":"document.docx","description":"<sup>[[Trend Micro December 03 2025](/references/9ef527df-db8d-421e-82b4-2f50c8ab50f8)]</sup>","source":"USER","associated_software_id":"f4188f8d-db19-483f-b374-1d5c313d38ff","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"0ffcb313-6bc2-4fa0-ad10-135e14de59f9","name":"7zip.exe","description":"<sup>[[Trend Micro December 03 2025](/references/9ef527df-db8d-421e-82b4-2f50c8ab50f8)]</sup>","source":"USER","associated_software_id":"dd697969-c050-4986-9660-883efa8df912","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"cdfe3925-aa4a-4d22-940e-2aa6697a9911","name":"7-zip","description":"","source":"Tidal Cyber","associated_software_id":"b7942342-d390-408d-8d11-edff76322ff3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"7cf24704-2dff-47f5-bab6-5f8c7101e2f3","name":"7zG.exe","description":"<sup>[[The DFIR Report November 17 2025](/references/0b46ec32-fa74-4d0a-8816-0dab60e575cb)]</sup>","source":"USER","associated_software_id":"ffc664e6-eda0-4ba9-a49c-4df756a46d33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro Void Rabisu May 30 2023](/references/5fd628ca-f366-4f0d-b493-8be19fa4dd4e)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]</sup>","group_attack_id":"G3050","group_id":"ce126445-6984-45bb-9737-35448f06f27b","name":"APT42 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]</sup>","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"42de9f3d-46b2-4304-a68f-acbd9746e35f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"26221a82-ccc8-415a-a8c5-e0c9d2631a2f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"92c268bd-aa97-460f-82d4-0654f4d169d5","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"cf9441fc-56a1-4794-b4d2-50d1eb5fef25","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"d8523222-e577-484b-b3c5-a4f35420602e","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"318554b2-1665-4ec8-b073-bbc52894b5d2","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"a208999e-d9b3-434f-a34e-549c97b90fa4","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"df4a9758-74c4-4484-8e7a-e0e7aaeca68c","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"55917689-2a7d-419e-a908-de5881a74ace","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"efade95a-1a3e-46a7-b56e-3efd7b67f93b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"dd8f26ab-697b-468f-abba-239238c52c45","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4091fc66-af3c-4719-90e1-13e7ae08d3ec","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"9d4dfa8b-e9e6-49bb-b4af-f7896c3a9f25","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"88a5435f-5586-4cb4-a9c0-1961ee060a67","name":"8Base Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3061","tidal_id":"49f2f276-a518-5bd3-b119-42a6d2500f7e","created":"2024-06-13T20:12:28.456088Z","modified":"2024-06-13T20:12:28.456092Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3014","group_id":"00b45c13-d165-44d0-ad6b-99787d2a7ce3","name":"8Base Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f80ce14f-0029-4c01-839e-325c597ca4e0","tag":"1d06c2ad-3f16-44e4-908c-d6a3191aa29c"},{"id":"82d7c7b1-afd7-4d6d-8d4c-e8e0ce6b6d63","tag":"51946995-71d4-4bd3-9f7f-491b450f018b"},{"id":"8221e4c4-fdd9-4581-a316-d53630fa6113","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2d6ff630-c797-484a-a62b-e277f4502886","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"e80554d1-9c20-4bb3-bf0e-042cd7ddf4c1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"4076ba78-64a8-4089-bda0-77e1d766b91e","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"151c4373-9dda-4b96-9b7c-9cbde4a99c03","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3d33fbf5-c21e-4587-ba31-9aeec3cc10c0","name":"AADInternals","type":"tool","source":"MITRE","software_attack_id":"S0677","tidal_id":"452b1cf7-c058-5c34-ae9c-0a143e1c3733","created":"2022-02-01T15:08:45.007000Z","modified":"2022-08-03T15:01:46.965000Z","platforms":[{"id":"fe608ebe-d912-5489-95fc-914b226a933f","name":"Identity Provider"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"},{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC Nobelium Oct 2021](https://app.tidalcyber.com/references/7b6cc308-9871-47e5-9039-a9a7e66ce373)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) used the PowerShell module [AADInternals](https://app.tidalcyber.com/software/3d33fbf5-c21e-4587-ba31-9aeec3cc10c0) to create a back door within the victim tenant, thus allowing for the impersonation of any user in the organization and bypassing MFA to sign in to any application to include Office 365.<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1fc75668-1864-4ca5-9aed-ab0e437f04e7","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"208551f2-9997-44ba-a0c0-3bd65b6d230a","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"0c37c2e6-35c7-4bb9-ae73-6197401dc761","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5053c6a8-fc60-4805-a839-ed9f27c1cd42","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"986f1e4f-b4b5-4754-bd8b-a076a3f3cba2","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"394cadd0-bc4d-4181-ac53-858e84b8e3de","name":"ABK","type":"malware","source":"MITRE","software_attack_id":"S0469","tidal_id":"7bb43fb0-d6a2-50c1-88e8-3d5d033f7ad9","created":"2020-06-10T16:58:56.032000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"65a44696-83b7-4457-89d6-48ac8afc1ef0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"b87794e7-8246-546c-8083-23f769fb7557","name":"AbstractEmu","type":"malware","source":"Mobile","software_attack_id":"S1061","tidal_id":"b87794e7-8246-546c-8083-23f769fb7557","created":"2026-01-28T13:08:09.937840Z","modified":"2026-01-28T13:08:09.937843Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"61ed63a7-e895-5425-97e7-fb0a3ef28b9f","name":"ACAD/Medre.A","type":"malware","source":"ICS","software_attack_id":"S1000","tidal_id":"61ed63a7-e895-5425-97e7-fb0a3ef28b9f","created":"2026-01-28T13:08:18.118964Z","modified":"2026-01-28T13:08:18.118966Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"cce705c7-49f8-4b54-b854-fd4b3a32e6ff","name":"AccCheckConsole","type":"tool","source":"Tidal Cyber","software_attack_id":"S3324","tidal_id":"24c90e73-b1de-58b1-9d0e-290ee82a5151","created":"2024-01-12T14:48:26.610929Z","modified":"2024-01-12T14:48:26.610933Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d9cee454-5016-40f4-9c75-2b8eb684724d","name":"AccCheckConsole.exe","description":"<sup>[[AccCheckConsole.exe - LOLBAS Project](/references/de5523bd-e735-4751-84e9-a1be1d2980ec)]</sup>","source":"Tidal Cyber","associated_software_id":"9a77d9ce-dd34-4ff9-8b26-c74ef5055a2f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"acc31e91-8b34-4698-bbb0-782565d043a4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"eb013e0b-2147-4580-baf8-3b7d98fd62b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6bc29df2-195e-410c-ad08-f3661575492f","name":"AccountRestore","type":"malware","source":"Tidal Cyber","software_attack_id":"S3082","tidal_id":"c52e3846-b862-5aba-9f5f-a934e42b672a","created":"2023-09-22T15:01:33.211363Z","modified":"2023-09-22T15:01:33.211371Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9849894e-f172-4071-82f6-085c5a729f38","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"ead5e2c4-3b1b-5c0c-b4d6-cbb099b568ce","name":"AcidPour","type":"malware","source":"MITRE","software_attack_id":"S1167","tidal_id":"ead5e2c4-3b1b-5c0c-b4d6-cbb099b568ce","created":"2025-04-22T20:46:57.652773Z","modified":"2025-04-22T20:46:57.652778Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[AcidPour](https://app.tidalcyber.com/software/ead5e2c4-3b1b-5c0c-b4d6-cbb099b568ce) is associated with [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666).<sup>[[SentinelOne AcidPour 2024](https://app.tidalcyber.com/references/f6009712-7c94-5daf-82b4-c269454d6b1e)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"95daee1c-cc6f-4974-b9df-60e1555b5d4e","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"129df734-2e38-45a2-ac1b-e3a10e5224e7","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"cf465790-3d6d-5767-bb8c-63a429f95d83","name":"AcidRain","type":"malware","source":"MITRE","software_attack_id":"S1125","tidal_id":"ef44892a-7693-5e9c-9cb4-bd721f13a2fd","created":"2024-04-25T13:28:17.180894Z","modified":"2024-04-25T13:28:17.180897Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) is linked to [AcidRain](https://app.tidalcyber.com/software/cf465790-3d6d-5767-bb8c-63a429f95d83) deployment during the ViaSat KA-SAT incident in 2022.<sup>[[Vincens AcidPour 2024](https://app.tidalcyber.com/references/742c8a5c-21e5-58d8-a90d-f4c186c0699a)]</sup><sup>[[AcidRain JAGS 2022](https://app.tidalcyber.com/references/bd4a7b2e-a387-5e1b-9d9e-52464a8e25c9)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"30c49a5f-9af5-4776-a118-51f561e550bd","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"335f47a6-9c02-4194-9431-0e2008e46179","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"}],"owner_name":null},{"id":"202781a3-d481-4984-9e5a-31caafc20135","name":"Action RAT","type":"malware","source":"MITRE","software_attack_id":"S1028","tidal_id":"09d265f7-18f7-544c-88d4-1362b911c6b5","created":"2022-08-07T14:57:28.124000Z","modified":"2022-08-24T16:33:12.503000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1008","group_id":"31bc763e-623f-4870-9780-86e43d732594","name":"SideCopy","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1de35586-a9bb-4377-971c-1ba7b08b29e1","name":"AdaptixC2","type":"malware","source":"Tidal Cyber","software_attack_id":"S3611","tidal_id":"6d7107f4-dc79-5f5c-a265-aa43eae9312a","created":"2025-10-24T16:13:49.023027Z","modified":"2025-10-24T16:13:49.023030Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3e8b2cd9-a20c-4400-96d9-2f8ac15c2007","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"e52ec493-6e5e-4f3f-8c2c-42062191d226","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"20296b8d-b80a-4c64-a358-d851528ab6fe","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"ab30edc7-3e2f-4c7e-86d2-7927eb7b6ab5","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"b2c72ee5-fb44-466a-a2c6-118e3fb39b55","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"d3dc0cb5-1aab-4012-929e-c2795cb3e791","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"27db16c8-733d-470d-ad0c-143033bd0da2","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"27b1215f-224b-46be-bf8b-eefd1a27b0b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"54bf5b85-462d-4cef-8c9c-4400f5fceae8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f52e759a-a725-4b50-84f2-12bef89d369e","name":"adbupd","type":"malware","source":"MITRE","software_attack_id":"S0202","tidal_id":"8369033a-27f4-5522-96f7-2b8aa2aeb350","created":"2018-04-18T17:59:24.739000Z","modified":"2020-03-30T18:33:31.623000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft PLATINUM April 2016](https://app.tidalcyber.com/references/d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297)]</sup>","group_attack_id":"G0068","group_id":"f036b992-4c3f-47b7-a458-94ac133bce74","name":"PLATINUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f4d307c8-8efd-4395-8889-790b6ad6cf80","name":"AddInProcess32.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3912","tidal_id":"72bbccf9-8245-5088-a349-493b5ce41f36","created":"2026-01-14T13:31:34.308952Z","modified":"2026-01-14T13:31:34.308956Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"075b1df9-ecbe-443d-8760-37573e61bbf7","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"76ef37c2-5eb6-4abc-ab46-500bb56a4b4b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bc498e22-5911-4126-8d33-02b943342bfc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"253f97c3-ba35-4064-8ec0-892872432214","name":"AddinUtil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3190","tidal_id":"acaccd65-358a-5422-9e67-1c70927a8e5d","created":"2024-01-12T14:47:40.547978Z","modified":"2024-01-12T14:47:40.547984Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d09bd642-055d-4626-8324-ff5d97488672","name":"AddinUtil.exe","description":"<sup>[[AddinUtil.exe - LOLBAS Project](/references/91af546d-0a56-4c17-b292-6257943a8aba)]</sup>","source":"Tidal Cyber","associated_software_id":"200ecd1e-c1a6-41a3-bb9a-ee687334c2c1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"63be1071-7e3f-4ef4-bb96-041a58e3c1a7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"be1e081f-1629-458d-9cd1-d4a62025c857","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"95a3a665-3a6b-4e93-8b62-2a9ddc6eb37c","name":"AD Explorer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3648","tidal_id":"158dda48-e7aa-5132-a5d6-6662173c16cc","created":"2025-11-19T17:45:41.603249Z","modified":"2025-11-19T17:45:41.603251Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d08d9b0c-bc8d-4fa4-9464-c9c2707ba264","name":"Sysinternals AD Explorer","description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","source":"USER","associated_software_id":"942a8b9a-0809-4217-a608-ff011cae14ea","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"cb67204c-8a42-4715-b678-1de591e568ef","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"83936f2f-508f-4d31-b474-2e69b4d63ead","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"70559096-2a6b-4388-97e6-c2b16f3be78e","name":"AdFind","type":"tool","source":"MITRE","software_attack_id":"S0552","tidal_id":"ede51080-65ef-5985-a3ca-a9e25fdcc724","created":"2020-12-28T18:35:50.244000Z","modified":"2022-09-29T20:40:24.739000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Mustang Panda](https://app.tidalcyber.com/groups/4a4641b1-7686-49da-8d83-00d8013f4b47) has utilized [AdFind](https://app.tidalcyber.com/software/70559096-2a6b-4388-97e6-c2b16f3be78e) for enumerating domain groups, users, and computers.<sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [AdFind](https://app.tidalcyber.com/software/70559096-2a6b-4388-97e6-c2b16f3be78e) to query Active Directory in victim environments.<sup>[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 Cuba August 9 2022](/references/06f668d9-9a68-4d2f-b9a0-b92beb3b75d6)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye Ryuk and Trickbot January 2019](https://app.tidalcyber.com/references/b29dc755-f1f0-4206-9ecf-29257a1909ee)]</sup><sup>[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)]</sup><sup>[[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)]</sup><sup>[[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Analyzing Solorigate Dec 2020](https://app.tidalcyber.com/references/8ad72d46-ba2c-426f-bb0d-eb47723c8e11)]</sup><sup>[[CrowdStrike StellarParticle January 2022](https://app.tidalcyber.com/references/149c1446-d6a1-4a63-9420-def9272d6cb9)]</sup><sup>[[ESET T3 Threat Report 2021](https://app.tidalcyber.com/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Cicada November 2020](https://app.tidalcyber.com/references/28a7bbd8-d664-4234-9311-2befe0238b5b)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)]</sup><sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) used [AdFind](https://app.tidalcyber.com/software/70559096-2a6b-4388-97e6-c2b16f3be78e) during operations.<sup>[[Symantec BlackByte 2022](https://app.tidalcyber.com/references/965503f6-e5f9-5c98-b0c4-1211e44346d9)]</sup><sup>[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"7c1c0169-25ed-4ccc-859d-9e1ffada0126","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"e595b9a3-62b4-4745-bf2d-bffc650db8ea","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6ad123f3-20a6-4d38-b9d3-5e22992bdba9","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"7d900ce2-4ec6-4141-99ac-ae7bd317f97c","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"3ef13b8f-35e8-4b8a-8a03-effcdd073f12","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"1f79865f-8737-495d-9afc-3a671659c658","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"acd63a0c-f175-4142-9dda-e761daec435f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e71d9661-c3cd-47c4-a6d9-dcd9a12140fc","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1f7f1537-c9dd-4e25-b4bb-683ada881328","tag":"3a633b73-9c2c-4293-8577-fb97be0cda37"},{"id":"4f750ec0-2426-476e-971d-84ccfc9b165b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"17bd1467-722c-455b-9485-15a8fe36dc65","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"5a2455ef-9513-4097-a572-c5e66246d129","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"94052dc8-df6c-40de-b87a-d4dc1dd522bc","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"20b1547b-bf30-4841-94cf-6add39700fd2","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"8a0e1bbe-920c-482e-b63d-628198bb46ff","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d239e054-383d-4517-9407-05feaeb6ec70","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f3cb3dee-5e90-4cec-91ee-0bfa8edd6300","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"0ed9c048-12fe-41f8-b7ec-28fda9d522cf","name":"Adobe Creative Cloud Helper (Creative Cloud Helper.exe)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3795","tidal_id":"e115149a-5506-51c5-b24b-3e5e45860f7b","created":"2025-12-24T14:57:26.090293Z","modified":"2025-12-24T14:57:26.090298Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","group_attack_id":"G3178","group_id":"3be36063-6383-42b5-ad7e-f41abf84f1ae","name":"Autumn Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fd8839e0-ffa2-4bd7-a56a-6c7e8ac14958","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"cbab9cdb-19d9-435b-8f47-8e20eea8113e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1f16d1ab-c340-4a1c-917f-b458175b80f8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b2a5aaac-f7a4-4fab-8431-a11e81b36372","name":"ADODB.Stream","type":"tool","source":"Tidal Cyber","software_attack_id":"S3929","tidal_id":"9b992d44-6d6f-5bff-856d-c32eef97c07d","created":"2026-01-14T13:31:37.203971Z","modified":"2026-01-14T13:31:37.203975Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2084fc91-03e6-47e7-8adb-72989e31c885","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"60eb0a69-a2f3-48b0-ab79-6be4c1446d48","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0586dab8-2f8f-40db-bc75-ed543c8e7889","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3f229fe8-4d03-48ba-97b5-d7132510e090","name":"adplus","type":"tool","source":"Tidal Cyber","software_attack_id":"S3325","tidal_id":"24014676-bd66-5e22-be77-c76d93af3a69","created":"2024-01-12T14:48:26.975541Z","modified":"2024-01-12T14:48:26.975544Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"86e4b24f-f2fd-428e-a1bc-5ce17899e6e9","name":"adplus.exe","description":"<sup>[[adplus.exe - LOLBAS Project](/references/d407ca0a-7ace-4dc5-947d-69a1e5a1d459)]</sup>","source":"Tidal Cyber","associated_software_id":"1db1d4d7-d442-457d-afb9-5c3dcb21645a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e8ca5da9-5d80-47ad-a868-2b34c9f9b4e0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1d3a2c54-a750-441c-b3e3-0b72fb039da7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c227bea1-9996-49d6-97ca-10a2fc156747","name":"ADRecon","type":"tool","source":"Tidal Cyber","software_attack_id":"S3111","tidal_id":"d2e30eab-d2f8-5cf0-a0c4-a6e13d32baff","created":"2024-03-07T21:01:06.177895Z","modified":"2024-03-07T21:01:06.177900Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"228f98f0-ee48-4f84-b300-119c026ea1e6","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"519dfb8e-d26e-4868-8b7a-2085f400ffd1","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"533b834c-c72d-44a2-96da-b0d43e197459","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"dd87ae57-86aa-4eec-a396-9c2e0d7971c9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"a2d09e05-61d5-5a61-be78-20a48a6514ed","name":"Adups","type":"malware","source":"Mobile","software_attack_id":"S0309","tidal_id":"a2d09e05-61d5-5a61-be78-20a48a6514ed","created":"2026-01-28T13:08:09.939240Z","modified":"2026-01-28T13:08:09.939242Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ff0af6fd-e4a1-47c9-b4a1-7ce5074e089e","name":"Advanced IP Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3024","tidal_id":"0a50fc9a-4faf-5dee-8464-9d03df040660","created":"2023-08-18T18:56:18.738044Z","modified":"2023-08-18T18:56:18.738057Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"210bf606-0cdf-407c-8cc0-b6cb239580ef","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"718e1868-c01f-4255-8f82-b2d1871ccaa3","tag":"da180b04-2897-4416-a904-9d7e336d9ee4"},{"id":"02a58e4f-7ded-424f-a677-dd54b30e7b62","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"8dcd68b1-a70c-43a6-a88c-65ba61760611","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"7d03eb01-16c6-4f74-9947-e3ed752a2e6a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b7e69c1b-a117-4ddd-8d2f-02298322f90e","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c39b4c8e-abb8-4a9d-bc74-1bcc33e749df","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"8fa71c6e-92a5-4085-b3a9-cc93146416d6","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a254d184-fc80-4ecd-a0be-bc30fd2adc63","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"eae15634-51fe-4cf5-b57e-45e4a88588e6","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"34045032-037e-4b58-ba36-122f31d7f6a8","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"3b5582af-0857-418d-b314-9de46d6b8f58","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"154ebf13-68ed-4865-9bcd-cf2d1fc9bea3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"76edb85b-3214-48ba-a218-ab8cfd60fdb4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b2140131-64ce-40e1-8802-92562f406c00","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fe676550-907e-4299-a573-53304cf04bcf","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f93b54cf-a17c-4739-a7af-4106055f868d","name":"Advanced Port Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3025","tidal_id":"e0578fbe-99e8-5029-b45a-1afda321877f","created":"2023-07-14T12:56:38.454615Z","modified":"2023-07-14T12:56:38.454619Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","group_attack_id":"G3134","group_id":"45a5d563-0e93-405a-ae8c-cca71e88f441","name":"J Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Unit 42 Vice Society December 6 2022](/references/6abf7387-0857-4938-b36e-1374a66d4ed8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"41a01832-f948-4fea-89b3-30dd3d7e469d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"300ddb8a-9a92-46fa-b842-9711c6b7b89b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"85ca6338-bd11-48cc-a58a-8afea0c5a40a","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"855b7069-cbee-4816-803a-e4be2515d118","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"618f4828-6148-4d42-b5ee-f88e2769b534","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"b24eb346-caa6-4b87-9d17-758238c9ebcf","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"28abefe4-e6c1-4907-a3aa-ccd3636eb854","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"ed1cf877-ef1c-4d5b-a704-33232ba82d59","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2522a3c0-6e44-45ec-b8da-094484e0819a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"ce7b0165-4f79-4281-9653-77e2029630fe","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5652dd94-5b8d-4a78-ad08-d0c9d9c22d2d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7ef15943-8061-4941-b14e-9634c0b95d28","name":"AdvancedRun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3026","tidal_id":"7c200850-4c76-5b7b-926c-9045c807eb64","created":"2023-08-18T18:56:18.991326Z","modified":"2023-08-18T18:56:18.991334Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"437013a8-8caf-4ce9-9646-d012a7582438","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"113fcc45-158d-4585-9531-40ca35c498ee","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"9347d61b-cd00-4a29-a626-9c7f08c455aa","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"27683fb4-a600-4ab7-9778-e35646db0cb1","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8aced241-1f04-449c-a3bd-6b1d779392db","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3d07afa0-2a7a-412c-944a-b8cd2ded1b84","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"96648847-ace1-4841-bc8d-2cb2b6050294","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"debfa5ce-7d43-4bfc-b722-fcb19bf56c9a","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"50aeb3de-82a2-4cc9-8045-e0228b0509d1","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"5223a069-d36c-4d6f-a584-8de37bccc892","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b33ed4f8-1ba4-4d8d-ad79-9fe007b58b71","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6abb5923-cf6a-4f9e-bf5a-cac5ce4f1253","name":"ADVobfuscator","type":"tool","source":"Trellix TIG","software_attack_id":"S3443","tidal_id":"e75e008a-1b71-588d-a508-c6c4426537be","created":"2025-04-11T15:06:49.349195Z","modified":"2025-04-11T15:06:49.349199Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"6c82fc65-864a-4a8c-80ed-80a69920c44f","name":"Advpack","type":"tool","source":"Tidal Cyber","software_attack_id":"S3308","tidal_id":"5757489d-b7ec-5c14-98fd-53b1b011abc7","created":"2024-01-12T14:48:20.704097Z","modified":"2024-01-12T14:48:20.704100Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"44a4a888-434d-46fa-998d-621999a2f99a","name":"Advpack.dll","description":"<sup>[[Advpack.dll - LOLBAS Project](/references/837ccb3c-316d-4d96-8a33-b5df40870aba)]</sup>","source":"Tidal Cyber","associated_software_id":"0c7f7926-3935-46ea-b430-3841acab3120","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2583b679-4b6d-4c48-a3f5-ff319c3184fb","tag":"7a457caf-c3b6-4a48-84cf-c1f50a2eda27"},{"id":"851ebe35-ffb8-406d-8a93-533a6ef452ac","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"691807ca-fe90-453f-b795-85738fa6e0cd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ef7f4f5f-6f30-4059-87d1-cd8375bf1bee","name":"ADVSTORESHELL","type":"malware","source":"MITRE","software_attack_id":"S0045","tidal_id":"291736f1-12d6-558f-9372-789dc7d1466b","created":"2017-05-31T21:32:34.648000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3301e250-f632-4680-897c-137c01399ffb","name":"AZZY","description":"","source":"MITRE","associated_software_id":"60d36859-4803-4a84-8ce6-b7aead8b0dd8","owner_id":null,"owner_name":null},{"id":"2d1033ed-dcb0-4ff8-b994-c27c7472e4e5","name":"EVILTOSS","description":"","source":"MITRE","associated_software_id":"87b3c2d9-49fa-4f4d-bcc0-91c610aafd3e","owner_id":null,"owner_name":null},{"id":"ae90ab5b-29e8-41c2-b814-686e7e6f40f6","name":"NETUI","description":"","source":"MITRE","associated_software_id":"aee4bdbe-dcdb-456e-b198-a9ec4dd0dea9","owner_id":null,"owner_name":null},{"id":"404e76ad-994c-4cc3-b20a-3d3d2143d8bf","name":"Sedreco","description":"","source":"MITRE","associated_software_id":"66cd7902-e578-4054-8dc4-a5e027e914b4","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)]</sup><sup>[[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"70a54294-2e0b-4e68-8c88-561b3f69aa92","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8d65e441-db93-4393-98db-4ce8889700e2","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"45c08a24-a8ab-4f19-b03f-30c37b6feea9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f27c9a91-c618-40c6-837d-089ba4d80f45","name":"Agent.btz","type":"malware","source":"MITRE","software_attack_id":"S0092","tidal_id":"c9afa306-8f88-5965-80ac-add2ce5c43f2","created":"2017-05-31T21:32:59.153000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7b341594-0660-4e4e-aaba-5013cf1c5675","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"18620874-7c4e-4330-a340-9ae8a541ca29","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"27fa7573-c1d3-4857-8a45-ef501c8ea32c","name":"AgentExecutor","type":"tool","source":"Tidal Cyber","software_attack_id":"S3326","tidal_id":"dd9a71ee-88fe-53a6-a6ae-cef8040cb681","created":"2024-01-12T14:48:27.349682Z","modified":"2024-01-12T14:48:27.349686Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c58bc73c-1b0a-4a56-9ba4-e79db95da968","name":"AgentExecutor.exe","description":"<sup>[[AgentExecutor.exe - LOLBAS Project](/references/633d7f25-df9d-4619-9aa9-92d1d9d225d7)]</sup>","source":"Tidal Cyber","associated_software_id":"15123fcb-0ba8-492a-bada-552d828af096","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e4457990-cb83-4b31-9638-0ba09dc3b8e9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e2a975eb-262d-4bf9-b1de-00cd6b508d64","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"20bd2fcf-47f4-5a17-8da2-144f231696dd","name":"Agent Smith","type":"malware","source":"Mobile","software_attack_id":"S0440","tidal_id":"20bd2fcf-47f4-5a17-8da2-144f231696dd","created":"2026-01-28T13:08:09.938675Z","modified":"2026-01-28T13:08:09.938676Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"304650b1-a0b5-460c-9210-23a5b53815a4","name":"Agent Tesla","type":"malware","source":"MITRE","software_attack_id":"S0331","tidal_id":"9436e32a-c442-5ac2-8d56-22fd29f0f7e8","created":"2019-01-29T18:44:04.748000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]</sup>","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ea249f32-31ba-4d59-95c6-83aa2a078ad7","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"81148fb1-4c56-4fd8-bcab-412496f5f747","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"dcae2748-7383-4a87-b3bd-c6a807099424","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"a113f4f7-25bf-4dde-bebd-fdd5d862c9b0","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"b4ff0827-e41b-4651-91ec-057e35655d72","name":"Agile.net","type":"tool","source":"Tidal Cyber","software_attack_id":"S3684","tidal_id":"77ddc1e2-1b29-5d9c-9db4-745cb6b9f1e7","created":"2025-12-10T14:14:53.839143Z","modified":"2025-12-10T14:14:53.839146Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"964cee34-9d89-403a-8226-47e4fc490f0c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"de26150b-d2d9-4e14-ac8c-4d5bcf99d0a3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6237aa4d-1026-52b8-a612-b3e7d24b081b","name":"AhRat","type":"malware","source":"Mobile","software_attack_id":"S1095","tidal_id":"6237aa4d-1026-52b8-a612-b3e7d24b081b","created":"2026-01-28T13:08:09.937774Z","modified":"2026-01-28T13:08:09.937775Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3f5582b4-9419-42ab-b0d9-faead3a4fb0b","name":"Aisuru","type":"malware","source":"Tidal Cyber","software_attack_id":"S3637","tidal_id":"51fb1a35-cf69-5e46-912a-6dc445a724ae","created":"2025-11-19T17:45:39.964986Z","modified":"2025-11-19T17:45:39.964990Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"54e69dec-4424-42c5-a530-f5335f87dc1d","name":"Turbo Mirai-class IoT botnet","description":"<sup>[[TECHCOMMUNITY.MICROSOFT.COM November 17 2025](/references/2a8948a9-f566-4ea0-898f-9b0734066d00)]</sup>","source":"USER","associated_software_id":"8ef92af9-7660-480f-9b20-74466a60d24f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"81f10850-9279-4013-ad78-412d6d965588","name":"AIRASHI","description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","source":"USER","associated_software_id":"8ee58f7b-85ee-4258-89bb-292349e5be54","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"609d40a2-b0f0-4725-a169-e91938a916fb","name":"kitty","description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","source":"USER","associated_software_id":"6f6c41ac-76dd-4b87-a20e-444714658d08","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[TECHCOMMUNITY.MICROSOFT.COM November 17 2025](/references/2a8948a9-f566-4ea0-898f-9b0734066d00)]</sup>","group_attack_id":"G3150","group_id":"3968e084-45b6-48a1-9f19-3d9152cd7053","name":"Aisuru botnet operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"848325ab-b285-47d4-8176-2f8d94fd2d99","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"953a89a5-1f48-4a09-aacd-a94ef86b0b7b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"55a7d6f6-d01d-4770-b10f-940970f679fd","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"3956507e-8147-43fa-abd4-345969420e19","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"74f7508c-06dc-4d0f-ad1e-c52469bb39d3","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"abea3ae9-7c02-442c-a8ec-715fb3c41b98","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"4e0284ab-8a69-450b-affb-fbb3bcf373e6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ed7b82fe-efc5-4201-a14c-eb776da8cd59","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"96ae0e1e-975a-5e11-adbe-c79ee17cee11","name":"Akira","type":"malware","source":"MITRE","software_attack_id":"S1129","tidal_id":"b6c06957-3d86-579a-a81a-2d7d25b8a8c6","created":"2024-04-25T13:28:19.427649Z","modified":"2024-04-25T13:28:19.427652Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kersten Akira 2023](https://app.tidalcyber.com/references/df191993-a2cb-5d26-960c-11d1c6d3d73b)]</sup><sup>[[Cisco Akira Ransomware OCT 2024](https://app.tidalcyber.com/references/fa57d7ae-c0d2-58cd-8a91-a242f7348d60)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2f6e6b57-f89a-4bba-85ed-b6318b381336","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"b95ca7f3-8826-46bd-8a7b-e9922e81e61a","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"264708f9-1d11-490f-8253-3ce0b9d079e5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"479b448a-5cef-4a3b-a4fb-c95648655836","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ea82e8c2-9988-4c4f-a55b-ac5de61bdeb5","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"cd9e98cb-0dd0-425a-bf71-d0801ba38c00","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"e14b1eaf-c6c4-4067-869a-9007616c62fa","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"}],"owner_name":null},{"id":"48f864a6-724e-4dbc-8428-981670bcd07a","name":"Akira (Linux/ESXi)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3414","tidal_id":"bfe388ca-44b2-5872-8c57-5110b2d01ba9","created":"2024-12-10T14:33:15.768972Z","modified":"2024-12-10T14:33:15.768976Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Cyble September 21 2023](/references/c9a58515-f911-4328-9237-daccd88711a5)]</sup><sup>[[Unit 42 December 2 2024](/references/3d0c4862-a67e-4f8e-8045-05596854f14b)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e37c6464-a83f-4c4f-ad21-39692b3d6731","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"9f12e45d-3473-45a7-80b4-63030ae29b5d","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"45295417-66d1-4070-abe7-e7685ceffa83","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"af3ac8b1-e6df-4c08-aaf2-d1e7611a2284","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"63ccce73-f86b-424d-8dc8-06fff37c846d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8b5ac1e6-82b3-400c-82ac-daf07aaacb23","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"23bfb1d1-2000-5b0e-8f68-5bd67dc31d44","name":"Akira _v2","type":"malware","source":"MITRE","software_attack_id":"S1194","tidal_id":"23bfb1d1-2000-5b0e-8f68-5bd67dc31d44","created":"2025-04-22T20:46:59.483104Z","modified":"2025-04-22T20:46:59.483108Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[CISA Akira Ransomware APR 2024](https://app.tidalcyber.com/references/bfa99833-7ddf-576a-958c-adac87da09c8)]</sup><sup>[[Cisco Akira Ransomware OCT 2024](https://app.tidalcyber.com/references/fa57d7ae-c0d2-58cd-8a91-a242f7348d60)]</sup>\n<sup>[[Palo Alto Howling Scorpius DEC 2024](https://app.tidalcyber.com/references/26d3e738-8921-51bc-a71c-7e74278a6a78)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e140cb40-e9da-48a6-9fa9-348623e5a24f","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"517d7cef-f9f1-4a3f-a55e-8e367eadff70","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"4f6bddeb-0a07-4ba4-9d4d-1604896721a9","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"facdf18c-54b3-4298-a6d1-85dabe04b1cb","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"1fbd4334-69e3-4992-920b-97c4120d2988","name":"All.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3593","tidal_id":"9689effe-ee79-516c-9a3f-19a5235ac736","created":"2025-10-17T17:09:53.422317Z","modified":"2025-10-17T17:09:53.422319Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"932e68da-c2e6-4ac1-b1a5-afc011d4d4f5","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"fac0f84e-5055-49c7-b121-316b3bf084b4","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"c775b910-4f14-41d6-8542-81e43642b5f3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"aabf3166-b754-45af-ab9e-e7b5bf014269","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a0594b1c-5c02-537f-af59-6d48188b3ced","name":"Allwinner","type":"malware","source":"Mobile","software_attack_id":"S0319","tidal_id":"a0594b1c-5c02-537f-af59-6d48188b3ced","created":"2026-01-28T13:08:09.937539Z","modified":"2026-01-28T13:08:09.937540Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f173ec20-ef40-436b-a859-fef017e1e767","name":"Amadey","type":"malware","source":"MITRE","software_attack_id":"S1025","tidal_id":"e61da200-a3ed-5de0-aa68-4ba4475dba0e","created":"2022-07-14T17:30:54.927000Z","modified":"2022-10-14T21:33:47.608000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Korean FSI TA505 2020](https://app.tidalcyber.com/references/d4e2c109-341c-45b3-9d41-3eb980724524)]</sup><sup>[[BlackBerry Amadey 2020](https://app.tidalcyber.com/references/21b7a7c7-55a2-4235-ba11-d34ba68d1bf5)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup><sup>[[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Frequent freeloader part II](/references/ac413fbf-766c-41f4-8a48-2ade5913e6ea)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4c6504e2-f553-4bee-8f3f-276f7d19e062","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"48bf5f7d-6093-4fad-bfa6-6c8f6449dfef","tag":"fa84181d-fd9a-4c7b-8e18-e47011993b5e"},{"id":"9d746ba0-5092-485f-9d9c-c5e21fd41776","tag":"263adb48-051c-4384-90cf-1d4c937c3f05"},{"id":"946d998b-11df-4457-bd1b-3dcde981ebb4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9b7d15c0-d137-4fe3-a9d3-72f809f13681","name":"Amatera Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3683","tidal_id":"7c6c9573-e50a-564b-bfb2-9be071f1fbd8","created":"2025-12-10T14:14:53.673245Z","modified":"2025-12-10T14:14:53.673249Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"efb71ba6-97ed-4ea1-abbe-76c164513147","name":"ACR Stealer","description":"<sup>[[eSentire November 13 2025](/references/f346f327-f0e4-4405-bf3c-c0723c23384f)]</sup>","source":"USER","associated_software_id":"d5a94b0a-fdc2-435a-8a9d-de809295bba3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"d3da1632-23f9-4e7a-89f0-7edb37a6e654","name":"AcridRain Stealer","description":"<sup>[[eSentire November 13 2025](/references/f346f327-f0e4-4405-bf3c-c0723c23384f)]</sup>","source":"USER","associated_software_id":"22b86db1-684f-4428-bc10-6189cb2cbf94","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[eSentire November 13 2025](/references/f346f327-f0e4-4405-bf3c-c0723c23384f)]</sup>","group_attack_id":"G3155","group_id":"bd396d01-231e-4b59-ab3d-fbf1aceb2a26","name":"SheldIO","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7dd0c742-c1b6-4955-8df4-1e1d2ccf2e9b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"15ae18d6-b7b9-4150-b242-3f6eaba9e947","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9521c535-1043-4b82-ba5d-e5eaeca500ee","name":"Anchor","type":"malware","source":"MITRE","software_attack_id":"S0504","tidal_id":"e7b27df9-7e39-5657-ad1c-c8e7a245573a","created":"2020-09-10T15:54:21.805000Z","modified":"2021-12-15T20:56:24.628000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"11d8729e-7635-465f-8629-e4a15e317e02","name":"Anchor_DNS","description":"<sup>[[Cyberreason Anchor December 2019](https://app.tidalcyber.com/references/a8dc5598-9963-4a1d-a473-bee8d2c72c57)]</sup><sup>[[Medium Anchor DNS July 2020](https://app.tidalcyber.com/references/de246d53-385f-44be-bf0f-25a76442b835)]</sup>","source":"MITRE","associated_software_id":"4c66b92a-bfac-4f12-a319-3a16b59f9408","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"02644803-c675-4edc-a3c9-3797b1272681","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1ccbdddb-1ad2-5dd9-a4aa-a824695aa7a5","name":"Android/AdDisplay.Ashas","type":"malware","source":"Mobile","software_attack_id":"S0525","tidal_id":"1ccbdddb-1ad2-5dd9-a4aa-a824695aa7a5","created":"2026-01-28T13:08:09.939271Z","modified":"2026-01-28T13:08:09.939272Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"eb1a3a9e-6083-5464-890a-0d3763b3bdef","name":"Android/Chuli.A","type":"malware","source":"Mobile","software_attack_id":"S0304","tidal_id":"eb1a3a9e-6083-5464-890a-0d3763b3bdef","created":"2026-01-28T13:08:09.938974Z","modified":"2026-01-28T13:08:09.938975Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"4b7da93d-3dfa-5a3c-802c-de1172bfb266","name":"ANDROIDOS_ANSERVER.A","type":"malware","source":"Mobile","software_attack_id":"S0310","tidal_id":"4b7da93d-3dfa-5a3c-802c-de1172bfb266","created":"2026-01-28T13:08:09.938131Z","modified":"2026-01-28T13:08:09.938133Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6d87a446-e598-5248-9414-4b760a84b657","name":"AndroidOS/MalLocker.B","type":"malware","source":"Mobile","software_attack_id":"S0524","tidal_id":"6d87a446-e598-5248-9414-4b760a84b657","created":"2026-01-28T13:08:09.938538Z","modified":"2026-01-28T13:08:09.938540Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"de821a5b-c5f4-5f29-9433-11ebdf7f3fbc","name":"Android/SpyAgent","type":"malware","source":"Mobile","software_attack_id":"S1214","tidal_id":"de821a5b-c5f4-5f29-9433-11ebdf7f3fbc","created":"2026-01-28T13:08:09.939141Z","modified":"2026-01-28T13:08:09.939142Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"69aac793-9e6a-5167-bc62-823189ee2f7b","name":"ANDROMEDA","type":"malware","source":"MITRE","software_attack_id":"S1074","tidal_id":"7943cf93-68d3-52d9-ac61-56c268686a7b","created":"2023-11-07T00:35:49.512865Z","modified":"2023-11-07T00:35:49.512871Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Suspected Turla Campaign February 2023](/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":null},{"id":"b6ca1007-4971-5c12-bd68-8224834499c0","name":"AndroRAT","type":"malware","source":"Mobile","software_attack_id":"S0292","tidal_id":"b6ca1007-4971-5c12-bd68-8224834499c0","created":"2026-01-28T13:08:09.938660Z","modified":"2026-01-28T13:08:09.938661Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8efa90ac-a894-467d-8633-16a44d270358","name":"Angry IP Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3114","tidal_id":"b525ba7b-dcb4-5af5-b843-02892be5f3fd","created":"2024-03-07T21:01:07.649796Z","modified":"2024-03-07T21:01:07.649799Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"23cdaef8-7297-49af-977a-28268970f3e6","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"e2433073-494f-47a1-a15d-2228bee5830a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"62cbdfc4-e52d-4a7b-9b72-142e88677e4c","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"30bb25cc-46ae-44b0-9986-b594b2088101","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a35bb162-34d5-4432-85a4-bf7781f678ff","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7de2b841-65cd-4df3-8711-4ed3183425ca","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"0d1963dd-06d0-4276-b6eb-f28794781abd","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6dd23125-3ca5-4cbd-b1d3-8115dd686c9b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5641843c-dd5b-40a4-af13-4eb2dd5c2482","name":"ANGRYREBEL.LINUX","type":"malware","source":"Tidal Cyber","software_attack_id":"S3756","tidal_id":"5c3c940e-2c73-5c72-90ce-8f81e9ded458","created":"2025-12-17T14:18:50.221259Z","modified":"2025-12-17T14:18:50.221263Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3160","group_id":"1313da23-bbc5-4724-a278-fd6ca5e561f0","name":"Earth Lamia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3161","group_id":"2b008386-ffdc-433d-9b09-1e2cf4f3a4a4","name":"Jackpot Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3163","group_id":"a80c62db-7e04-44a8-8692-945aa22e09d6","name":"UNC6586","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3164","group_id":"0ca3cd2f-9650-4b70-9a65-6a5b512554ca","name":"UNC6588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3165","group_id":"5f8d373c-6992-4a2b-8a86-a16cbd45165a","name":"UNC6595","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3166","group_id":"d92dff67-9704-4503-ad57-867bea3e6bfa","name":"UNC6600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3167","group_id":"0e6985de-e4c1-494b-8901-9aa491202f6f","name":"UNC6603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"cebff35b-2a7a-49fc-856c-ed245be0a55c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a7d670e6-7b60-40bd-bcf8-928c26d3c097","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9ec5d32e-e5f5-4b0b-8466-9462230ef9f4","name":"Ansible","type":"tool","source":"Tidal Cyber","software_attack_id":"S3613","tidal_id":"ff7499a1-9eb9-5222-9a1f-e62ff3d32c15","created":"2025-10-24T16:13:49.313032Z","modified":"2025-10-24T16:13:49.313036Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 BlackSuit October 14 2025](/references/5edcf0bf-1cd2-4f22-9d3c-be8eb1befda0)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5a1cb337-ed87-42c8-8d57-f5433df98604","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"c946183f-de35-4674-b86f-7212cae04690","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"49a8c4c0-bc85-41cb-8896-543fe9695b9e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1902bd9d-e647-4c02-a0c4-c3a454c93856","name":"AntSword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3591","tidal_id":"4d41269a-260c-58c6-990a-df771a441d12","created":"2025-10-13T17:29:24.986369Z","modified":"2025-10-13T17:29:24.986373Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud APT41 2024](/references/33bb9f8a-db9d-5dda-b4ae-2ba7fee0a0ae)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"0c13f94e-d36e-47a4-9ade-c300889bc9f7","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"51c76aed-7972-4858-9676-f02795e987b0","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"f8f32336-162a-49f0-b3c4-66d4da215341","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1df924b2-f882-49da-b88f-53abfa0d194b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"717c24ed-d2ce-568c-81a5-bb67aad5b1c2","name":"Anubis","type":"malware","source":"Mobile","software_attack_id":"S0422","tidal_id":"717c24ed-d2ce-568c-81a5-bb67aad5b1c2","created":"2026-01-28T13:08:09.938645Z","modified":"2026-01-28T13:08:09.938646Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2109ac0f-3136-42b6-9bb4-48e661ab752f","name":"Anubis Backdoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3458","tidal_id":"6ef2ef7e-4f15-5a87-bcee-524d43a2e456","created":"2025-04-08T16:39:01.312639Z","modified":"2025-04-08T16:39:01.312643Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8413360f-d325-4253-a455-01c888236785","name":"Anubis","description":"<sup>[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]</sup>","source":"Tidal Cyber","associated_software_id":"25ccddc9-98c5-4fe3-bbb1-8adb668ea95d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"db1d9b9d-2f73-46cc-8e44-f65e2a6bd97c","name":"AnubisBackdoor","description":"<sup>[[G DATA CyberDefense AG March 20 2025](/references/a9b00314-5a02-4fa8-9d34-27f05a71ff3c)]</sup>","source":"Tidal Cyber","associated_software_id":"f54ae1bd-ae88-406b-871c-e0a087819eca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"159f8e59-cfa4-4b6a-b15e-8fdb0973e0ec","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f8308bc1-68e0-4e55-9e7e-05668d7c531c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"14fa0748-b05a-413d-b221-d42baa2cff78","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"637b89c8-e3f4-4eee-a86d-846518f1c5be","name":"Anubis Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3502","tidal_id":"6c9b64d5-80de-501e-82a3-d0adbe6d775e","created":"2025-06-23T13:54:02.123259Z","modified":"2025-06-23T13:54:02.123264Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kelacyber February 25 2025](/references/321f34fb-b80b-4bd3-bceb-e51b6214b883)]</sup>","group_attack_id":"G3111","group_id":"8a280bdd-d14c-43ca-b5cb-bd68e1fda44a","name":"Anubis Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9e61945f-54f3-4903-9db0-210979bebf0b","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"f9417476-0f0d-476b-93b9-a58df59505ad","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"602e4072-411e-4aa0-9f52-4e65d548c030","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"97471dc9-c003-45f2-8979-274c5075f669","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"62601604-6a8b-41fb-8f0a-028e67299813","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e38e7539-90e4-4715-a2b3-30d6fe061876","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"922447fd-f41e-4bcf-b479-88137c81099c","name":"AnyDesk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3027","tidal_id":"2a9ce398-af06-5937-9280-7c60f52334b2","created":"2023-07-14T12:56:38.685537Z","modified":"2023-07-14T12:56:38.685541Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro Void Rabisu May 30 2023](/references/5fd628ca-f366-4f0d-b493-8be19fa4dd4e)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","group_attack_id":"G3157","group_id":"271cfdb6-e918-4a86-9289-c6a4d6b99ce4","name":"Water Gamayun","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike Scattered Spider SIM Swapping December 22 2022](/references/e48760ba-2752-4d30-8f99-152c81f63017)]</sup><sup>[[Sophos X-Ops Tweet September 13 2023](/references/98af96a6-98bb-4d81-bb0c-a550e765e6ac)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]</sup>","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Pioneer Kitten August 28 2024](/references/783f4aee-84d9-43dc-accc-99fee6b1ff92)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Google Cloud Blog November 10 2025](/references/343dab24-9d2e-4269-ab54-3dba4d684a9c)]</sup>","group_attack_id":"G3147","group_id":"ad1251f6-9d49-46ae-ac8e-27cefd099b26","name":"UNC6485","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[EclecticIQ May 14 2025](/references/cb0d3cb0-4a3c-4948-b58f-d3d745ef92a2)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft BlackByte 2023](/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Check Point Research Rhysida August 08 2023](/references/0d01416f-4888-4b68-be47-a3245549cec5)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)]</sup><sup>[[Secureworks North Korea IT Workers October 16 2024](/references/0eff6062-2b77-414b-a26e-fb0c2958d80d)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cisco Talos Q2 Trends July 26 2023](/references/f5367abc-e776-41a0-b8e5-6dc60079c081)]</sup>","group_attack_id":"G3014","group_id":"00b45c13-d165-44d0-ad6b-99787d2a7ce3","name":"8Base Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog August 28 2024](/references/940c0755-18df-4fcb-9691-9f2eb45e6441)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"07194be6-8e4e-40c4-8ad5-065d612f797e","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"dc0966ef-6389-430e-82b8-37c41c2b2a4b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b40b4ac9-bbfc-473b-8162-5b615461bc07","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"a95ce68f-9f40-496f-be1a-e53c1e73b98d","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"3418ba6c-b724-4f40-a802-170471674040","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"866116dc-7ff9-4f3d-93ba-689a8977d2cf","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"beb65313-54e8-4254-b025-444ea999d17f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"630c474f-1d06-4926-977f-aa00b1d531a2","tag":"fb06d216-f535-45c1-993a-8c1b7aa2111c"},{"id":"71cb82c8-06b1-4541-a822-bb10e3a87d4f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"03be6e9a-e0a0-495c-8ed0-6aecfab47b2b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4b9260c9-f092-40c9-b432-275fc2e5df57","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"47404122-536d-4de7-a6bc-daf8a0bed524","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"3ebc8d64-b939-4d54-b691-0e4596d9cec4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"e20bc410-2e49-4c33-b02d-4d4b6d4e0271","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"c966ce7c-480a-43eb-8a15-439aebdefecd","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d52fadf2-8b20-4f7c-95cb-dc3d2410aaf6","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"d42d4804-36c4-48f8-af7c-54300a49cd8d","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"7fb10cc5-8f1a-451b-a216-0d4350f8fce0","name":"AnyViewer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3505","tidal_id":"581d46df-bb37-58ef-9700-db2191241482","created":"2025-07-08T16:59:11.142258Z","modified":"2025-07-08T16:59:11.142261Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog June 30 2025](/references/3300c819-e236-40a2-a886-ce460876a2ca)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"24170101-a013-4e6a-b3e1-5f2fc473b020","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"af8a3e20-7e9f-4f97-a57d-c1f4a391b5c5","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9e49ee36-1805-456c-bff0-ff4d9450c8c3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"2a903973-d741-4032-9059-a923ad5c6afe","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6682b27a-4ec0-4c33-805a-e6ba1ae99334","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f525a28f-2500-585c-a1c7-063ecec8376e","name":"Apostle","type":"malware","source":"MITRE","software_attack_id":"S1133","tidal_id":"f525a28f-2500-585c-a1c7-063ecec8376e","created":"2024-10-31T16:28:03.506828Z","modified":"2024-10-31T16:28:03.506831Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) has used [Apostle](https://app.tidalcyber.com/software/f525a28f-2500-585c-a1c7-063ecec8376e) as both a wiper and ransomware-like effects capability in intrusions.<sup>[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b202e144-78a5-4315-9824-6388319d54dd","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"c78da8b4-5046-499c-ade5-6bd54f5b1bf0","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"93e478c6-80c9-4ca3-ad17-fc650332fdcc","name":"AppCert","type":"tool","source":"Tidal Cyber","software_attack_id":"S3479","tidal_id":"4622eebd-8abd-50fc-8ad3-6018173af70d","created":"2025-05-20T16:19:09.038516Z","modified":"2025-05-20T16:19:09.038519Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f9cd6051-ede8-4eb8-b614-e085f1a17bd2","name":"AppCert.exe","description":"<sup>[[AppCert.exe - LOLBAS Project](/references/bc17c39a-5865-4c1e-b60e-06005a7302c9)]</sup>","source":"Tidal Cyber","associated_software_id":"fb5b3d09-8704-449c-bbf2-b7ddd4f853bd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"88c7f6a8-c0e5-4c0e-81d9-84eba02fab81","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5c48ee09-a4e0-4a68-ba91-2e7151c5695b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9fa7c759-172f-4ae3-ac3d-0070c3c4c439","name":"AppInstaller","type":"tool","source":"Tidal Cyber","software_attack_id":"S3191","tidal_id":"acf924d4-16ff-5075-84d9-c2d583b9b8eb","created":"2024-01-12T14:47:40.956386Z","modified":"2024-01-12T14:47:40.956390Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a0005bf8-6217-4556-9f3e-a4578669d4b8","name":"AppInstaller.exe","description":"<sup>[[AppInstaller.exe - LOLBAS Project](/references/9a777e7c-e76c-465c-8b45-67503e715f7e)]</sup>","source":"Tidal Cyber","associated_software_id":"705af422-c1e8-48e4-97e1-8693ac97e3da","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"81c7378f-b443-4680-bfbe-45d994b234c6","tag":"837cf289-ad09-48ca-adf9-b46b07015666"},{"id":"967b4451-4db8-4d59-9d06-b9ec1ab0cdf5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"334b7e47-6bf1-4c02-a519-218f07d94c67","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3705aa3d-4885-4443-9d25-2bed73aa2579","name":"AppLauncher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3863","tidal_id":"0dffd33e-2899-5b55-a15c-a64fe71bf42e","created":"2026-01-06T18:05:04.485210Z","modified":"2026-01-06T18:05:04.485216Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b8c1e38f-0d0c-4d92-8a20-16f537c6ea5d","name":"AppLauncher.exe","description":"<sup>[[AppLauncher.exe - LOLBAS Project](/references/9efa0dc8-c36f-4648-b06f-341d8bdc2b2a)]</sup>","source":"USER","associated_software_id":"63b692e7-9ba0-40cf-bd9a-a747c2ddd192","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2d2b3d70-8685-48ca-aaf0-f41a245c46d2","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"cdeb3110-07e5-4c3d-9eef-e6f2b760ef33","name":"AppleJeus","type":"malware","source":"MITRE","software_attack_id":"S0584","tidal_id":"0d16e40f-4e2f-5ddd-b9f7-6a1646bdedf6","created":"2021-03-01T20:17:11.064000Z","modified":"2022-09-28T17:46:18.677000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA AppleJeus Feb 2021](https://app.tidalcyber.com/references/6873e14d-eba4-4e3c-9ccf-cec1d760f0be)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"303ae469-ff23-4c02-9e5a-69c51385fde6","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"},{"id":"d0aecae8-8500-4b31-a319-a4c1c3f4fd7b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"ef235cb1-728d-4c01-909f-67f30a9fd2ff","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9df2e42e-b454-46ea-b50d-2f7d999f3d42","name":"AppleSeed","type":"malware","source":"MITRE","software_attack_id":"S0622","tidal_id":"2854bcc3-7c8b-5cea-9a5b-b7cf6f08723b","created":"2021-06-10T14:53:49.448000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Malwarebytes Kimsuky June 2021](https://app.tidalcyber.com/references/9a497c56-f1d3-4889-8c1a-14b013f14668)]</sup><sup>[[KISA Operation Muzabi](https://app.tidalcyber.com/references/8742ac96-a316-4264-9d3d-265784483f1a)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f1f68208-90a7-4f22-b260-f26b9746c903","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1328ae5d-7220-46bb-a7ee-0c5a31eeda7f","name":"Appvlp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3327","tidal_id":"aca7d655-16ba-5e3e-b728-edbf2f77e748","created":"2024-01-12T14:48:27.711342Z","modified":"2024-01-12T14:48:27.711345Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"82eb4e28-3b8c-4f30-8524-c57d6bbf3500","name":"Appvlp.exe","description":"<sup>[[Appvlp.exe - LOLBAS Project](/references/b0afe3e8-9f1d-4295-8811-8dfbe993c337)]</sup>","source":"Tidal Cyber","associated_software_id":"b2e6135b-4a85-48a4-b654-8348a9e6a9b7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e66c2adf-46d1-411e-a2a9-0c0ee18b8a63","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"bde213b8-1e0c-4289-9a34-6b58a763671f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ef5e5376-82bf-4a24-b5e9-cbaae2d369ed","name":"AquaPurge","type":"malware","source":"Tidal Cyber","software_attack_id":"S3810","tidal_id":"4dc54b52-3e9a-572a-a4e7-aca5fe77ef2e","created":"2025-12-24T14:57:28.328627Z","modified":"2025-12-24T14:57:28.328630Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"619a8258-2744-4aa5-93ed-4d9ab6672bdb","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"971ed26b-ee08-447a-8dc4-7be41960fab3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2a5d152a-e449-4e67-87a9-5a353e26b555","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4bd9c0a3-e756-4228-9703-70d6cb57a2ef","name":"AquaShell","type":"malware","source":"Tidal Cyber","software_attack_id":"S3811","tidal_id":"4831e190-8379-5e08-9d12-65df5fd32adc","created":"2025-12-24T14:57:28.501049Z","modified":"2025-12-24T14:57:28.501052Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog December 17 2025](/references/1ef07f79-df28-441c-b4f6-b4e396a01353)]</sup>","group_attack_id":"G3182","group_id":"07beb42b-2609-4b33-9957-6e9511268431","name":"UAT-9686","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9cf1478e-3a38-405f-b0f9-7edf63627bac","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"5c166006-a93f-4617-80be-eece306b3116","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"f775a076-1834-4c9c-8b98-639bfa81d566","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"9ded3cc6-4e92-49e3-8d2f-69e46d19532c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b7ad52a2-7dc1-49fe-baa7-e407c2ecd74a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c0d43894-a6b9-4a87-a1c5-0bae9e872ea5","name":"AquaTunnel","type":"malware","source":"Tidal Cyber","software_attack_id":"S3812","tidal_id":"5a4186a5-a554-553f-b8c3-b5d27e8f202b","created":"2025-12-24T14:57:28.643994Z","modified":"2025-12-24T14:57:28.643997Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"ff970f14-94e2-4143-b093-51d77ae162ee","name":"ReverseSSH","description":"<sup>[[Cisco Talos Blog December 17 2025](/references/1ef07f79-df28-441c-b4f6-b4e396a01353)]</sup>","source":"USER","associated_software_id":"5c1ba2dc-76f3-4998-8a3a-d8d714f4cb6a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cisco Talos Blog December 17 2025](/references/1ef07f79-df28-441c-b4f6-b4e396a01353)]</sup>","group_attack_id":"G3182","group_id":"07beb42b-2609-4b33-9957-6e9511268431","name":"UAT-9686","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"04f2a2e0-9f00-4da0-91e5-a3cef9d1aec8","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"2dfc5ee1-2796-4784-a60c-a10fce01fc14","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"49bde0b1-d404-40d1-a27e-8d18b557ec56","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ba9d6e30-4787-4f5c-be33-52789eaa924d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5bf1ed41-8fe5-4c4b-8d80-a55980289e1f","name":"AresLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3001","tidal_id":"0f70fc61-c227-5e7f-aa6b-ca22df71f934","created":"2024-06-13T20:12:24.971927Z","modified":"2024-06-13T20:12:24.971932Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ccc6544d-e6f8-4195-ae7a-8776cccb94f5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bbebc35f-7cf8-41a5-91c5-2e9822ad49cc","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"5b950e45-00e0-4f2c-8a81-0bd473c1ba11","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7ba79887-d496-47aa-8b71-df7f46329322","name":"Aria-body","type":"malware","source":"MITRE","software_attack_id":"S0456","tidal_id":"b514b1a4-6809-5235-a0bc-c9538deb67f9","created":"2020-05-26T19:36:04.663000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CheckPoint Naikon May 2020](https://app.tidalcyber.com/references/f080acab-a6a0-42e1-98ff-45e415393648)]</sup><sup>[[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"45b51950-6190-4572-b1a2-7c69d865251e","name":"Arp","type":"tool","source":"MITRE","software_attack_id":"S0099","tidal_id":"b48818d9-c192-5a2f-9ed3-effa5b8a811c","created":"2017-05-31T21:33:02.428000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1a897efb-d18b-4e39-a7e0-73d995ee0e5a","name":"arp.exe","description":"","source":"MITRE","associated_software_id":"993a4563-9d3f-41b3-b677-430dbaf9bf30","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) used [Arp](https://app.tidalcyber.com/software/45b51950-6190-4572-b1a2-7c69d865251e) to identify connected hosts in victim networks.<sup>[[FBI BlackByte 2022](https://app.tidalcyber.com/references/b206b4fd-7c8a-5e5c-a0a4-737a5502df80)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4289095a-7e21-4a8b-8c62-f9ea5d3c9b9f","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5000e8fe-3439-4c8b-974f-e02caa487558","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"caed9927-222d-4a99-a9a1-8634abb5ad6e","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"a11d0686-56c7-4d6e-b136-caf88483c3fe","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"9b4bb2f3-fdbf-43ee-9518-ba774a011be4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"07bfd264-a8f4-46a5-89a4-a4b482b41b80","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a468a714-48ab-4f7b-8078-6f9705725136","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"8bd5fd2d-b967-494d-a0d8-28ca4d6cb0d9","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"449d3ef2-f46d-4e26-b809-d673b36cd090","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"32b05eb2-2355-4d08-83cc-0c161a323718","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"8e1da8da-0790-4b78-98b1-a7845df74a1b","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9571fe2b-0c0c-4d38-8245-0d8dec8c7f34","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"dfc7ec48-2773-4d78-bf96-cf2bada745b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"2bd40626-f716-5d07-a877-e59192382124","name":"Asacub","type":"malware","source":"Mobile","software_attack_id":"S0540","tidal_id":"2bd40626-f716-5d07-a877-e59192382124","created":"2026-01-28T13:08:09.938690Z","modified":"2026-01-28T13:08:09.938692Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"641aa64f-a545-403e-889e-9f5ebac60d0a","name":"Trojan-SMS.AndroidOS.Smaps","description":"<sup>[[Securelist Asacub](https://app.tidalcyber.com/references/fd6a22c3-59e4-5f4f-a662-f6ab24a0e89f)]</sup>","source":"Mobile","associated_software_id":"b27ab02c-6f45-579f-95f5-01e2025ae33b","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"18b7c7dc-9e6f-4050-9030-748497a336c3","name":"AshenLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3806","tidal_id":"5e050e4a-3364-56c4-ae5e-3da303df8e8b","created":"2025-12-24T14:57:27.740161Z","modified":"2025-12-24T14:57:27.740165Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"25c5729a-4487-42bc-b26a-b2e8fe950a21","name":"IronWind (evolution)","description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","source":"USER","associated_software_id":"1e368676-596d-4b33-9291-8bb8763debd3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a1ccc210-10ab-477c-a508-ebb9c475275e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"db29ebe7-69e6-4622-bd8a-6c8edf49df94","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"f80a1b57-2168-4fd5-9d87-0a0146823efc","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0d1c89a8-8ffc-4ca1-bd0b-ea655ba06e67","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"362e96f9-68de-4eb5-a326-84197fdc4875","name":"AshenOrchestrator","type":"malware","source":"Tidal Cyber","software_attack_id":"S3807","tidal_id":"8a4982a8-144f-5dce-9091-7877082a51ae","created":"2025-12-24T14:57:27.890369Z","modified":"2025-12-24T14:57:27.890372Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c6f39ddd-eaaa-431c-a9de-6884e9515e9c","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"c5303c63-3942-4bd5-acca-7b104b0541e8","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"f03b7f86-f682-493c-a9eb-56fe1c50c1c4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8f303cbe-3766-42fa-8b3e-7ad74539449b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"50bf3296-7690-4f37-a39c-e94fea6e3aea","name":"AshenStager","type":"malware","source":"Tidal Cyber","software_attack_id":"S3808","tidal_id":"1f264a6d-7983-54c2-856f-87f2cab30fb8","created":"2025-12-24T14:57:28.042104Z","modified":"2025-12-24T14:57:28.042108Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"558996e7-0107-4ec4-a6b0-dca1f4465e54","name":"Stager-X64","description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","source":"USER","associated_software_id":"b0722475-6f45-4997-b713-897e14849cc9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"67918ae4-0a9b-470c-aad8-a8e5b272eb28","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"5253262c-a0f9-48b2-ae8f-b97d7f65fe44","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5777a901-bd11-432a-9869-f254966102aa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7b985f6e-e1b6-4eac-98bc-5e6454b07a1a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a929b5ae-a867-4db7-884c-84d674c3a797","name":"AshTag","type":"malware","source":"Tidal Cyber","software_attack_id":"S3805","tidal_id":"e75f7b78-e65b-5df8-80b3-33f642bf0191","created":"2025-12-24T14:57:27.598612Z","modified":"2025-12-24T14:57:27.598616Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4d90080f-7165-403f-b166-95868857ddbf","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"af29eb00-9602-49d1-8137-cb282b9861c4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0f66ab6d-8700-44d9-870b-109f2e672d68","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"496290f7-bed7-42c4-8fd9-e686bbad0802","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"44c72ef0-095d-49e5-a85b-121322427d34","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8a2a07f9-7f32-4f3c-9657-5df11e407162","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"46c1fad6-23a4-4dbc-a9a5-ff43b1902d5e","name":"Asnarok","type":"malware","source":"Tidal Cyber","software_attack_id":"S3409","tidal_id":"3b889f52-83e2-545c-8d4b-be5861ea9c33","created":"2024-11-08T20:32:53.774123Z","modified":"2024-11-08T20:32:53.774128Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"cda9bf8a-fb47-43f4-9700-5603eb7fd34f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e8f04482-9918-48cc-a3f3-48c7a6d39589","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fefe1455-c699-4329-9648-150947821a10","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"42763dde-8226-4f31-a3ba-face2da84dd2","name":"Aspnet_Compiler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3192","tidal_id":"0499fe74-8b8f-5e9d-a09f-2b36880eceb2","created":"2024-01-12T14:47:41.337665Z","modified":"2024-01-12T14:47:41.337669Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6274b140-4eaf-42ed-9b08-ed971779ac2e","name":"Aspnet_Compiler.exe","description":"<sup>[[Aspnet_Compiler.exe - LOLBAS Project](/references/15864c56-115e-4163-b816-03bdb9bfd5c5)]</sup>","source":"Tidal Cyber","associated_software_id":"dd35fa20-68de-455d-8994-914b23cf51a6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securonix January 05 2026](/references/314a9db4-8a16-4732-aa23-b24b38897943)]</sup>","group_attack_id":"G3197","group_id":"a28a00b1-dbee-448c-9f91-690dcca00de8","name":"PHALT#BLYX Threat Actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c0a69610-ab30-43a4-8cc8-1b4ffb07561d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ebeb0279-2fac-485d-93b5-38f0041e326f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"13aa0107-813e-4ffc-ad8f-460fcd053ced","name":"ASP.NET Web BackDoor","type":"tool","source":"Tidal Cyber","software_attack_id":"S3576","tidal_id":"eff88d9e-c79b-592d-86b0-784e2486a697","created":"2025-10-13T17:29:22.869984Z","modified":"2025-10-13T17:29:22.869988Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"729e2f29-de46-4ed0-ab5a-965ebe43e545","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"be67975b-6c51-42d6-9488-1e79cff7b147","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"75a5982d-0d8c-4696-be9b-c7aed4e232bf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"11f2ff86-56b7-4d44-be38-aa0cb44cee96","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a0cce010-9158-45e5-978a-f002e5c31a03","name":"ASPXSpy","type":"malware","source":"MITRE","software_attack_id":"S0073","tidal_id":"e0d13e16-b5d2-5e38-bf36-1550c3f029b1","created":"2017-05-31T21:32:47.879000Z","modified":"2022-09-22T20:56:06.265000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"22f3ef46-ae31-45c9-8c4a-7be682c2a7ea","name":"ASPXTool","description":"","source":"MITRE","associated_software_id":"70694414-648a-487b-8eaf-beb2cc5ea348","owner_id":null,"owner_name":null}],"groups":[{"description":"[Threat Group-3390](https://app.tidalcyber.com/groups/79be2f31-5626-425e-844c-fd9c99e38fe5) has used a modified version of ASPXSpy called ASPXTool.<sup>[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]</sup><sup>[[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) relies on web shells for persistent access post exploitation, with an emphasis on variants of [ASPXSpy](https://app.tidalcyber.com/software/a0cce010-9158-45e5-978a-f002e5c31a03).<sup>[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Volexity Exchange Marauder March 2021](https://app.tidalcyber.com/references/ef0626e9-281c-4770-b145-ffe36e18e369)]</sup>","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2bfaa7e5-492f-4bae-8142-fcc88cb9bc23","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"76f4c06d-76a6-4985-b252-0208edc1cb18","name":"AssemblyExecuter","type":"malware","source":"Tidal Cyber","software_attack_id":"S3569","tidal_id":"7431e8ad-8a36-5c5c-afdb-f2f25e1d0249","created":"2025-10-13T17:29:21.828224Z","modified":"2025-10-13T17:29:21.828228Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"81b227a4-f9f8-403b-a114-423def7951c7","name":"AssemblyExecuter V2","description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","source":"USER","associated_software_id":"eeecbb26-e36a-4ac9-9ba1-ee32d4c420de","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"fdd47dfd-eca7-43a1-a54d-d91c3b1a87fd","name":"AssemblyExecuter V1","description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","source":"USER","associated_software_id":"e653fbcd-59d9-484b-9b7e-363a02ed2d93","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8a333845-37be-4eab-97de-933821e6857e","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"3d63d799-44a2-49b7-81b3-09b04f814505","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"6f338ddf-6245-4c06-b8b0-137fe594afc2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"189dbaff-419f-4869-9d9b-43033d881af6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0adcfe3a-e2db-4600-b823-b71b63cb2632","name":"Assetnote Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3736","tidal_id":"fa13a349-9051-5cca-9cc4-e229684ec7cd","created":"2025-12-10T14:15:04.089286Z","modified":"2025-12-10T14:15:04.089290Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[{"id":"341832bf-e2b6-40b9-94ea-7206143a356c","name":"Network scanner for Next.js","description":"<sup>[[VulnCheck December 08 2025](/references/51c3ec28-7ff0-4266-9d22-eb13ed6c487d)]</sup>","source":"USER","associated_software_id":"af221e3a-656d-4652-8c4c-59b1e1d9db85","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"99b3c217-ea82-4b4c-9ddb-8c8a960f9a99","name":"react2shell-scanner","description":"<sup>[[Huntress December 09 2025](/references/daa411cf-b40b-445a-81f8-7b851ef15e00)]</sup>","source":"USER","associated_software_id":"162cca60-578c-4e66-92ee-ad5da58c1dee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d6444d27-2623-41f3-8d71-3af2f820766e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d7440cbd-d07f-4ca5-9f19-fea41a54f556","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ea719a35-cbe9-4503-873d-164f68ab4544","name":"Astaroth","type":"malware","source":"MITRE","software_attack_id":"S0373","tidal_id":"b073f636-37a9-5bf7-98d9-5ac11d1b0cc6","created":"2019-04-17T13:46:38.565000Z","modified":"2020-12-08T21:14:48.861000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f49f4dfa-0011-4a27-9f13-ebd4b7b6eb0a","name":"Guildma","description":"<sup>[[Securelist Brazilian Banking Malware July 2020](https://app.tidalcyber.com/references/ccc34875-93f3-40ed-a9ee-f31b86708507)]</sup>","source":"MITRE","associated_software_id":"02f01a87-3a6f-4344-9241-653118990361","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Acronis January 08 2026](/references/67e63f34-e4c6-4c6c-9d79-758c8b1ca7ff)]</sup>","group_attack_id":"G3202","group_id":"f0de217f-3520-43ab-a9e1-f1cffd1d3963","name":"Astaroth Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e49a6188-46b4-4b09-88d7-28a6e1805455","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"ea319ae5-8b8a-4822-8207-6726058042e5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"fefc9524-4aec-40f0-98fb-62f38cb3de94","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"bc86d5cb-1909-4819-9c6b-40d617a3ecae","name":"Astrill VPN","type":"tool","source":"Tidal Cyber","software_attack_id":"S3506","tidal_id":"e2ed9998-dd31-5f95-820b-a0ceef4a769b","created":"2025-07-08T16:59:11.354941Z","modified":"2025-07-08T16:59:11.354946Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog June 30 2025](/references/3300c819-e236-40a2-a886-ce460876a2ca)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fe8410b2-77fd-4337-aebd-e0d5687e74a0","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f98a79e1-aef5-479e-82ab-f7b1c0fec6e2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"b0475f99-8d29-4f71-90da-362baf2b8cb2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d63b58d7-3892-45d0-9936-cb82c0602a9c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d587efff-4699-51c7-a4cc-bdbd1b302ed4","name":"AsyncRAT","type":"tool","source":"MITRE","software_attack_id":"S1087","tidal_id":"eb0f5e71-7ec0-5c4a-bbe2-4d576610ed85","created":"2023-11-07T00:35:50.810907Z","modified":"2023-11-07T00:35:50.810912Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup><sup>[[Morphisec Snip3 May 2021](https://app.tidalcyber.com/references/abe44c50-8347-5c98-8b04-d41afbe59d4c)]</sup><sup>[[Cisco Operation Layover September 2021](https://app.tidalcyber.com/references/f19b4bd5-99f9-54c0-bffe-cc9c052aea12)]</sup><sup>[[Telefonica Snip3 December 2021](https://app.tidalcyber.com/references/f026dd44-1491-505b-8a8a-e4f28c6cd6a7)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[jstnk9.github.io June 01 2022](/references/4e7f573d-f8cc-4538-9f8d-b945f037e46f)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6dbeb9b2-60e9-48ea-a029-0fc417554331","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"01e2c50e-4bde-4b24-a5aa-cc55c5f1901f","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"63488d16-4db1-45ce-b03e-b5f250015fee","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"be5156b9-ddf2-48c1-955f-52c8e9a39bc4","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8df9ed64-9ee9-41e2-8667-477c73dac4fc","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"302a830e-6b80-47de-b763-0b72a60ff809","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"2bd7155f-df55-4c71-beba-d04ce2b9cd2c","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"4b842edc-7fa2-43f2-83f4-8713dd06d722","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9ec9c79e-abec-4ed8-9ffb-af04026127d2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"94fe3bc7-6332-4bfc-80e8-8db8c94a9189","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"3307678c-62ba-4b81-81f1-8598b4ed1c6c","tag":"d431939f-2dc0-410b-83f7-86c458125444"}],"owner_name":null},{"id":"af01dc7b-a2bc-4fda-bbfe-d2be889c2860","name":"at","type":"tool","source":"MITRE","software_attack_id":"S0110","tidal_id":"df6dd96b-c6c1-5ac3-ac44-a78d48d533e0","created":"2017-05-31T21:33:06.824000Z","modified":"2022-09-22T20:56:56.049000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d731100e-185c-488b-8861-cd5a71f11475","name":"at.exe","description":"","source":"MITRE","associated_software_id":"96ce505e-9144-473a-b197-0846ae712de8","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT40 March 2019](https://app.tidalcyber.com/references/8a44368f-3348-4817-aca7-81bfaca5ae6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"213aa71f-c9d7-4ae4-ba69-4c5bcac7ab19","tag":"5bc4c6c6-36df-4a53-920c-53e17d7027db"},{"id":"89cad735-6eb2-4bac-817f-00a5a9a549eb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8ec65a58-c47c-4c47-9801-1be94691a18f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"2efae55c-86f3-4234-af26-1c75e922d81a","name":"Atbroker","type":"tool","source":"Tidal Cyber","software_attack_id":"S3194","tidal_id":"1b80f155-516a-5922-9e33-20734818e1da","created":"2024-01-12T14:47:41.703098Z","modified":"2024-01-12T14:47:41.703102Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"501b5a8f-93c2-4627-8944-52d0b80d91ad","name":"Atbroker.exe","description":"<sup>[[Atbroker.exe - LOLBAS Project](/references/b0c21b56-6591-49c3-8e67-328ddb7b436d)]</sup>","source":"Tidal Cyber","associated_software_id":"15e08d84-1977-4cc5-a73a-bd1cadff4bf0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"de6e18a8-c8d7-43e0-8b2d-be5308f3ca33","tag":"85a29262-64bd-443c-9e08-3ee26aac859b"},{"id":"66463781-7340-4237-9b0b-dc0afc6564a3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d5d93d1f-8865-45e7-88cf-ec25361e7cd7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0d74bc70-605e-43a9-b9c7-652d97dd32fd","name":"Atelier Web Remote Commander","type":"tool","source":"Tidal Cyber","software_attack_id":"S3649","tidal_id":"91f37909-0208-502d-96c6-ac0b0c9f2ada","created":"2025-11-19T17:45:41.746871Z","modified":"2025-11-19T17:45:41.746874Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"41d96fa9-0975-4a1e-8bbe-085eee59db34","name":"AWRC","description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","source":"USER","associated_software_id":"9f131075-fb6d-4d4b-99b6-135d3ce41071","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"51276c80-3707-4f81-88fd-eab9c0eba0c5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"16a01540-be95-4858-a0f3-68e110696d6d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f8113a9f-a706-46df-8370-a9cef1c75f30","name":"Atera Agent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3008","tidal_id":"b248e4c7-6d02-57c3-a987-b42d6e77ca8c","created":"2023-07-14T12:56:40.500101Z","modified":"2023-07-14T12:56:40.500105Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9ac11c79-a88d-4290-a18b-b3ad93350dd3","name":"Atera","description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","source":"USER","associated_software_id":"47eefc9d-5f96-49d5-aa65-5fefbf7655d9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos X-Ops Tweet September 13 2023](/references/98af96a6-98bb-4d81-bb0c-a550e765e6ac)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET APT Activity Report Q4 2023-Q1 2024](/references/896cc899-b667-4f9d-ba90-8650fb978535)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c7a40242-28f8-4660-b865-b020af4ecbf7","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"13addcea-987d-442c-a82b-f3f2e45f4b9c","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"735ad8f6-cab7-4b74-8c62-211aa7e855e8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"82884b4d-53e8-41ed-9a9e-e2c27c953524","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"8c78032b-cc8c-409a-986b-ae222a2f3e5d","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"e9bd8ae4-46e4-4e48-a9e7-afb61bf9922a","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"e076fccb-e5db-4467-831b-d3bd7d7acdfe","tag":"9a5ed991-6fe7-49fe-8536-91defc449b18"},{"id":"09d035b1-04b0-4f75-9d11-1871add6a75b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"66cfef5c-d946-4a6b-bd0c-0b70e33c3c60","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"86717996-8559-43eb-b752-7adfe32c6493","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"335fb7e7-0b92-448c-8640-f22183751173","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"3e1d82de-34eb-4542-9cf6-0c43f8b75cd2","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"240acdf2-716b-41f4-a4d3-1dc371df281a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"626c5b2c-899d-400c-bcc3-a5598bdda118","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6609a013-1c90-454d-9d75-c2ea7250bbf7","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"d9e58e1c-f61f-41ad-bec0-7b0d16470cbe","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"0dc7fbe0-61c0-4ab0-9df3-8b547aa59676","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"ce914eea-8db9-425b-8ae2-a56a264b4951","name":"Atomic Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3127","tidal_id":"356ed500-ee81-53f0-b7ff-717a8f47aa37","created":"2024-06-13T20:12:33.291701Z","modified":"2024-06-13T20:12:33.291704Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"f11a17e8-a9b9-4bea-a257-456ac0fe0392","name":"Atomic macOS Stealer","description":"<sup>[[Trend Micro September 04 2025](/references/a8f04ece-adbd-4319-b62f-2554d287a61e)]</sup>","source":"USER","associated_software_id":"c6c37b76-a6e7-4af0-a2b2-d7c5f00cfb69","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6696c2da-59c1-4259-9eeb-77d478fd9d9a","name":"AMOS","description":"<sup>[[Trend Micro September 04 2025](/references/a8f04ece-adbd-4319-b62f-2554d287a61e)]</sup>","source":"USER","associated_software_id":"f256c5fa-e370-4236-b034-cd6bda1134fd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"72c30da0-bd79-47c6-b2a4-7c2d88857dc1","name":"AMOS Stealer","description":"<sup>[[Huntress December 09 2025](/references/daa411cf-b40b-445a-81f8-7b851ef15e00)]</sup>","source":"USER","associated_software_id":"ae68248c-4bd1-49ff-9229-abf193812744","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro September 04 2025](/references/a8f04ece-adbd-4319-b62f-2554d287a61e)]</sup>","group_attack_id":"G3177","group_id":"29243321-228e-4d45-99a3-848c7fc1dbd1","name":"Water Daruanak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"78479f86-b8af-4e83-ab55-c9e44ab16fd7","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"26a16197-5fa6-4321-9511-d22c454ab8ec","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"011f8a94-1063-4bc5-a28b-358d0987d687","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"dff8447a-5e3c-47f1-a945-6bfdbd653b67","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"cb4b7705-372c-4cda-90d5-fa1e5665ef67","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"4626665b-29e3-463b-aa54-2c4e22eb732b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"538b2ae9-7209-4a3b-991f-f7ac459c8c48","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"89c35e9f-b435-4f58-9073-f24c1ee8754f","name":"Attor","type":"malware","source":"MITRE","software_attack_id":"S0438","tidal_id":"21053716-663c-51a4-b6be-0d1209328fea","created":"2020-05-06T20:26:15.141000Z","modified":"2020-07-07T12:35:11.897000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2e25bdd2-3659-5f01-84a9-9b43dc13c8b6","name":"attrib","type":"tool","source":"MITRE","software_attack_id":"S1176","tidal_id":"2e25bdd2-3659-5f01-84a9-9b43dc13c8b6","created":"2025-04-22T20:47:02.530779Z","modified":"2025-04-22T20:47:02.530782Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0504ba3e-6c56-569e-b584-54fcccbbf336","name":"attrib.exe","description":"","source":"MITRE","associated_software_id":"5c32f86f-5ec6-417d-ac99-67bd67f7acd5","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"09d1e32b-548f-482f-919b-5bd3f8648b67","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"d0c25f14-5eb3-40c1-a890-2ab1349dff53","name":"AuditCred","type":"malware","source":"MITRE","software_attack_id":"S0347","tidal_id":"f690201a-5428-5c10-8a29-21d26e85418d","created":"2019-01-30T15:47:41.018000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"259e2844-8b29-4310-abbb-44e3985586a0","name":"Roptimizer","description":"<sup>[[TrendMicro Lazarus Nov 2018](https://app.tidalcyber.com/references/4c697316-c13a-4243-be18-c0e059e4168c)]</sup>","source":"MITRE","associated_software_id":"cf4b3cc1-c60a-43ac-8599-fce5dbade473","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[TrendMicro Lazarus Nov 2018](https://app.tidalcyber.com/references/4c697316-c13a-4243-be18-c0e059e4168c)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"37264647-7582-415f-9b55-0919a1ce9a2a","name":"AuKill","type":"malware","source":"Tidal Cyber","software_attack_id":"S3459","tidal_id":"27c7b503-10d5-5bc3-b2eb-5187ae99ea84","created":"2025-04-08T16:39:01.633354Z","modified":"2025-04-08T16:39:01.633358Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1e38576b-a146-4606-8dff-126806a46daf","name":"AvNeutralizer","description":"<sup>[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]</sup>","source":"Tidal Cyber","associated_software_id":"15c33bfb-8f93-4e10-9878-6571cdff58c1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[The Hacker News April 2 2025](/references/22857eb3-b5f7-4677-bf5c-bc993f483450)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","group_attack_id":"G3015","group_id":"55b20209-c04a-47ab-805d-ace83522ef6a","name":"MedusaLocker Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"76912d0d-07e0-4012-9233-e2560fa430bb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"8f987bc8-c605-4701-80a6-70e8ac86c874","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"d6fc908e-9020-4e81-9c9e-9e0a5f2456ec","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"50cd15e6-f849-4e15-b3d2-9784ed92b7e3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6be753bb-cda8-4a37-a425-7457a5a10f98","name":"Auto-color","type":"malware","source":"Tidal Cyber","software_attack_id":"S3743","tidal_id":"14b4fe05-92e9-5113-8f83-33e197211446","created":"2025-12-17T14:18:48.259721Z","modified":"2025-12-17T14:18:48.259725Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"28e04208-66e7-4660-ba34-d9534bf36bb6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cc79e7e1-88e0-4780-ae6a-3255f8ca660f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3f927596-5219-49eb-bd0d-57068b0e04ed","name":"AutoIt backdoor","type":"malware","source":"MITRE","software_attack_id":"S0129","tidal_id":"7e8cb223-d7de-5a3b-a250-fd76854efa6c","created":"2017-05-31T21:33:14.551000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ecb06369-f049-47a8-a408-4ac27f1bc2c7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"984249bd-6421-4133-bd2a-25f330b4b441","name":"Automim","type":"tool","source":"Tidal Cyber","software_attack_id":"S3117","tidal_id":"1d808e8e-527f-5cbe-90d7-9fabf0953dec","created":"2024-03-07T21:01:08.766419Z","modified":"2024-03-07T21:01:08.766423Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2d8e773b-d2c2-4d9d-85a3-3427eac62eac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5e31e927-c537-4111-9d36-89c555f026a5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"a5e1e5fa-dad2-4714-8082-faf8bf5415c1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ba725640-ec01-4f5c-95d3-207cdb08519a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0835a5d6-555b-4e3d-9319-612c18d6c1bc","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"649a4cfc-c0d0-412d-a28c-1bd4ed604ea8","name":"AuTo Stealer","type":"malware","source":"MITRE","software_attack_id":"S1029","tidal_id":"bbff90e9-290f-506b-bfcb-3f7500077047","created":"2022-08-07T15:31:14.540000Z","modified":"2022-08-24T16:37:25.008000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1008","group_id":"31bc763e-623f-4870-9780-86e43d732594","name":"SideCopy","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8e50454c-b2de-45eb-a262-95656594bf0b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"9e601922-5e55-4dab-9d63-ee9d0f5a76a5","name":"Autumn Dragon Final Backdoor (Stage 4)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3792","tidal_id":"9aa6c627-d1ea-5487-81d3-9951defd0be6","created":"2025-12-24T14:57:25.651891Z","modified":"2025-12-24T14:57:25.651895Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","group_attack_id":"G3178","group_id":"3be36063-6383-42b5-ad7e-f41abf84f1ae","name":"Autumn Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4b92cab4-e26c-48f6-b13c-3d7dc245fb1a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e83f6786-5a0f-4edf-ad9c-49ea1f3747fe","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"0f1726b5-66b1-43f1-b78b-f74ea6cc286d","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"d6284956-2fc2-472e-ab38-914a6d86ed0f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c0191bea-3438-4a25-9e66-c5cdd3ca485b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"17c23d69-9915-41fd-ac48-2735d468aff3","name":"Autumn Dragon Stage 2 Backdoor (libcef.dll)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3793","tidal_id":"63c47f3e-3027-5ddd-b357-f10c5254531e","created":"2025-12-24T14:57:25.801246Z","modified":"2025-12-24T14:57:25.801249Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","group_attack_id":"G3178","group_id":"3be36063-6383-42b5-ad7e-f41abf84f1ae","name":"Autumn Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6f406927-85e1-4015-9364-3b549c5188d2","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"f9fb0379-5fd0-4fc4-a8c8-53e57f21c2da","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d4a6b84f-3308-4b9a-bca1-8d30d48c2d86","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"6f68ace8-a0e4-4a53-b1e1-89a2e223679d","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"e4dd7065-fed2-4e9c-9c9e-98f52056dc0f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8ff22a51-98be-49b9-bc3b-64cb9b542fe2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"17700df0-b452-48ce-be9a-67142b38863a","name":"Autumn Dragon Stage 3 Loader (CRClient.dll)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3794","tidal_id":"2831e3cd-1bbf-5c6c-b91a-b6838431422c","created":"2025-12-24T14:57:25.945286Z","modified":"2025-12-24T14:57:25.945290Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","group_attack_id":"G3178","group_id":"3be36063-6383-42b5-ad7e-f41abf84f1ae","name":"Autumn Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"73dbfa28-58f1-479d-9ecf-db83868f92c4","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"59dba10b-067b-4f2c-a6a4-9cbd4b6d452f","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"0f03fea8-2c2e-44ca-981f-a3d15cb5ad59","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"ccc0d366-8d40-4518-8bd3-858afdbfed60","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b5007eaf-99cb-46d5-853d-823016accb63","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"86ac70be-3c8e-4ff1-8cbf-430cfe5d13c5","name":"av-1m.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3894","tidal_id":"f0651264-b08e-52e9-9b16-e6d3399cee87","created":"2026-01-14T13:31:31.263230Z","modified":"2026-01-14T13:31:31.263234Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1fbb2209-778c-47da-8485-92e66270bcb2","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"cceceb9c-cec2-4ca4-9dad-a5c8c937a2da","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ffc880c9-7278-45e8-abba-4c428f971cc0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"bad92974-35f6-4183-8024-b629140c6ee6","name":"Avaddon","type":"malware","source":"MITRE","software_attack_id":"S0640","tidal_id":"23be68c2-00aa-543d-bc6c-78206e135807","created":"2021-08-23T19:38:33.073000Z","modified":"2021-10-18T21:41:22.437000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"b30ea359-ed82-45bd-826f-c6713b9eea74","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"f17d2b08-f738-491d-856a-5c11d952896f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"83268021-8e45-49b9-a4ad-9c211259acd6","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"e5ca0192-e905-46a1-abef-ce1119c1f967","name":"Avenger","type":"malware","source":"MITRE","software_attack_id":"S0473","tidal_id":"f597e854-73da-54e9-a334-d7854a62f0dd","created":"2020-06-11T15:24:48.709000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"68f78ac3-54e3-4a11-9438-9e46980e2a8a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"e792dc8d-b0f4-5916-8850-a61ff53125d0","name":"AvosLocker","type":"malware","source":"MITRE","software_attack_id":"S1053","tidal_id":"1305ad62-9646-5860-bed1-e045828fa8ad","created":"2023-05-26T01:20:52.078066Z","modified":"2023-05-26T01:20:52.078071Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"aa6c7536-63d7-4ee2-bdc3-c31b4b940276","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"067e53e3-8c66-43f0-b830-dab83df89976","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"cace509e-2729-4ae0-8da4-78ebdaef709b","tag":"c3779a84-8132-4c62-be2f-9312ad41c273"},{"id":"f5a97f95-4ccf-42bc-8ed7-7305fc590370","tag":"ce9f1048-09c1-49b0-a109-dd604afbf3cd"},{"id":"73c82c9f-8f95-4ea0-a031-53ac0284a175","tag":"fe3eb26d-6daa-4f82-b0dd-fc1e2fffbc2b"},{"id":"54fd8b77-8cd1-41e3-8fcc-ee54b7567897","tag":"9e4936f0-e3b7-4721-a638-58b2d093b2f2"},{"id":"f5be0234-4d0d-49ac-87bb-2ec09f592e5e","tag":"24448a05-2337-4bc9-a889-a83f2fd1f3ad"},{"id":"a031ca41-36e1-4da6-86b1-f1cb9bf46ac1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a7d1c58f-55d9-4012-89c7-7f97d241114f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"7c877b25-4eef-49be-b7cb-ae61a4d2bfdf","name":"awk","type":"tool","source":"Trellix TIG","software_attack_id":"S3462","tidal_id":"67eecaab-5f46-59f5-a69c-7de2aa2c8162","created":"2025-04-11T15:06:52.670041Z","modified":"2025-04-11T15:06:52.670045Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"8931f23b-506a-4234-948d-d020160520b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2f0358dd-2461-4061-97b9-f8b73cc5670b","name":"AWS CLI","type":"tool","source":"Tidal Cyber","software_attack_id":"S3632","tidal_id":"ad6abae9-7de7-5fb9-9f45-f06404ddafd0","created":"2025-11-19T17:45:39.235844Z","modified":"2025-11-19T17:45:39.235847Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c2b8bfc5-733c-4799-8194-c1c77db20468","name":"aws-cli","description":"<sup>[[Unit 42 August 23 2024](/references/d6c50145-2bf9-4f7c-97b9-81cc2e1575f2)]</sup>","source":"USER","associated_software_id":"e7f8ca7f-4a32-4155-8adb-42ebcaac8ff4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"06e92b5b-1bb8-49b4-834a-e135f2562148","name":"AWS Command Line Interface","description":"<sup>[[Unit 42 August 23 2024](/references/d6c50145-2bf9-4f7c-97b9-81cc2e1575f2)]</sup>","source":"USER","associated_software_id":"e6eadb99-0007-46cb-809b-de6e1f17c5bd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Unit 42 August 23 2024](/references/d6c50145-2bf9-4f7c-97b9-81cc2e1575f2)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5aa1110f-d034-488f-9679-7e6ba3dcd829","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"86640026-975e-4f43-9688-78c91f17f68e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"aab3287b-932a-4208-af5e-d10abffb188b","name":"AzCopy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3187","tidal_id":"0fb6175b-99bb-5622-b686-7f6dfcea44cc","created":"2024-09-20T15:10:54.207003Z","modified":"2024-09-20T15:10:54.207007Z","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"15b7cc2a-bea1-4357-b416-6f54591d8012","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"79f49d8e-15d0-48fa-894b-df20ff0f079f","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"d5b4950c-b1b8-41cb-8571-723481cea2eb","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"cc57e417-b34b-4827-b275-72585473dc73","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fe25e8b3-a571-4185-8987-c89c23fc9ec9","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"27f28e6d-6028-415d-87e0-982afcbed3a4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"1a4812ac-55bd-4977-8de9-7a258d0acbf3","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"636f1d4c-bd7b-4724-a9ac-41ac02b64323","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"cc68a7f0-c955-465f-bee0-2dacbb179078","name":"Azorult","type":"malware","source":"MITRE","software_attack_id":"S0344","tidal_id":"43f57dd5-a3e6-5b53-9531-70641498b18c","created":"2019-01-30T15:19:14.309000Z","modified":"2022-10-13T17:42:52.174000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"be4cfe41-5255-4aa0-9e5e-0a6f03bc3014","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"22a88c99-accb-4c47-b8d2-f62da4720e14","name":"Azure CLI","type":"tool","source":"Tidal Cyber","software_attack_id":"S3781","tidal_id":"8a3b8553-f7c7-5e18-be41-287efe042503","created":"2025-12-17T14:18:54.038237Z","modified":"2025-12-17T14:18:54.038241Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b6d7f243-8334-4a40-8087-930e1df3c1c1","name":"Microsoft Azure CLI","description":"<sup>[[Push Security December 11 2025](/references/4a5fd7d3-1124-42af-ac0c-5e0e0f6fddb3)]</sup>","source":"USER","associated_software_id":"613ab052-1b37-4e01-9625-889e739b63aa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"607b7d7b-993d-4822-9c52-8b7c902099de","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8eeb8931-b999-4d68-a166-de019b80257f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"97077575-6486-48ba-94f5-dfdc71069c3a","name":"AzureHound","type":"tool","source":"Tidal Cyber","software_attack_id":"S3490","tidal_id":"f8a5c036-ceaf-5248-b065-17f2369e3362","created":"2025-06-03T14:14:46.761649Z","modified":"2025-06-03T14:14:46.761653Z","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"6724c79a-34f2-51ed-8644-a6c106ccadd2","name":"Azure"},{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog May 27 2025](/references/e7ea6602-f448-46f2-9ce8-9afbc226807d)]</sup>","group_attack_id":"G3104","group_id":"42219d16-7ed7-4716-b88f-b29a456f0f8d","name":"Void Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f82506d6-f9f9-40c4-9f1c-8a00802413a7","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"8bdd3122-8da4-41c8-836d-b6d674425321","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"0ddc8f26-00aa-47e9-a245-7be8da8ad3ea","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b9807b70-7fbc-40c1-8fa0-b7c7ee7c5e7e","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"e9a46f9e-9b62-4d2d-bba7-bafb4cf5b95e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"04cd4dd8-7182-4064-85a1-12d0b6fd3009","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1674b306-aa70-44f5-b373-24bb5fc51cfa","name":"Azure Storage Explorer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3186","tidal_id":"f445c6d4-342c-597e-8264-c3657097dfa4","created":"2024-09-20T15:10:53.896992Z","modified":"2024-09-20T15:10:53.896996Z","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[modePUSH Azure Storage Explorer September 14 2024](/references/a4c50b03-f0d7-4d29-a9de-e550be61390c)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"08bcabc4-ae21-4793-b28b-b3d50a5c93d0","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"fb484f44-deef-4825-b10e-a86c2fdcbccf","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"62736273-d986-4016-88d6-e033e542a162","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"e558e5ef-7681-4de9-9c91-f5a94dce12b4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0cc01ff5-02f7-4f38-9c2b-3c177a97c7c5","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"608bb0c1-d466-467f-9dd2-d7e7014e9c17","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"73922105-240d-4c33-859a-256208dfa2cd","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"6505a1e4-b4fc-4d0b-90e1-152e4698925f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"53ddeae8-4623-4839-94ac-55f6457690e1","name":"BabShell","type":"malware","source":"Tidal Cyber","software_attack_id":"S3958","tidal_id":"d2a08128-2493-5c67-a0c6-ae9a80fc5224","created":"2026-01-23T20:31:08.227787Z","modified":"2026-01-23T20:31:08.227790Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"0c208353-51b6-4c8e-ab77-ff59a0e83661","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"b3320ef0-bfb1-4b01-a464-6deaf18c1a7f","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"78954218-54e1-47ae-83a6-bccb4f00534c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ee31fd1d-d437-4314-828c-c447e6cef636","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0dc07eb9-66df-4116-b1bc-7020ca6395a1","name":"Babuk","type":"malware","source":"MITRE","software_attack_id":"S0638","tidal_id":"e650c78f-c5eb-5743-b892-b086c16b6385","created":"2021-08-11T17:36:46.197000Z","modified":"2021-10-13T14:29:38.795000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4112f232-14ce-4bc8-b340-4f1614ceef03","name":"Vasa Locker","description":"<sup>[[Sogeti CERT ESEC Babuk March 2021](https://app.tidalcyber.com/references/e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e)]</sup><sup>[[McAfee Babuk February 2021](https://app.tidalcyber.com/references/bb23ca19-78bb-4406-90a4-bf82bd467e04)]</sup>","source":"MITRE","associated_software_id":"30583664-1270-4dab-bff3-83f394740ca8","owner_id":null,"owner_name":null},{"id":"b3ed8082-31ae-4614-8562-07f5ae639e0d","name":"Babyk","description":"<sup>[[Sogeti CERT ESEC Babuk March 2021](https://app.tidalcyber.com/references/e85e3bd9-6ddc-4d0f-a16c-b525a75baa7e)]</sup><sup>[[McAfee Babuk February 2021](https://app.tidalcyber.com/references/bb23ca19-78bb-4406-90a4-bf82bd467e04)]</sup><sup>[[Trend Micro Ransomware February 2021](https://app.tidalcyber.com/references/64a86a3f-0160-4766-9ac1-7d287eb2c323)]</sup>","source":"MITRE","associated_software_id":"b9d20905-d9b0-41e8-8012-52cab3e626f1","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Cisco Talos Blog October 09 2025](/references/06bee483-26fb-4cfc-a6a5-c8282a997946)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9ef65d5d-3ca0-4839-b566-e9b184d15fcf","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"a1d2e34a-677a-493f-bc53-6c5a122cb131","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"67a27dc1-40c6-472b-aef5-847c86d4f864","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"dd769d1b-c601-4780-8763-1c831288a83f","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"353b5580-2aa2-49c6-9b3e-c92432e7fe89","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"c490bac1-6340-4139-b1ad-d7d817c3fe67","tag":"b5962a84-f1c7-4d0d-985c-86301db95129"},{"id":"194b0a92-860f-4bc7-b6e3-6b48f2c2d532","tag":"12124060-8392-49a3-b7b7-1dde3ebc8e67"},{"id":"f043b4f7-55ac-4349-87b4-87d8a300d371","tag":"915e7ac2-b266-45d7-945c-cb04327d6246"},{"id":"76e27f4a-1287-424a-91a5-182556525450","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"b3ee469a-b165-4f40-a0ec-44da0e1f8c54","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"ebb824a2-abff-4bfd-87f0-d63cb02b62e6","name":"BabyShark","type":"malware","source":"MITRE","software_attack_id":"S0414","tidal_id":"33986001-4c71-5638-a9b3-e618ab162bb3","created":"2019-10-07T19:05:48.886000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7be4b6d-b0be-5a27-8305-e8b7dfeb9f93","name":"LATEOP","description":"<sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup>","source":"MITRE","associated_software_id":"d8dbed83-9e23-4bb1-bd9e-2c8121a7f914","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[CISA AA20-301A Kimsuky](https://app.tidalcyber.com/references/685aa213-7902-46fb-b90a-64be5c851f73)]</sup><sup>[[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)]</sup><sup>[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup><sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup><sup>[[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"86df39ac-9abf-4109-93d3-7264b80392db","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"12f6fa6c-f352-4ea4-911a-98b24e374b68","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"f4049d4c-e98c-4b74-8c5e-e1b0d1a669f6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2763ad8c-cf4e-42eb-88db-a40ff8f96cf9","name":"BackConfig","type":"malware","source":"MITRE","software_attack_id":"S0475","tidal_id":"ec2af67b-6a9b-5fea-9f69-c02bae06d3af","created":"2020-06-17T20:17:37.168000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 BackConfig May 2020](https://app.tidalcyber.com/references/f26629db-c641-4b6b-abbf-b55b9cc91cf1)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8e87e45b-f690-465d-b95b-c30a037ebde4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5d6dde96-2723-40b5-9e92-e93418401b47","name":"BackConnect","type":"malware","source":"Tidal Cyber","software_attack_id":"S3572","tidal_id":"9ac3423e-90f9-587c-8687-951e8ffbd5df","created":"2025-10-13T17:29:22.275240Z","modified":"2025-10-13T17:29:22.275244Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8204f8bb-e7fe-40d9-b53e-774003afd7a5","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"0cf26456-9f44-4cd7-ad0b-a15828f7668d","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"73dd73b2-f67f-4adf-8d7d-2fa3ecb0237e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"094b405b-5ed5-4b97-a0a4-74bc46b44a99","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f7cc5974-767c-4cb4-acc7-36295a386ce5","name":"Backdoor.Oldrea","type":"malware","source":"MITRE","software_attack_id":"S0093","tidal_id":"5ef0f530-dd1a-5b34-b7a5-89830606e9c6","created":"2017-05-31T21:32:59.661000Z","modified":"2022-10-12T17:18:25.971000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cefb8684-f2de-48a7-a76f-15823a6f5410","name":"Havex","description":"","source":"MITRE","associated_software_id":"044ca42d-c9cf-4f75-b119-1df3c80a3afd","owner_id":null,"owner_name":null},{"id":"ff0b9809-a68e-46e9-9b0d-bbd3115ddb66","name":"Havex","description":"","source":"ICS","associated_software_id":"044ca42d-c9cf-4f75-b119-1df3c80a3afd","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Dragonfly](https://app.tidalcyber.com/references/9514c5cd-2ed6-4dbf-aa9e-1c425e969226)]</sup><sup>[[Gigamon Berserk Bear October 2021](https://app.tidalcyber.com/references/06b6cbe3-8e35-4594-b36f-76b503c11520)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[Symantec Dragonfly](https://app.tidalcyber.com/references/9514c5cd-2ed6-4dbf-aa9e-1c425e969226)]</sup><sup>[[Gigamon Berserk Bear October 2021](https://app.tidalcyber.com/references/06b6cbe3-8e35-4594-b36f-76b503c11520)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c7743d50-54ce-4642-ad71-34a909a737c5","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"d0daaa00-68e1-4568-bb08-3f28bcd82c63","name":"BACKSPACE","type":"malware","source":"MITRE","software_attack_id":"S0031","tidal_id":"4f0c9849-76a5-57f9-8f21-4ba5af7023a9","created":"2017-05-31T21:32:24.428000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a258d65f-c9ee-4074-9cfd-710dbb0d2c05","name":"Lecna","description":"","source":"MITRE","associated_software_id":"4f538bd5-3e2a-44f7-b58e-97219284df55","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]</sup>","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"765055eb-1df0-43c5-b806-dcc3567ebcce","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5a9a7a54-21cb-4a5c-bef0-d37f8678bf46","name":"Backstab","type":"tool","source":"Tidal Cyber","software_attack_id":"S3028","tidal_id":"6861c43c-21fc-5f91-9e0e-d89ae2c516fc","created":"2023-08-18T18:56:19.230872Z","modified":"2023-08-18T18:56:19.230880Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"568a6c55-c0ca-404c-8f4c-1777b09625c9","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"febf1fd5-619e-4e35-969a-879ee537d934","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"78f5503b-9a27-46e2-909a-a3f96421df6c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"41504349-5861-4a20-83d5-dc9f550cfe9b","tag":"d469efcf-4feb-4149-9c0f-c4b7821960bd"},{"id":"bff63719-992c-4cde-b6bb-9508d8f72031","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"5def64f3-9391-4b53-921f-56b2e5c5a06a","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"c18f1943-9457-4332-8f32-2562b0a41202","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cc900678-594f-4cf9-8c83-13b310ea64bf","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"96e82dc2-7749-40f3-b17d-f7fa1cf46682","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"39c0b607-af53-475c-bb00-5230b579bf2f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"1bfada90-77b5-49fa-bcd3-4ded204554f4","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"6d99bac9-a7c3-4952-9a9a-c5f5128b75c6","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f3342adf-3ea2-4ce8-9b77-a275053d5689","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"2aaa88a1-028e-4623-9d1e-13bd3e679f5c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c9fc9bb1-47a9-4107-b86d-c29ac8ebbab8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a96ffc7b-b91b-414a-be9e-2ee4b4b05b9f","name":"BADAUDIO","type":"malware","source":"Tidal Cyber","software_attack_id":"S3700","tidal_id":"e7109e40-a2bf-5ce1-8652-3496cd1f448a","created":"2025-12-10T14:14:56.199734Z","modified":"2025-12-10T14:14:56.199737Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 20 2025](/references/a99c8dce-a85b-404f-8b91-65135de27537)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e95641ad-4c14-421f-8604-a302d8ede9bc","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2c3f534f-e252-4c91-96cf-6eda77eaf27b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d7aa53a5-0912-4952-8f7f-55698e933c3b","name":"BADCALL","type":"malware","source":"MITRE","software_attack_id":"S0245","tidal_id":"189785c2-2f3d-5931-b396-d9d87f61e237","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT BADCALL](https://app.tidalcyber.com/references/aeb4ff70-fa98-474c-8337-9e50d07ee378)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8c454294-81cb-45d0-b299-818994ad3e6f","name":"BADFLICK","type":"malware","source":"MITRE","software_attack_id":"S0642","tidal_id":"36b96038-5d45-5351-8342-a19df2ec724a","created":"2021-08-26T18:49:41.155000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup><sup>[[Accenture MUDCARP March 2019](https://app.tidalcyber.com/references/811d433d-27a4-4411-8ec9-b3a173ba0033)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4f145202-0b56-4dc5-9807-6d6a1f0c3355","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"16481e0f-49d5-54c1-a1fe-16d9e7f8d08c","name":"BADHATCH","type":"malware","source":"MITRE","software_attack_id":"S1081","tidal_id":"c1e9f063-1a79-55d2-9764-17b9ee8cc08e","created":"2023-11-07T00:35:45.900779Z","modified":"2023-11-07T00:35:45.900787Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[BitDefender BADHATCH Mar 2021](https://app.tidalcyber.com/references/958cfc9a-901c-549d-96c2-956272b240e3)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a8313347-464b-4741-abd7-3bb5bce92f99","name":"BadIIS","type":"malware","source":"Tidal Cyber","software_attack_id":"S3575","tidal_id":"dc830c81-a88f-5b3b-9784-2b083944b6b8","created":"2025-10-13T17:29:22.718111Z","modified":"2025-10-13T17:29:22.718114Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d61f07ad-5433-4cbe-9767-1f18c72e1b24","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"6184183c-0179-4dc6-b29a-aec71356d603","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"958d030d-dc2e-4945-97c6-5769000bb8ab","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"b1a1e4a6-806b-417a-841f-d927fc69a17f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"05d2103d-1cda-48aa-ba86-c1ee0c9f9a15","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7506eb3f-6c4c-42fb-86d5-643635d259e2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"34c24d27-c779-42a4-9f61-3f0d3fea6fd4","name":"BADNEWS","type":"malware","source":"MITRE","software_attack_id":"S0128","tidal_id":"d48e4606-6608-5189-a23d-85f15715c2fe","created":"2017-05-31T21:33:14.118000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]</sup><sup>[[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"10e76722-4b52-47f6-9276-70e95fecb26b","name":"BadPatch","type":"malware","source":"MITRE","software_attack_id":"S0337","tidal_id":"984cb53d-da37-5b8e-8ecd-c246aed3818b","created":"2019-01-29T21:33:34.082000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"4b59bf81-d351-436e-aebc-f0111a892395","name":"BadPotato","type":"malware","source":"Tidal Cyber","software_attack_id":"S3070","tidal_id":"2458db54-9090-5be4-a9fc-60ee5803ac1c","created":"2024-06-13T20:12:29.794742Z","modified":"2024-06-13T20:12:29.794746Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"480ea3d0-6af3-4ec9-bfb8-4ea3fc801083","name":"BadPotato.exe","description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","source":"Tidal Cyber","associated_software_id":"c7f019bb-94bb-4243-a1bc-f4f8caae5a8d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog September 10 2024](/references/c8ea888b-c87c-49eb-a1be-3a269292c414)]</sup>","group_attack_id":"G3075","group_id":"2ee8f401-679c-455e-bc19-511bacdbffff","name":"DragonRank","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f37d77ef-a4bb-4b5b-9a22-fd453b78ded2","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"76f02979-cefe-43fb-b33d-c79495e782d8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"1f5651f6-5b67-4b84-9b99-63ae5516c15e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f2332971-2cbc-4164-82f1-17c39ba4f366","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"7e4452c2-e0bd-4456-b8fa-b1fe8ba91487","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"b3ed9ca0-8f1c-40e5-8b33-9382e9f6a394","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4df38b7c-13c1-4fdc-9618-a07878e18198","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b91306de-8227-4e30-9c6a-9335d0eac593","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a1d86d8f-fa48-43aa-9833-7355750e455c","name":"Bad Rabbit","type":"malware","source":"MITRE","software_attack_id":"S0606","tidal_id":"1ae06c0f-9393-55ee-9909-26bd310738c1","created":"2021-02-09T14:35:39.455000Z","modified":"2022-10-12T17:29:57.200000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5f8cf764-aa0e-4231-9f37-5032e4d370aa","name":"Win32/Diskcoder.D","description":"","source":"ICS","associated_software_id":"1679c995-7141-40ac-a327-b5afc8f275c8","owner_id":null,"owner_name":null},{"id":"98c81574-1f3f-49fa-8f03-b5462bb3fc5d","name":"Win32/Diskcoder.D","description":"","source":"MITRE","associated_software_id":"1679c995-7141-40ac-a327-b5afc8f275c8","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"ICS"}],"tags":[{"id":"f846466d-eb9e-44e2-8dc0-6e95fe6fd6b9","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"392fcd19-4b9d-4712-83eb-e596981e5b3e","tag":"5a463cb3-451d-47f7-93e4-1886150697ce"},{"id":"85008426-03ac-4831-ae6a-6199b5318f85","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"5e40a780-d817-429e-94de-ec747d73928a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"fca1416d-99fa-438f-8444-de781c48d0f1","name":"BadRentdrv2","type":"tool","source":"Trellix TIG","software_attack_id":"S3393","tidal_id":"6a72a680-039d-51cc-928a-014eb2506320","created":"2025-04-11T15:06:35.200984Z","modified":"2025-04-11T15:06:35.200988Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"7e6aa39b-c504-4deb-aed6-b0e491e898d0","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"5c0f8c35-88ff-40a1-977a-af5ce534e932","name":"Bandook","type":"malware","source":"MITRE","software_attack_id":"S0234","tidal_id":"6f259cea-1891-5b99-8c72-3cd6a763ca88","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)]</sup><sup>[[CheckPoint Bandook Nov 2020](https://app.tidalcyber.com/references/352652a9-86c9-42e1-8ee0-968180c6a51e)]</sup> ","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"77ead4da-667d-46d5-8872-ae7edeb4cc35","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"24b8471d-698f-48cc-b47a-8fbbaf28b293","name":"Bankshot","type":"malware","source":"MITRE","software_attack_id":"S0239","tidal_id":"875189cb-89d2-5b50-9fac-7ee14d908cb1","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d00a70a9-1cc3-4a56-8977-43071092e5bc","name":"Trojan Manuscript","description":"<sup>[[McAfee Bankshot](https://app.tidalcyber.com/references/c748dc6c-8c19-4a5c-840f-3d47955a6c78)]</sup>","source":"MITRE","associated_software_id":"0bcd5b61-4408-4a35-9b8f-310cd23a4ca2","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[McAfee Bankshot](https://app.tidalcyber.com/references/c748dc6c-8c19-4a5c-840f-3d47955a6c78)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f8eedd1c-d05e-428a-ae30-f2fc7dd372e0","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"19ba91f1-7dca-4696-968e-60aaf4c2adab","name":"Banshee Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3416","tidal_id":"5e8ea87b-0d7b-5683-92a5-c6e09af68781","created":"2025-01-13T21:01:59.630665Z","modified":"2025-01-13T21:01:59.630670Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"4ba66dd8-6f78-45ce-a4e9-bde874bb234e","name":"BANSHEE","description":"<sup>[[elastic.co August 15 2024](/references/9cfe5512-0fa8-48c3-8431-392aaa1a2baa)]</sup>","source":"Tidal Cyber","associated_software_id":"a565587b-e560-41c1-aa63-1724a7ec9600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"05b62ada-896c-4461-a665-b76b6f1ff20e","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"f50b59b4-189b-40d6-a299-7b645ea47bb9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e9d28f12-26b3-4383-9f57-8699237ce2c8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cef3a09e-22ca-43dc-ad4a-95741a3b85ff","name":"Bash","type":"tool","source":"Tidal Cyber","software_attack_id":"S3195","tidal_id":"c57a04fd-da8c-5a4f-b07c-2178188cca7a","created":"2024-01-12T14:47:42.412843Z","modified":"2024-01-12T14:47:42.412847Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"233f9470-8e08-4b6a-830e-0a7c2e155a12","name":"Bash.exe","description":"<sup>[[Bash.exe - LOLBAS Project](/references/7d3efbc7-6abf-4f3f-aec8-686100bb90ad)]</sup>","source":"Tidal Cyber","associated_software_id":"fe0ff225-66b8-4629-86e3-9b4ce9bf6eb8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CrowdStrike.com 10 06 2025](/references/b5630f1e-ea9c-4b8a-b31a-08e977f0c8ab)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"73cda952-3be9-4150-934b-20751fe2414c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a17d2666-8411-4a47-9d94-04f2dac32a1b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"628037d4-962d-4f58-b32d-241d739bc62d","name":"Bat Armor","type":"tool","source":"Tidal Cyber","software_attack_id":"S3029","tidal_id":"10a9a2a0-cde8-5962-8476-a467defab95e","created":"2023-08-18T18:56:19.481351Z","modified":"2023-08-18T18:56:19.481360Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4885d268-5d73-49af-87fc-285350342444","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d19fb34f-4994-42a6-931b-93bbfd00d652","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"d6d28f90-886d-48f6-8b85-06406828a40c","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5d219448-796f-4643-ab6b-e19b8bd51e99","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"063ed741-0a53-424e-9dbb-513e48e2e593","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"40cd5145-c2f3-44e0-992e-f408309fb187","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"1664584b-cc77-46e7-acb7-25b33dc5dfa8","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"37cef83a-37b9-42e1-b646-58e775e8b6d6","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"38d4af52-5978-40d5-b9d7-b40ab29e14bd","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b5efd78e-e3cf-4a43-b290-9040eb54c94d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9d88175a-d790-48f4-809b-7114df816a05","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b35d9817-6ead-4dbd-a2fa-4b8e217f8eac","name":"Bazar","type":"malware","source":"MITRE","software_attack_id":"S0534","tidal_id":"8669e8f7-586f-593c-bc65-7a69611e8ba9","created":"2020-11-18T19:07:48.008000Z","modified":"2022-09-29T20:41:20.065000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cbebbbcc-31a5-4434-9f0a-4c88ae9a6044","name":"KEGTAP","description":"<sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]</sup>","source":"MITRE","associated_software_id":"7de93c0d-efb9-481c-b1dc-ea5d786c47f9","owner_id":null,"owner_name":null},{"id":"d61f77aa-cfba-5030-9f72-ffeecb125464","name":"Bazaloader","description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","source":"MITRE","associated_software_id":"9157390e-2067-4016-af00-380d5cc39778","owner_id":null,"owner_name":null},{"id":"471782a4-33da-4135-bf78-36c8edc02d02","name":"Team9","description":"<sup>[[Cybereason Bazar July 2020](https://app.tidalcyber.com/references/8819875a-5139-4dae-94c8-e7cc9f847580)]</sup><sup>[[NCC Group Team9 June 2020](https://app.tidalcyber.com/references/0ea8f87d-e19d-438d-b05b-30f2ccd0ea3b)]</sup>","source":"MITRE","associated_software_id":"480398ef-e3b0-4434-b409-bc6bae0a56ea","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Google EXOTIC LILY March 2022](https://app.tidalcyber.com/references/19d2cb48-bdb2-41fe-ba24-0769d7bd4d94)]</sup>","group_attack_id":"G1011","group_id":"396a4361-3e84-47bc-9544-58e287c05799","name":"EXOTIC LILY","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6337f8fe-abdd-4c9c-b43d-0462fe5cd11b","tag":"818c3d93-c010-44f4-82bc-b63b4bc6c3c2"},{"id":"92207af9-50cf-45a1-a88c-a63658696605","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"45df46af-64ae-444c-a184-25b5c9185f10","name":"bb.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3895","tidal_id":"e98b5ddd-b940-5764-8f6b-e06f3ced7e4c","created":"2026-01-14T13:31:31.432287Z","modified":"2026-01-14T13:31:31.432291Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"07249ff7-c5f6-419f-be2a-d39e18f642ca","name":"Donut Loader","description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","source":"USER","associated_software_id":"857131bc-aae7-404d-810d-ffb63f42d981","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ad0d6552-0588-4859-9542-fe619ebb83ae","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"9c5bd7b4-3437-421e-8472-3ee652c5538f","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"4baab7cf-59dd-4751-a2c5-e43d182d104e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c46ed363-6359-4571-a5cf-f42fb9e1a917","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3daa5ae1-464e-4c0a-aa46-15264a2a0126","name":"BBK","type":"malware","source":"MITRE","software_attack_id":"S0470","tidal_id":"9ea3449f-83bd-5d84-9580-457980dcecae","created":"2020-06-10T18:00:28.497000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"479ebf83-5038-4d8c-90ce-79e27e1cd149","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"be4dab36-d499-4ac3-b204-5e309e3a5331","name":"BBSRAT","type":"malware","source":"MITRE","software_attack_id":"S0127","tidal_id":"0e173dbd-c40a-57cb-9bcc-c1ecdcfd62de","created":"2017-05-31T21:33:13.664000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"bda52550-88a0-48f0-874a-600efc1f61df","name":"BCDEdit","type":"tool","source":"Trellix TIG","software_attack_id":"S3414","tidal_id":"b2a6a0a0-ba06-5438-aed0-bb1359ca1c52","created":"2025-04-11T15:06:43.671510Z","modified":"2025-04-11T15:06:43.671513Z","platforms":[],"associated_software":[{"id":"5a0dea63-962c-41ea-8ee6-db41579d976c","name":"BCDEdit.exe","description":"","source":"Trellix TIG","associated_software_id":"347c72c3-3950-4c61-9a3e-6dc73981f43d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"46bb8677-455c-4d5b-9266-733ef14b6ef8","name":"Bcp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3864","tidal_id":"5308fb92-cbaa-587f-94ac-228d296d8a69","created":"2026-01-06T18:05:04.685861Z","modified":"2026-01-06T18:05:04.685864Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"93f58b68-37bb-4044-ae30-2f87f458e867","name":"Bcp.exe","description":"<sup>[[Bcp.exe - LOLBAS Project](/references/cc38b6e9-d6e3-4076-ad90-60f28c240356)]</sup>","source":"USER","associated_software_id":"828c1ac8-9a2f-4df4-b1dd-ecf6f2b3f5f4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b7530454-55b2-411d-b0b3-b7d35c1f928e","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"17dde3c5-f5be-4459-afbb-b20f0e34d6a1","name":"Beast Ransomware (Linux/ESXi)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3519","tidal_id":"16131e68-192a-54bc-8d75-a1de7763dea4","created":"2025-08-14T15:16:33.426999Z","modified":"2025-08-14T15:16:33.427004Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3119","group_id":"b3005b16-e25f-4f4c-b7d6-c125dea0ea60","name":"Beast Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fd960f70-adba-4b78-90aa-f6434bed7b10","tag":"70dc52b0-f317-4134-8a42-71aea1443707"},{"id":"7b7ec57a-47a4-4718-b9d4-9eeaeae1b7a8","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"b1033c18-07ac-4885-916b-be3af4449c98","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"8aee2175-cf67-49b0-8d44-f68c188682a0","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fb880708-d065-4a33-9ee0-2aa5ebc2c571","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"12019e58-c62b-4b74-9353-d3d24603a435","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6b8578db-1dad-4f9c-a214-493d6c2c860f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"903b84b6-84c9-44fb-9c97-15285c653493","name":"Beast Ransomware (Windows)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3518","tidal_id":"8168d61a-0be5-525d-88ce-6d0243bb7339","created":"2025-08-14T15:16:33.260624Z","modified":"2025-08-14T15:16:33.260629Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3119","group_id":"b3005b16-e25f-4f4c-b7d6-c125dea0ea60","name":"Beast Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c6a187e0-4e40-4bff-b8e1-1edfca213c88","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"75913a93-c986-45a8-b353-b0e54ea1e153","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e42726fc-5aa6-4d5f-a19c-8e867ec2fe56","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"c1f104c2-af2e-422d-b9de-0e1a812e1ee9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"25e55e8d-5723-4353-a94e-c4e8a776a9aa","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"89926186-0597-5ed0-8131-5ca94c8caa91","name":"BeaverTail","type":"malware","source":"MITRE","software_attack_id":"S1246","tidal_id":"89926186-0597-5ed0-8131-5ca94c8caa91","created":"2025-10-29T21:08:48.110683Z","modified":"2025-10-29T21:08:48.110684Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Contagious Interview BeaverTail InvisibleFerret February 2025](https://app.tidalcyber.com/references/c6626322-dce8-5de9-aa92-5b29a09a6203)]</sup><sup>[[Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024](https://app.tidalcyber.com/references/1c32af8a-a0a0-5431-86d6-9cfd16addc8a)]</sup><sup>[[PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023](https://app.tidalcyber.com/references/edd66284-56a0-5eef-b7e5-056b7b8b23b0)]</sup><sup>[[PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024](https://app.tidalcyber.com/references/b8cd0275-a043-5ea9-9a8a-a3c8f5ea35e7)]</sup><sup>[[Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024](https://app.tidalcyber.com/references/c4dbb0f9-c562-5bc1-954d-5988525ca0de)]</sup><sup>[[Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025](https://app.tidalcyber.com/references/7f53d9e4-f460-5d94-bc65-1ee7dacaa251)]</sup>","group_attack_id":"G1052","group_id":"b436d32f-2667-5e00-a3d8-f58d2d5666d4","name":"Contagious Interview","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)]</sup><sup>[[Silent Push Contagious Interview April 24 2025](/references/7062304e-91e9-45bf-84b4-c42bdad99e23)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ae398726-59ab-49ef-811b-f99936402295","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5e3a2f27-1df9-4773-b5de-ae4f73390203","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"762ab046-a8b1-4b2b-b632-3c3e92c42c7b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"d1be401e-85cd-44ed-a9b9-7ad78380221b","name":"BeaverTail (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3471","tidal_id":"764d7e46-328b-54ee-bbb7-a0caf60b4aab","created":"2025-05-06T16:29:13.308321Z","modified":"2025-05-06T16:29:13.308326Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)]</sup><sup>[[Silent Push Contagious Interview April 24 2025](/references/7062304e-91e9-45bf-84b4-c42bdad99e23)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d51034c1-e03b-4eac-a89f-4681d240a1ea","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"07b3cc95-769b-45ee-b7ec-b321d2b38f64","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"b99c5075-57f6-4138-be9c-316db2597db1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2ef9933e-1fc7-4f54-b2bd-e33dc7c924f8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e0841981-9310-4e48-be0f-3076c2207b8d","name":"BeeFlush","type":"malware","source":"Trellix TIG","software_attack_id":"S3460","tidal_id":"f322d770-f6de-57d4-8788-045a61f8784c","created":"2025-04-11T15:06:52.300696Z","modified":"2025-04-11T15:06:52.300700Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"09032f68-c5f1-467f-baeb-25bf953a1131","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"a114a498-fcfd-4e0a-9d1e-e26750d71af8","name":"BendyBear","type":"malware","source":"MITRE","software_attack_id":"S0574","tidal_id":"9ef5206d-5836-5c76-8cf9-0342dd7b4481","created":"2021-02-16T16:50:29.990000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BlackTech September 27 2023](/references/309bfb48-76d1-4ae9-9c6a-30b54658133c)]</sup>","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3c22f0a8-0a19-4189-9300-ea75efa3d442","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"35faf622-83f8-4e2d-810f-f3caa369c416","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f63acc40-ffe6-47ce-a0c4-3f959d29c974","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"dcc334f9-2376-4225-b242-0be99c6c9059","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"99005f44-fb72-5c19-80c6-3b660daf9b11","name":"BFG Agonizer","type":"malware","source":"MITRE","software_attack_id":"S1136","tidal_id":"99005f44-fb72-5c19-80c6-3b660daf9b11","created":"2024-10-31T16:28:07.634493Z","modified":"2024-10-31T16:28:07.634497Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BFG Agonizer](https://app.tidalcyber.com/software/99005f44-fb72-5c19-80c6-3b660daf9b11) has been used by [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) for wiping operations.<sup>[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fdffc1a9-3297-4118-b5e1-2f9b4b61b128","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"fe926654-0cff-4e8e-b192-2fa1eb8a9a67","name":"Bginfo","type":"tool","source":"Tidal Cyber","software_attack_id":"S3328","tidal_id":"3cbb5475-ee2e-5973-a173-3193399383a2","created":"2024-01-12T14:48:28.051845Z","modified":"2024-01-12T14:48:28.051849Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e85eca74-ca92-4480-8a4b-4a82efdbcd9c","name":"Bginfo.exe","description":"<sup>[[Bginfo.exe - LOLBAS Project](/references/ca1eaac2-7449-4a76-bec2-9dc5971fd808)]</sup>","source":"Tidal Cyber","associated_software_id":"0a62aa36-aeba-4d97-bddb-d24cdb7d6093","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e6c730fc-abf4-45c7-8611-878ab8c5ac7d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"96bdaa17-266b-4181-ae91-f5563f771a03","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a4fb341d-8010-433f-b8f1-a8781f961435","name":"BianLian Ransomware (Backdoor)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3010","tidal_id":"bbfbf3cc-ace2-52c9-b5d0-74cb81b83d3c","created":"2023-07-14T12:56:37.321649Z","modified":"2023-07-14T12:56:37.321653Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"47324d43-7729-4da1-a1b9-3063110ec36b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"50615366-ea12-4da3-a522-271f57c533e3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"06495340-b437-443d-82fa-91b07641d038","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"252f56c2-4c85-4a19-8451-371cb04c6ceb","name":"BianLian Ransomware (Encryptor)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3009","tidal_id":"3c310816-836e-55d3-8f28-5f3d7299b5e0","created":"2024-06-13T20:12:26.331923Z","modified":"2024-06-13T20:12:26.331927Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"74eddfbe-1ea0-4f41-a031-490ce7a682e1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0259f95b-8dd0-4c90-8bee-3539c371654e","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ea4a2573-89da-43ff-922a-a8a05a4759aa","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"73a3ff57-bbca-4e7a-9378-2dbe1fe392e4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a1b97007-cfdf-4979-b7e0-26f3c770f68f","name":"BigFix","type":"tool","source":"Tidal Cyber","software_attack_id":"S3451","tidal_id":"3c60ef82-534e-5ce2-8a30-4549074cab49","created":"2025-03-17T18:33:49.235480Z","modified":"2025-03-17T18:33:49.235484Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0a6afee0-808e-4e65-9b09-ac8c1d484e0c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"ba5efd93-9ef8-4302-8107-a130779a1407","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7bf09e66-1bb7-448c-9d2e-9c76a18db37b","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"815fcf10-184b-4485-ad5f-446126559293","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"125afae6-bd31-4157-8c7d-750fe61b342b","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"f2ca81e2-5cac-4e79-aa59-bd517e53a660","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2ac644f2-c4bd-4b0c-ab55-d19b09a671e7","name":"binary.sh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3709","tidal_id":"ca026b0d-56f1-59ba-9caf-931ea5d229b0","created":"2025-12-10T14:14:57.777375Z","modified":"2025-12-10T14:14:57.777379Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"8e17ded3-7e45-45d7-8c4b-587dc4d098ff","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a571ef54-5196-42ca-9f94-73549c5d5942","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5a29e92b-fdf6-5b05-a4cf-c4faba51d141","name":"Binary Validator","type":"malware","source":"Mobile","software_attack_id":"S1215","tidal_id":"5a29e92b-fdf6-5b05-a4cf-c4faba51d141","created":"2026-01-28T13:08:09.938750Z","modified":"2026-01-28T13:08:09.938752Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3ad98097-2d10-4aa1-9594-7e74828a3643","name":"BISCUIT","type":"malware","source":"MITRE","software_attack_id":"S0017","tidal_id":"50c80f98-1f44-5601-8839-fffe7d506a8d","created":"2017-05-31T21:32:17.147000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b898816e-610f-4c2f-9045-d9f28a54ee58","name":"Bisonal","type":"malware","source":"MITRE","software_attack_id":"S0268","tidal_id":"09f53c58-3aef-5de9-ae6f-0d9701d2b379","created":"2018-10-17T00:14:20.652000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky CactusPete Aug 2020](https://app.tidalcyber.com/references/1c393964-e717-45ad-8eb6-5df5555d3c70)]</sup><sup>[[Secureworks BRONZE HUNTLEY ](https://app.tidalcyber.com/references/9558ebc5-4de3-4b1d-b32c-a170adbc3451)]</sup><sup>[[Talos Bisonal Mar 2020](https://app.tidalcyber.com/references/eaecccff-e0a0-4fa0-81e5-799b23c26b5a)]</sup> ","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b1b08251-ea95-42c5-a2de-72548f4bc3c2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e7dec940-8701-4c06-9865-5b11c61c046d","name":"BitPaymer","type":"malware","source":"MITRE","software_attack_id":"S0570","tidal_id":"723b9792-fbdc-594c-a344-ecf0db5791d0","created":"2021-02-08T22:19:19.340000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"30685f08-6fdb-42f6-88df-abf40c6afdd5","name":"wp_encrypt","description":"<sup>[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]</sup>","source":"MITRE","associated_software_id":"3591563f-70f1-4bbc-aef8-7aa686e0fd48","owner_id":null,"owner_name":null},{"id":"3e6794a0-c8bb-4163-990b-4bfad4a7d30b","name":"FriedEx","description":"<sup>[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]</sup>","source":"MITRE","associated_software_id":"cf8ab2a9-cef3-450b-ba43-5611d3202347","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]</sup><sup>[[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9f152128-25af-4b3d-bf2f-cb7c84ffa65c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"65ecebfa-bc3d-4532-8aa5-163e5e0d1be7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"52a20d3d-1edd-4f17-87f0-b77c67d260b4","name":"BITSAdmin","type":"tool","source":"MITRE","software_attack_id":"S0190","tidal_id":"00799bb9-fc54-5533-ad38-66d04bef853b","created":"2018-04-18T17:59:24.739000Z","modified":"2022-10-13T18:56:28.568000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"782fe1fa-34e1-46b2-9c5c-e25c2f1ffb63","name":"Bitsadmin.exe","description":"","source":"Tidal Cyber","associated_software_id":"0f4e83eb-bc61-485f-8e30-f28a051996fa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) has used [BITSAdmin](https://app.tidalcyber.com/software/52a20d3d-1edd-4f17-87f0-b77c67d260b4) to download payloads.<sup>[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]</sup><sup>[[RedCanary June Insights 2024](https://app.tidalcyber.com/references/0cef6940-843a-504c-832c-3a10d1b5f2f7)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) has used [BITSAdmin](https://app.tidalcyber.com/software/52a20d3d-1edd-4f17-87f0-b77c67d260b4) to retrieve files from remote locations to run on victim systems.<sup>[[Symantec Daggerfly 2023](https://app.tidalcyber.com/references/cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Ferocious Kitten Jun 2021](https://app.tidalcyber.com/references/b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50)]</sup>","group_attack_id":"G0137","group_id":"275ca7b0-3b21-4c3a-8b6f-57b6f0ffb6fb","name":"Ferocious Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro Tropic Trooper Mar 2018](https://app.tidalcyber.com/references/5d69d122-13bc-45c4-95ab-68283a21b699)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"516a6f4e-9bce-4bf0-8bc1-94109dd800b3","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"f441b73c-b2c2-49f2-a068-26293286e1cd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"37567a0f-1b25-46e3-a105-c3d58f654beb","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5047ba02-8fc3-4aa4-9a20-379ed8336a12","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7a3af49b-13bc-4fb7-9a01-c5c5970e87a2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"2855cef9-57cc-4b28-9571-5d80bfad4722","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"fd92039e-f869-4d35-8ab6-f6fe3018a630","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"4f8f98da-386c-4fe4-9fb1-bfb41541433d","tag":"10d09438-9ea5-405d-9b3a-36d351b5a5d9"},{"id":"dff4cfc0-00b3-4c7d-b2d3-4c41e456a1ec","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4e80b703-c562-4fc0-8fe6-0c49e3ce7e3b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"0d5b24ba-68dc-50fa-8268-3012180fe374","name":"Black Basta","type":"malware","source":"MITRE","software_attack_id":"S1070","tidal_id":"cd4b95a0-3579-5c7a-9670-f92692430425","created":"2023-05-26T01:20:53.785872Z","modified":"2023-05-26T01:20:53.785876Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) is associated with the deployment of [Black Basta](https://app.tidalcyber.com/software/0d5b24ba-68dc-50fa-8268-3012180fe374) ransomware.<sup>[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]</sup><sup>[[rapid7-email-bombing](https://app.tidalcyber.com/references/b57af46b-a26b-5fca-8509-406889261d41)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]</sup>","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bf9b0a1f-eebe-4d24-9404-e96542a11726","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"261d1a7c-53fe-45cf-9d1e-4372f9af4297","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"992088c4-4279-41eb-bfad-fe28454650d6","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"a50ff940-e177-4e07-986b-0911ea23bc90","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"5001be11-039c-41a1-a889-49d99867f0a8","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"335fb216-1868-4046-80ba-7a74e79604e3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"066fd981-a684-4693-8f75-039e798ec001","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"bfce287f-b9cc-4706-9df2-36bed471f9a8","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"0f406d6f-9fe7-4093-ab32-3c3fe09dd26f","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"b8189b83-2868-420b-ae59-cc217683c241","tag":"dea4388a-b1f2-4f2a-9df9-108631d0d078"},{"id":"62af03f4-33e4-4dbe-beff-50734f990c04","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"88f1b71d-b467-4b1f-aee0-084fe5415de9","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"547c8259-2390-5e04-a5aa-db37da5cfdc1","name":"BlackByte 2.0 Ransomware","type":"malware","source":"MITRE","software_attack_id":"S1181","tidal_id":"547c8259-2390-5e04-a5aa-db37da5cfdc1","created":"2025-04-22T20:46:57.413751Z","modified":"2025-04-22T20:46:57.413754Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BlackByte 2.0 Ransomware](https://app.tidalcyber.com/software/547c8259-2390-5e04-a5aa-db37da5cfdc1) is ransomware uniquely associated with [BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) operations and is a replacement for [BlackByte Ransomware](https://app.tidalcyber.com/software/a6a74c8f-320c-5102-ab17-9055bfb8359f).<sup>[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"db0c55b9-4084-47e8-955f-f9a632e57226","tag":"21ecb1dc-84db-4d74-a634-331c24c48a6c"},{"id":"71f215db-54ce-450e-a416-04a08fbbbfa3","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"954f26ed-a57d-41ca-bd57-89966ab2f748","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"86d53e9e-dcc5-4ce1-9e94-d77096ff8e13","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a6a74c8f-320c-5102-ab17-9055bfb8359f","name":"BlackByte Ransomware","type":"malware","source":"MITRE","software_attack_id":"S1180","tidal_id":"a6a74c8f-320c-5102-ab17-9055bfb8359f","created":"2025-04-22T20:46:59.536373Z","modified":"2025-04-22T20:46:59.536377Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BlackByte Ransomware](https://app.tidalcyber.com/software/a6a74c8f-320c-5102-ab17-9055bfb8359f) is ransomware uniquely associated with [BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) operations prior to 2023.<sup>[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup><sup>[[Trustwave BlackByte 2021](https://app.tidalcyber.com/references/ab94e4f7-7976-5ef8-acf9-99beb6182fa9)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1ba09718-82e0-4644-8584-cf7123ca88b4","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e27608bc-3778-4015-9f43-04f282558db7","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"58d6ac84-4eca-441a-87fa-65c02d24bc77","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"691369e5-ef74-5ff9-bc20-34efeb4b6c5b","name":"BlackCat","type":"malware","source":"MITRE","software_attack_id":"S1068","tidal_id":"ced0bcd1-4859-5e7d-9cb9-e975bf4d0f83","created":"2023-05-26T01:20:52.861757Z","modified":"2023-05-26T01:20:52.861760Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"542586e8-8af1-5926-a8af-3873ab660aa7","name":"ALPHV","description":"<sup>[[Microsoft BlackCat Jun 2022](https://app.tidalcyber.com/references/55be1ca7-fdb7-5d76-a9c8-5f44a0d00b0e)]</sup><sup>[[ACSC BlackCat Apr 2022](https://app.tidalcyber.com/references/3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d)]</sup>","source":"MITRE","associated_software_id":"e7af71b4-73c3-405a-9521-d239aa60eb20","owner_id":null,"owner_name":null},{"id":"a06013db-96b2-55d3-b677-bcb3a0c2b178","name":"Noberus","description":"<sup>[[ACSC BlackCat Apr 2022](https://app.tidalcyber.com/references/3b85eaeb-6bf5-529b-80a4-439ceb6c5d6d)]</sup>","source":"MITRE","associated_software_id":"1db491da-16a4-4a9c-9b7c-c7e46f1a1dd0","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has deployed [BlackCat](https://app.tidalcyber.com/software/691369e5-ef74-5ff9-bc20-34efeb4b6c5b) ransomware to victim environments for financial gain.<sup>[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup><sup>[[MSTIC Octo Tempest Operations October 2023](https://app.tidalcyber.com/references/92716d7d-3ca5-5d7a-b719-946e94828f13)]</sup><sup>[[Mandiant UNC3944 May 2025](https://app.tidalcyber.com/references/ba2831ec-0f30-574b-afdc-e8a7ec12b1ea)]</sup><sup>[[Check Point Scattered Spider JUL 2025](https://app.tidalcyber.com/references/276a2ed6-d532-51ee-9066-83145b7506c5)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"MITRE"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7d95eeff-4172-4709-90db-6ee526d0f246","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"eac89c24-0e82-4798-b3ca-f00cf93002b2","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"e90904fe-3a7a-45ea-bcad-2300288d03c8","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"bed08429-13f2-41c7-8780-56ccfe2e038f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"54787da2-ac31-4519-8ddf-b5caf45e54b3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0879c50e-b9eb-45d3-9b6d-565a7b08ba97","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"e85e2fca-9347-4448-bfc1-342f29d5d6a1","name":"BLACKCOFFEE","type":"malware","source":"MITRE","software_attack_id":"S0069","tidal_id":"97221395-7869-5d47-98fa-94f49edf142c","created":"2017-05-31T21:32:45.892000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT17](https://app.tidalcyber.com/references/a303f97a-72dd-4833-bac7-a421addc3242)]</sup>","group_attack_id":"G0025","group_id":"5f083251-f5dc-459a-abfc-47a1aa7f5094","name":"APT17","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"908216c7-3ad4-4e0c-9dd3-a7ed5d1c695f","name":"BlackEnergy","type":"malware","source":"MITRE","software_attack_id":"S0089","tidal_id":"c0b2d32d-d3c7-599c-b94a-54bb780979ed","created":"2017-05-31T21:32:57.807000Z","modified":"2022-10-12T17:33:00.482000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8e7fda99-b472-456c-a777-fe2163aa9a94","name":"Black Energy","description":"","source":"MITRE","associated_software_id":"2efd4571-2913-4ea3-95f8-b2e1aef4f953","owner_id":null,"owner_name":null},{"id":"7ccd8ea5-be12-4fc0-9697-352d39c9b763","name":"Black Energy","description":"","source":"ICS","associated_software_id":"2efd4571-2913-4ea3-95f8-b2e1aef4f953","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[iSIGHT Sandworm 2014](https://app.tidalcyber.com/references/63622990-5467-42b2-8f45-b675dfc4dc8f)]</sup><sup>[[F-Secure BlackEnergy 2014](https://app.tidalcyber.com/references/5f228fb5-d959-4c4a-bb8c-f9dc01d5af07)]</sup><sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup><sup>[[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)]</sup><sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[iSIGHT Sandworm 2014](https://app.tidalcyber.com/references/63622990-5467-42b2-8f45-b675dfc4dc8f)]</sup><sup>[[F-Secure BlackEnergy 2014](https://app.tidalcyber.com/references/5f228fb5-d959-4c4a-bb8c-f9dc01d5af07)]</sup><sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup><sup>[[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)]</sup><sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bc680b9d-e3ee-4f7e-9231-a0f78701e296","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"e56896fb-8a47-4fc8-a0e4-2a8a324da66d","name":"BlackLock Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3499","tidal_id":"2c7ed173-d474-5ae8-876d-76a0cd9686d0","created":"2025-06-17T14:41:23.622346Z","modified":"2025-06-17T14:41:23.622351Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3109","group_id":"fea2db0e-e6a6-44f1-9b5a-2d00744c388b","name":"BlackLock Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a8834e4-24bd-4ef8-8673-137df892a32b","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"071586f2-450e-4363-b55d-a41b840bab35","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"0921b14f-093e-4e27-b4f4-00762ed8ff76","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"8b542eec-e05b-4360-9989-e50836cf7c64","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c9a2b695-f494-4054-9e29-da777493fe5a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4cd25fac-0b5d-44e2-8df1-2c7de06b4b39","name":"BlackLotus","type":"malware","source":"Tidal Cyber","software_attack_id":"S3084","tidal_id":"7857ab79-6c51-5dad-8b07-6fc16a7b52ce","created":"2024-06-13T20:12:30.683734Z","modified":"2024-06-13T20:12:30.683737Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"8193cabe-23c6-435f-a456-8b2f6a3eab8e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"161494f1-b575-4f62-a207-cfba35a7800a","tag":"1a5a32ac-1db6-46b1-b72e-18bc3d776aed"},{"id":"837662ab-7d88-4bb2-a491-196d093bb34a","tag":"df78b317-ce5d-423c-ac42-1e328ab27ffd"},{"id":"4ed06bf8-59d3-4d77-8663-2e2307b6319c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"da348a51-d047-4144-9ba4-34d2ce964a11","name":"BlackMould","type":"malware","source":"MITRE","software_attack_id":"S0564","tidal_id":"042dc348-382a-5ad1-a6bc-297eb1924fb5","created":"2021-01-14T19:58:17.917000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6e200813-4379-457b-9cce-2203bed4b072","name":"BlackSuit Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3139","tidal_id":"e632c8ef-8c19-564e-8fe6-eba42f1a37df","created":"2024-06-13T20:12:35.472117Z","modified":"2024-06-13T20:12:35.472121Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d2b1d47f-792d-4bab-b379-29f96711bc3c","tag":"d602ade5-148e-4f57-a202-87845bab308b"},{"id":"2e6f96bd-51b4-4335-a788-ab4044aa9225","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"8cf29b00-eb70-4d75-a936-263e37f2abea","tag":"2917207f-aa63-4c4a-b2d2-be7e16d1f25c"},{"id":"d5b36ede-06ff-434f-97ac-139a0691c0e9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"3b0bf699-9177-4e0f-acff-6b2eb1f419fd","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d3529941-7644-4d5b-b1bb-9b4b31d99ebf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9ec3f84c-ed7f-47fe-91f5-b18eec225bc7","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9aad8563-30fd-4c90-b1b5-8a2b16467539","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"22653e48-c21c-41ed-a795-dea628d5c3f2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1af8ea81-40df-4fba-8d63-1858b8b31217","name":"BLINDINGCAN","type":"malware","source":"MITRE","software_attack_id":"S0520","tidal_id":"8d35ee7a-c0e7-5e53-9395-0ccb7a671b30","created":"2020-10-27T18:45:58.576000Z","modified":"2021-03-17T15:55:56.257000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT BLINDINGCAN Aug 2020](https://app.tidalcyber.com/references/0421788c-b807-4e19-897c-bfb4323feb16)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3770aae9-d84b-44cf-ad70-d276d8b031d2","name":"Blindsight","type":"tool","source":"Tidal Cyber","software_attack_id":"S3606","tidal_id":"94bc35e2-9723-56c7-9a46-520bf6078463","created":"2025-10-24T16:13:48.286435Z","modified":"2025-10-24T16:13:48.286437Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro October 22 2025](/references/230dbb27-9f4b-417f-ae7f-e88de27f4bc5)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d12b0a29-2ca4-4904-a63c-6063997f211a","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"13f70eaf-4ef2-4cd1-a8bc-3216aebe7fb6","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"b44913c5-f666-4388-b289-f467e5a8f74f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"959d1a87-2c01-4407-a712-26e715547b90","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"72658763-8077-451e-8572-38858f8cacf3","name":"BloodHound","type":"tool","source":"MITRE","software_attack_id":"S0521","tidal_id":"52260547-92c5-56f5-ae58-b69217285093","created":"2020-10-28T12:51:29.358000Z","modified":"2022-09-27T18:19:01.118000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup><sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [BloodHound](https://app.tidalcyber.com/software/72658763-8077-451e-8572-38858f8cacf3) to profile Active Directory environments.<sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET T3 Threat Report 2021](https://app.tidalcyber.com/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cycraft Chimera April 2020](https://app.tidalcyber.com/references/a5a14a4e-2214-44ab-9067-75429409d744)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 Vice Society December 6 2022](/references/6abf7387-0857-4938-b36e-1374a66d4ed8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0f561a0b-10e9-4ad5-8179-7f7073e19ed6","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"aaec740e-f570-4542-bca8-ee5935ab0c50","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"9d9dfc74-e5fa-42ec-86fb-8262bb9c4700","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"f86cfd4a-648c-4751-8de2-90f2b6f734f7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b90f93cb-3461-42ec-bdc9-fe1b42ede88d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c55acca9-0eac-4c38-aeb4-55da24f12170","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f260c363-0964-45ce-ac7a-ab269be5e1d8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"43e07256-1480-47f8-8f25-3ee6a176a1d8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"88c27e17-d914-4c35-8957-fbb109898530","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"1a2c060c-4f21-4da9-ac88-db93e947095f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"de4b29fd-85e6-4a01-9519-11560130e524","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"05c2c3e6-4944-4df2-8eca-0f03d6bd3cb4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"a4e14428-a4b2-4f94-9f39-cb15c3f7e568","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d8cc4f03-32e6-4009-977d-ac2fe935e2d3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ee74abe8-2d01-489f-8d0f-8822ae8a3330","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"e53ef0fb-2d8f-40d4-9bac-a86b3d047d35","name":"Blub","type":"malware","source":"Tidal Cyber","software_attack_id":"S3724","tidal_id":"8d49617d-fd30-5ddb-9b76-565f1bf3e136","created":"2025-12-10T14:15:00.603523Z","modified":"2025-12-10T14:15:00.603527Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"283ca2db-738d-442a-a14b-376ecf557639","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"52f0eb2c-2cd9-46cb-ae29-b1302f009066","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3aaaaf86-638b-4a65-be18-c6e6dcdcdb97","name":"BLUELIGHT","type":"malware","source":"MITRE","software_attack_id":"S0657","tidal_id":"e579c3dd-7876-5e09-8782-95670b160054","created":"2021-10-01T20:26:49.502000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Volexity InkySquid BLUELIGHT August 2021](https://app.tidalcyber.com/references/7e394434-364f-4e50-9a96-3e75dacc9866)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"593d8e57-0b4c-49a9-8d98-bb8e699a036c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"01ba1659-7314-4754-857d-4f051550ce19","name":"Bobik","type":"malware","source":"Trellix TIG","software_attack_id":"S3388","tidal_id":"984ddb7b-985c-5659-9745-34717775ecf4","created":"2025-04-11T15:06:34.357102Z","modified":"2025-04-11T15:06:34.357106Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3006","group_id":"7c1a627e-7ea8-4919-a590-7637f1c887f3","name":"NoName057(16)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"d2910708-4783-4ae5-8bfa-23e9cf541b5f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"7a6e5dae-4f6b-43e5-bf98-f20071e58072","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"e872eb3e-8965-4667-a6ac-ceee42366f21","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":"TidalCyberIan"},{"id":"00dff216-0c61-5d8a-9de4-bfdab70f60c2","name":"BOLDMOVE","type":"malware","source":"MITRE","software_attack_id":"S1184","tidal_id":"00dff216-0c61-5d8a-9de4-bfdab70f60c2","created":"2025-04-22T20:46:57.119334Z","modified":"2025-04-22T20:46:57.119337Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"a84568de-748f-4393-85a9-841e6a9a895f","tag":"793f4441-3916-4b3d-a3fd-686a59dc3de2"},{"id":"5d10f845-a0af-4775-88c2-b01dbd020e27","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3793db4b-f843-4cfd-89d2-ec28b62feda5","name":"Bonadan","type":"malware","source":"MITRE","software_attack_id":"S0486","tidal_id":"14c4cf37-f3a2-532f-9137-afa0ba40e479","created":"2020-07-16T14:59:40.051000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d8690218-5272-47d8-8189-35d3b518e66f","name":"BONDUPDATER","type":"malware","source":"MITRE","software_attack_id":"S0360","tidal_id":"b819ce89-f776-5472-8f01-35f992e0e3c9","created":"2019-02-18T20:16:12.119000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup> <sup>[[Palo Alto OilRig Sep 2018](https://app.tidalcyber.com/references/2ec6eabe-92e2-454c-ba7b-b27fec5b428d)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6cb03958-0cec-4a27-953d-95510432e651","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e307bb49-c281-5fc3-9562-ed631d075a7f","name":"BOOKWORM","type":"malware","source":"MITRE","software_attack_id":"S1226","tidal_id":"e307bb49-c281-5fc3-9562-ed631d075a7f","created":"2025-10-29T21:08:48.110600Z","modified":"2025-10-29T21:08:48.110601Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Broadcom](https://app.tidalcyber.com/references/97eb3c97-229c-523e-8604-c276a8a36584)]</sup><sup>[[Palo Alto Networks, Unit 42](https://app.tidalcyber.com/references/7428e855-a965-5c67-b6c5-4874e48f612f)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9d393f6f-855e-4348-8a26-008174e3605a","name":"BoomBox","type":"malware","source":"MITRE","software_attack_id":"S0635","tidal_id":"33651c37-907a-5caa-8f9c-ac27766b092f","created":"2021-08-03T14:55:46.682000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1cf453c2-209f-47e8-bdd4-cb19dd9deb42","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"74a73624-d53b-4c84-a14b-8ae964fd577c","name":"BOOSTWRITE","type":"malware","source":"MITRE","software_attack_id":"S0415","tidal_id":"879a9a8d-d0f1-55e1-972b-4e91480bbe3a","created":"2019-10-11T16:04:31.994000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye FIN7 Oct 2019](https://app.tidalcyber.com/references/df8886d1-fbd7-4c24-8ab1-6261923dee96)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7b0e4dbe-f7e2-4b6d-91d2-aa211509af6d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"d47a4753-80f5-494e-aad7-d033aaff0d6d","name":"BOOTRASH","type":"malware","source":"MITRE","software_attack_id":"S0114","tidal_id":"993b1883-b696-5dfc-9ac9-ac21123a5361","created":"2017-05-31T21:33:08.292000Z","modified":"2021-06-09T18:58:41.760000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"61c6c835-d07f-5bd0-83c6-fe6628c4f76a","name":"BOULDSPY","type":"malware","source":"Mobile","software_attack_id":"S1079","tidal_id":"61c6c835-d07f-5bd0-83c6-fe6628c4f76a","created":"2026-01-28T13:08:09.938629Z","modified":"2026-01-28T13:08:09.938631Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d3e46011-3433-426c-83b3-61c2576d5f71","name":"BoxCaon","type":"malware","source":"MITRE","software_attack_id":"S0651","tidal_id":"11b70bd2-b988-56b7-8de7-10d55cf8bb6c","created":"2021-09-27T20:50:56.335000Z","modified":"2021-10-16T02:17:53.847000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Checkpoint IndigoZebra July 2021](https://app.tidalcyber.com/references/cf4a8c8c-eab1-421f-b313-344aed03b42d)]</sup>","group_attack_id":"G0136","group_id":"988f5312-834e-48ea-93b7-e6e01ee0938d","name":"IndigoZebra","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"95ed72db-1196-4ed1-9aa9-1b9a90e3e7b2","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"1c75c6dc-7b74-5b15-ae9a-59f9cc98e662","name":"BPFDoor","type":"malware","source":"MITRE","software_attack_id":"S1161","tidal_id":"1c75c6dc-7b74-5b15-ae9a-59f9cc98e662","created":"2024-10-31T16:28:05.803413Z","modified":"2024-10-31T16:28:05.803417Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"9723b193-6272-520e-9a21-b547bdcf4a35","name":"Backdoor.Linux.BPFDOOR","description":"<sup>[[Merces BPFDOOR 2023](https://app.tidalcyber.com/references/bf4f5736-0506-5ecf-a73e-86ab18c2b71b)]</sup>","source":"MITRE","associated_software_id":"25e4f805-94ef-44eb-87eb-ac3e8a94bf4a","owner_id":null,"owner_name":null},{"id":"55aeae07-2453-50c4-b898-34040718209f","name":"JustForFun","description":"<sup>[[Harries JustForFun 2022](https://app.tidalcyber.com/references/e7b7aee0-486e-5936-9b01-446dce22f917)]</sup>","source":"MITRE","associated_software_id":"8eb67762-ea73-425f-add6-aeca03892dd8","owner_id":null,"owner_name":null},{"id":"1c711ed0-7741-5ef3-a5ae-92fa75875418","name":"Backdoor.Solaris.BPFDOOR.ZAJE","description":"<sup>[[Harries JustForFun 2022](https://app.tidalcyber.com/references/e7b7aee0-486e-5936-9b01-446dce22f917)]</sup>","source":"MITRE","associated_software_id":"80382e9b-9e78-48e8-b07a-854217324d30","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Unit 42 December 12 2025](/references/02aae606-da8f-4c9b-86e0-5b960579c8d7)]</sup>","group_attack_id":"G3162","group_id":"d858b6e6-329a-462e-b55b-4fb4aa33291b","name":"Red Menshen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2f09a3f9-f0c0-4b73-8088-7cb87fdd1c83","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6f8c8ba5-0d99-5672-9f38-a2d68df021d0","name":"BrainTest","type":"malware","source":"Mobile","software_attack_id":"S0293","tidal_id":"6f8c8ba5-0d99-5672-9f38-a2d68df021d0","created":"2026-01-28T13:08:09.939095Z","modified":"2026-01-28T13:08:09.939097Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3bf4cb2f-4ecc-52fd-9e06-0f314a281e17","name":"BRATA","type":"malware","source":"Mobile","software_attack_id":"S1094","tidal_id":"3bf4cb2f-4ecc-52fd-9e06-0f314a281e17","created":"2026-01-28T13:08:09.938243Z","modified":"2026-01-28T13:08:09.938245Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"51b27e2c-c737-4006-a657-195ea1a1f4f0","name":"Brave Prince","type":"malware","source":"MITRE","software_attack_id":"S0252","tidal_id":"8e1f7ee7-0bf3-590c-bffc-f189b58c4570","created":"2018-10-17T00:14:20.652000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Talos Kimsuky Nov 2021](https://app.tidalcyber.com/references/17927f0e-297a-45ec-8e1c-8a33892205dc)]</sup><sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8c80083c-4219-5db2-bd8c-286e49561dfd","name":"Bread","type":"malware","source":"Mobile","software_attack_id":"S0432","tidal_id":"8c80083c-4219-5db2-bd8c-286e49561dfd","created":"2026-01-28T13:08:09.937585Z","modified":"2026-01-28T13:08:09.937586Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"f3f7e342-9bb7-4833-be0e-52301958ff20","name":"Joker","description":"<sup>[[Google Bread](https://app.tidalcyber.com/references/68b7f8a6-12c1-5ba0-9106-69fe6fcac3bc)]</sup>","source":"Mobile","associated_software_id":"713c9a2c-1df9-5a76-a170-f965f4ccbd5e","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"7942783c-73a7-413c-94d1-8981029a1c51","name":"Briba","type":"malware","source":"MITRE","software_attack_id":"S0204","tidal_id":"1e50df30-4293-5fb7-9680-78ac81b24ae3","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f3d33908-560e-4b98-994a-8da10d7a4a30","name":"BRICKSTEAL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3556","tidal_id":"81a74074-8165-5b08-8702-4f24b7f923ce","created":"2025-10-07T14:07:33.496165Z","modified":"2025-10-07T14:07:33.496168Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"f451a554-520d-4a91-b47f-07481ad6c2a5","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"fdd680bf-a54f-4691-be73-5e1bea957262","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"41ae24fb-7f2f-4436-9e0e-f24de1fab59d","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"5c376fc4-26fd-4f6a-8d8a-5111025146eb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"91f2ff45-0228-4bd0-ae35-ac2510e7bfcf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"032986ee-e041-4336-9a24-7d1858b28c39","name":"BrickStorm","type":"malware","source":"Trellix TIG","software_attack_id":"S3440","tidal_id":"f98f3e5e-d6da-592b-937f-bb5d7d6f7f94","created":"2025-04-11T15:06:48.513887Z","modified":"2025-04-11T15:06:48.513891Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bed3d7f6-24eb-4d66-83f7-3d0a165125e4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"23043b44-69a6-5cdf-8f60-5a68068680c7","name":"Brute Ratel C4","type":"tool","source":"MITRE","software_attack_id":"S1063","tidal_id":"934ee621-0971-51f6-b492-a77cf83eb3a9","created":"2023-05-26T01:20:55.839878Z","modified":"2023-05-26T01:20:55.839882Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dba68385-7251-5f62-a90d-391e1e47ee70","name":"BRc4","description":"<sup>[[Palo Alto Brute Ratel July 2022](https://app.tidalcyber.com/references/a9ab0444-386b-5baf-84e1-0e6df4a21296)]</sup>","source":"MITRE","associated_software_id":"afc6d47c-4375-47c6-bc69-ae0faf2df0bd","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Mandiant APT29 Phishing September 21 2023](/references/ad3fa9b5-2c2b-490e-bb46-0337020446f8)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro Black Basta October 2022](/references/6e4a1565-4a30-5a6b-961c-226a6f1967ae)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Recorded Future RedHotel August 7 2023](/references/b9f9662b-bcf6-4179-8dfb-e017e50cbd5c)]</sup>","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[EclecticIQ August 16 2024](/references/79e0a74f-799f-445e-a677-cc08e66f3113)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"cbfcf808-4c0d-43c7-ad74-0301f18bdee0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"4016f306-2734-4231-9984-f84356a02846","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"c9e773de-0213-4b64-83fb-637060c8b5ed","name":"BS2005","type":"malware","source":"MITRE","software_attack_id":"S0014","tidal_id":"f420811a-29be-599d-b5b5-5a9c7c707d1d","created":"2017-05-31T21:32:15.994000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2be4e3d2-e8c5-4406-8041-2c17bdb3a547","name":"BUBBLEWRAP","type":"malware","source":"MITRE","software_attack_id":"S0043","tidal_id":"3b1b6932-7bf5-5f04-bb78-a4bf733c6a96","created":"2017-05-31T21:32:33.738000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bc902752-8e2e-4037-9147-b3c6ff297539","name":"Backdoor.APT.FakeWinHTTPHelper","description":"","source":"MITRE","associated_software_id":"ad8fc8bb-3562-4a56-b132-be625b1dc208","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]</sup>","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e07d08eb-40c7-4ac5-8d02-09477ddaa23b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c21d3e6c-0f6d-44a8-bdd5-5b3180a641c9","name":"build_downer","type":"malware","source":"MITRE","software_attack_id":"S0471","tidal_id":"c91fd69e-438a-5046-8763-3d54696bcb5c","created":"2020-06-10T18:44:10.896000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"89ce7930-290e-4f2c-9c05-fd6f63526de5","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"50d6b352-5720-43c1-aff6-a49ca468ec3d","name":"Bulbature","type":"malware","source":"Tidal Cyber","software_attack_id":"S3935","tidal_id":"a42c0a30-663a-51f1-a445-ab834f7a6942","created":"2026-01-14T13:31:38.178274Z","modified":"2026-01-14T13:31:38.178279Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog January 08 2026](/references/74959041-08ca-41fc-8ceb-675f1fefd765)]</sup>","group_attack_id":"G3203","group_id":"6df06da1-6f73-45a9-afb7-9087cd24cbff","name":"UAT-7290","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5ad4dcb0-e95f-4c06-a993-80b0a80dbcd9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a7865dc2-ffdc-4f93-989d-82e29f7c3c1e","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"f9bdaa39-503a-4de7-8c73-64e4a9aec89e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a915f350-ee32-4919-810b-7a3065bb5f5c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cc155181-fb34-4aaf-b083-b7b57b140b7a","name":"Bumblebee","type":"malware","source":"MITRE","software_attack_id":"S1039","tidal_id":"1f6b4d10-de1c-5752-8baa-7bfebc057bf3","created":"2022-08-19T20:28:36.981000Z","modified":"2022-10-21T21:43:41.253000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google EXOTIC LILY March 2022](https://app.tidalcyber.com/references/19d2cb48-bdb2-41fe-ba24-0769d7bd4d94)]</sup>","group_attack_id":"G1011","group_id":"396a4361-3e84-47bc-9544-58e287c05799","name":"EXOTIC LILY","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]</sup>","group_attack_id":"G1038","group_id":"b47551ba-8036-5527-abba-fed787c854a5","name":"TA578","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"632b312f-0797-4894-85df-7456516a0c54","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"5c0cda95-63f1-4ee4-8edf-9fb667e94966","tag":"aa983c81-e54b-49b3-b0dd-53cf950825b8"},{"id":"cc9b6b50-aa05-4dfb-bc3c-9a18b91d512e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d8fc55e5-7d9f-4fa0-8451-8a86d387d90a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"66aa8313-2a20-4665-b722-73dd3f0c2cf0","name":"Bun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3710","tidal_id":"7f0d83fc-5d09-5f62-a646-1611240006ca","created":"2025-12-10T14:14:57.945060Z","modified":"2025-12-10T14:14:57.945063Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3f0e9e88-a8b1-4a7d-a002-3fcc627a3d5c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3ff2624e-f655-4b66-b461-2903be2d63f8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e9873bf1-9619-4c62-b4cf-1009e83de186","name":"Bundlore","type":"malware","source":"MITRE","software_attack_id":"S0482","tidal_id":"7b28b2b7-af5f-5eaf-ab2f-ceae8ebc4190","created":"2020-07-01T19:34:28.366000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"2c496adc-9061-4675-83a6-e53a8a5e6088","name":"OSX.Bundlore","description":"<sup>[[MacKeeper Bundlore Apr 2019](https://app.tidalcyber.com/references/4d631c9a-4fd5-43a4-8b78-4219bd371e87)]</sup>","source":"MITRE","associated_software_id":"2fc667d6-96ca-4414-95d7-3ce49383508a","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"4387694e-2e88-474f-8f95-1bcc21a59345","tag":"707e8a2b-e223-4d99-91c2-43de4b4459f6"},{"id":"f109d830-61b5-42f2-b77b-65428d5347f2","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"eb1f6ae8-2225-4d62-8b00-b79f8733363d","name":"BusBoy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3751","tidal_id":"533d910f-ce09-5315-8d00-4a37659c0554","created":"2025-12-17T14:18:49.468358Z","modified":"2025-12-17T14:18:49.468361Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"909afb7e-aa2e-4d2e-84ed-3129fca59941","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"61a073c8-aa0a-4fee-ba7b-0e091da51cfb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"44ed9567-2cb6-590e-b332-154557fb93f9","name":"BUSHWALK","type":"malware","source":"MITRE","software_attack_id":"S1118","tidal_id":"5f6d1648-054a-5f0f-8cae-bcaf0bc0f6a6","created":"2024-04-25T13:28:17.841576Z","modified":"2024-04-25T13:28:17.841579Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"a16a964f-27d7-4b12-97cc-d8ed851ecdc5","name":"BusyBox","type":"tool","source":"Trellix TIG","software_attack_id":"S3449","tidal_id":"fdc67fd7-cdac-558a-b1fb-f99fce95584a","created":"2025-04-11T15:06:50.386494Z","modified":"2025-04-11T15:06:50.386497Z","platforms":[],"associated_software":[{"id":"770b52ae-29ad-434c-b378-b2f982064af9","name":"Busy Box","description":"","source":"Trellix TIG","associated_software_id":"9fa0edcb-4e5b-4529-be38-1667c24e6a0b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog January 08 2026](/references/74959041-08ca-41fc-8ceb-675f1fefd765)]</sup>","group_attack_id":"G3203","group_id":"6df06da1-6f73-45a9-afb7-9087cd24cbff","name":"UAT-7290","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"01fafdac-79d4-5319-985e-118bf0a9df30","name":"BusyGasper","type":"malware","source":"Mobile","software_attack_id":"S0655","tidal_id":"01fafdac-79d4-5319-985e-118bf0a9df30","created":"2026-01-28T13:08:09.939080Z","modified":"2026-01-28T13:08:09.939082Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"accf7d1c-bb6d-49b9-9416-ca8b396425d5","name":"Byet Internet Services","type":"tool","source":"Tidal Cyber","software_attack_id":"S3919","tidal_id":"2cbe6505-5da4-5d76-85ef-3e821f2f03ea","created":"2026-01-14T13:31:35.547108Z","modified":"2026-01-14T13:31:35.547111Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.recordedfuture.com January 09 2026](/references/fb8ee1dd-bf96-4d28-9d9f-807cc351190b)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"72d1bdae-a224-480a-b114-6da32fa8f030","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"0d0d6b81-739a-4efa-b42b-d4f69703195b","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"435d940f-783b-4cf2-9c6a-488783b5d807","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9684a2a9-2f9e-45fc-a34d-9f9722747338","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6fc9b12d-8adc-4acc-97df-208de7a27314","name":"BypassCredGuard.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3615","tidal_id":"67ffe487-b2f3-505b-9dc4-c7c4273f3917","created":"2025-11-11T13:26:32.070951Z","modified":"2025-11-11T13:26:32.070958Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b7986d44-4c94-428c-884a-7316ecc51aa0","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"3f7cb2fb-6a58-4068-877e-724a9fcbc4b8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bacdc28a-8588-4ec1-b04b-a818ddc3f415","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9448fcbb-b46d-4a78-85ad-7476bf9f3499","name":"CABINETRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3574","tidal_id":"23f5dbf7-0075-5dbe-a144-95c22fc72672","created":"2025-10-13T17:29:22.577047Z","modified":"2025-10-13T17:29:22.577050Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[cert.gov.ua 09 30 2025](/references/bc4a5dc2-fc7c-451f-a69f-b153a8279e0b)]</sup>","group_attack_id":"G3137","group_id":"fa40b235-5e76-4cc7-894c-92c5c81fc623","name":"UAC-0245","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d12d8521-84a7-4dd0-968b-36a51d1a2b8f","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"9ee7edad-0199-4f28-8446-8e69b6126913","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"d06b0401-f8ce-47ec-841a-bc0f31c413bd","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"7472d748-b06a-4cce-8b32-4f21aa95cb47","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"28b0fcfc-a6e0-4204-a06b-5c275b73e2b4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"35f8f59b-f5c6-43b6-9511-f95e907d44a0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7c03fb92-3cd8-4ce4-a1e0-75e47465e4bc","name":"Cachedump","type":"tool","source":"MITRE","software_attack_id":"S0119","tidal_id":"58ff897b-f7da-55de-ada2-d2bc1a1adc05","created":"2017-05-31T21:33:10.197000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ad51e7c6-7d3c-4c5d-a7e2-e50afb11a0ca","name":"CACTUS Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3107","tidal_id":"31de8745-8b68-5411-8266-c2d0ea44ed27","created":"2024-06-13T20:12:31.908916Z","modified":"2024-06-13T20:12:31.908920Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6199e94a-56d7-429a-a769-0e8acb1b08e2","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"5bcf3e67-68d7-464d-bcb3-dbafaca8ec6a","tag":"83a25621-55a6-4b0d-be67-4905b6d3a1c6"},{"id":"b0eb2451-48fe-4e74-bbab-fad10386d462","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7752d185-25ff-4e78-b0e7-2f102cc1bc9c","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"771be0df-6e43-444b-8d19-73815197b24f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"48e982bc-c8cb-4b29-8ad4-e3db14dc262d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5023f3ba-97e6-4eca-a2f6-3d683bfd09a3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"62d0ddcd-790d-4d2d-9d94-276f54b40cf0","name":"CaddyWiper","type":"malware","source":"MITRE","software_attack_id":"S0693","tidal_id":"a1683b61-7e89-5f74-be50-5ab788ba9df3","created":"2022-03-23T20:15:38.177000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e34351f9-26ec-4ad2-a399-7a548e9b9791","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"c8a51b39-6906-4381-9bb4-4e9e612aa085","name":"Cadelspy","type":"malware","source":"MITRE","software_attack_id":"S0454","tidal_id":"07ff9b57-1368-5cde-b43e-bfca2eb4f587","created":"2020-05-22T20:07:15.628000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Chafer Dec 2015](https://app.tidalcyber.com/references/0a6166a3-5649-4117-97f4-7b8b5b559929)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"68a515e8-9fa6-44ea-8cba-ad8de759d742","name":"CALDERA","type":"tool","source":"Tidal Cyber","software_attack_id":"S3454","tidal_id":"b1c49d8e-22fa-5ebe-8722-b08a4306487a","created":"2025-03-25T13:16:27.151470Z","modified":"2025-03-25T13:16:27.151472Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c249f955-a9d2-402e-bd86-f388d9c07192","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a2420f28-3a6c-4cd7-93fd-08eecf579881","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"525920c0-5c69-4d92-8666-619f91621365","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7f75e83f-abaa-4c50-9c54-47fea20692ee","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ad859a79-c183-44f6-a89a-f734710672a9","name":"CALENDAR","type":"malware","source":"MITRE","software_attack_id":"S0025","tidal_id":"bd4f2192-c675-5176-909d-367fce3d8d1f","created":"2017-05-31T21:32:20.137000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6b5b408c-4f9d-4137-bfb1-830d12e9736c","name":"Calisto","type":"malware","source":"MITRE","software_attack_id":"S0274","tidal_id":"a1a691fa-6b4f-5694-9def-43f30a9f53a3","created":"2018-10-17T00:14:20.652000Z","modified":"2020-03-30T01:58:55.849000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"352ee271-89e6-4d3f-9c26-98dbab0e2986","name":"CallMe","type":"malware","source":"MITRE","software_attack_id":"S0077","tidal_id":"01fd8261-b32d-5157-886c-050edbd37410","created":"2017-05-31T21:32:52.875000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]</sup>","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"56c43c85-3abe-47fe-b18f-9af195d22ac7","name":"Caminho","type":"malware","source":"Tidal Cyber","software_attack_id":"S3814","tidal_id":"ca6ec953-becf-57e7-8833-3ed7bea17ba7","created":"2025-12-24T14:57:28.942964Z","modified":"2025-12-24T14:57:28.942968Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dcb01afe-9e09-498a-8026-705b8db78f3c","name":"VMDetectLoader","description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","source":"USER","associated_software_id":"76d5f119-6c50-46db-b544-2553c0563851","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"97819743-8d5c-499a-9b94-afab28e63588","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"7aac4514-623b-4374-b797-b6910189d521","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"4ed277b9-fc5c-41b9-aebb-98f3b3fecca9","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f6bd1c7e-b145-4fab-9f3e-19038f84d517","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e484d954-658b-4712-8176-1969a8cc3976","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"790e931d-2571-496d-9f48-322774a7d482","name":"Cannon","type":"malware","source":"MITRE","software_attack_id":"S0351","tidal_id":"6c1fa47d-9a22-5228-8b40-635a3d442b03","created":"2019-01-30T18:58:03.614000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 Cannon Nov 2018](https://app.tidalcyber.com/references/8c634bbc-4878-4b27-aa18-5996ec968809)]</sup><sup>[[Unit42 Sofacy Dec 2018](https://app.tidalcyber.com/references/540c4c33-d4c2-4324-94cd-f57646666e32)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3cebd18d-dd58-5dd6-a54f-1a46ce4543ac","name":"CANONSTAGER","type":"malware","source":"MITRE","software_attack_id":"S1237","tidal_id":"3cebd18d-dd58-5dd6-a54f-1a46ce4543ac","created":"2025-10-29T21:08:48.110642Z","modified":"2025-10-29T21:08:48.110643Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Threat Intelligence Group MUSTANG PANDA PLUGX August 2025](https://app.tidalcyber.com/references/5fce4659-d82d-5498-a060-95b34984d66a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4cb9294b-9e4c-41b9-b640-46213a01952d","name":"Carbanak","type":"malware","source":"MITRE","software_attack_id":"S0030","tidal_id":"9420323e-240c-5518-87b0-65caf50e7c3d","created":"2017-05-31T21:32:22.213000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"be99b5bb-731e-4040-9912-985c893fab6b","name":"Anunak","description":"<sup>[[Fox-It Anunak Feb 2015](https://app.tidalcyber.com/references/d74a8d0b-887a-40b9-bd43-366764157990)]</sup> <sup>[[FireEye CARBANAK June 2017](https://app.tidalcyber.com/references/39105492-6044-460c-9dc9-3d4473ee862e)]</sup>","source":"MITRE","associated_software_id":"b0ac8d42-1536-4b96-b0d5-8052308d2177","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]</sup><sup>[[FireEye FIN7 Aug 2018](https://app.tidalcyber.com/references/54e5f23a-5ca6-4feb-8046-db2fb71b400a)]</sup><sup>[[DOJ FIN7 Aug 2018](https://app.tidalcyber.com/references/6a588eff-2b79-41c3-9834-613a628a0355)]</sup><sup>[[IBM Ransomware Trends September 2020](https://app.tidalcyber.com/references/eb767436-4a96-4e28-bd34-944842d7593e)]</sup><sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup><sup>[[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)]</sup><sup>[[Mandiant FIN7 Apr 2022](https://app.tidalcyber.com/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]</sup><sup>[[BlackBerry_FIN7_April2024](https://app.tidalcyber.com/references/e2b3c47b-12ef-5ba2-8456-0a4be08f27a6)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Carbanak](https://app.tidalcyber.com/references/2f7e77db-fe39-4004-9945-3c8943708494)]</sup>","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"df9491fd-5e24-4548-8e21-1268dce59d1f","name":"Carberp","type":"malware","source":"MITRE","software_attack_id":"S0484","tidal_id":"86ea3d2c-62cb-5718-b948-cff45d8df7c4","created":"2020-07-15T19:48:35.063000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"61f5d19c-1da2-43d1-ab20-51eacbca71f2","name":"Carbon","type":"malware","source":"MITRE","software_attack_id":"S0335","tidal_id":"b7caf4d8-98bb-5775-964b-7275f758edb7","created":"2019-01-29T19:36:02.103000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Carbon Mar 2017](https://app.tidalcyber.com/references/5d2a3a81-e7b7-430d-b748-b773f89d3c77)]</sup><sup>[[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"35b90023-4a7b-5d2f-b18a-f22f50b075ca","name":"CarbonSteal","type":"malware","source":"Mobile","software_attack_id":"S0529","tidal_id":"35b90023-4a7b-5d2f-b18a-f22f50b075ca","created":"2026-01-28T13:08:09.937447Z","modified":"2026-01-28T13:08:09.937452Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"fa23acef-3034-43ee-9610-4fc322f0d80b","name":"Cardinal RAT","type":"malware","source":"MITRE","software_attack_id":"S0348","tidal_id":"c810a923-8577-5b46-a934-b1040f7e25a3","created":"2019-01-30T16:39:53.573000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6460db6b-a325-4aa5-825f-33cef1caba53","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"84bb4068-b441-435e-8535-02a458ffd50b","name":"CARROTBALL","type":"tool","source":"MITRE","software_attack_id":"S0465","tidal_id":"d307dd6d-8c9f-588d-92c3-2967cf99c0ac","created":"2020-06-02T19:10:29.513000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"751bb3f7-1937-490e-903d-6bc03e535835","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"aefa893d-fc6e-41a9-8794-2700049db9e5","name":"CARROTBAT","type":"malware","source":"MITRE","software_attack_id":"S0462","tidal_id":"26a1c0d8-821a-538f-9a4f-d9a49db90fbd","created":"2020-06-02T14:11:40.581000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"40fbdaf6-6df7-42e0-9a87-e1dbb0d635e1","name":"CastleLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3771","tidal_id":"53f759a1-0423-5a41-8d65-325d8c18bbae","created":"2025-12-17T14:18:52.535717Z","modified":"2025-12-17T14:18:52.535721Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3172","group_id":"1678d6dc-8e4f-4edc-8360-802985bd7846","name":"GrayBravo","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3173","group_id":"7e4dd0e2-4fa0-4dd5-ad0e-41aa9effe8bf","name":"TAG-160","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3174","group_id":"6bc7e9b9-dac0-4223-8761-0a9b6033426b","name":"TAG-161","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b9f1a47c-2c35-4504-9f35-d6a66f9dfef9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a47fa2ca-f3f7-46c3-963c-0bfabbf87b03","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"860b3448-4eca-460b-83d5-60b7c855948d","name":"CastleRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3772","tidal_id":"61a21b6b-e674-57be-8af4-e2fbaf32918b","created":"2025-12-17T14:18:52.689481Z","modified":"2025-12-17T14:18:52.689485Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3172","group_id":"1678d6dc-8e4f-4edc-8360-802985bd7846","name":"GrayBravo","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7e4c4734-3951-418a-8521-30e9f604811d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"50e9653a-32aa-4064-b930-da19f838e7d9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8eb8ec5f-5752-5560-a14d-c37be10fd810","name":"CASTLETAP","type":"malware","source":"MITRE","software_attack_id":"S1224","tidal_id":"8eb8ec5f-5752-5560-a14d-c37be10fd810","created":"2025-10-29T21:08:48.110547Z","modified":"2025-10-29T21:08:48.110548Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Fortinet Zero Day](https://app.tidalcyber.com/references/7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7)]</sup>","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7b615205-1036-49d3-b6d9-9fbd052e0ef0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"69619134-9bd2-4aa4-a06e-23910a0d9983","name":"CASTLETAP","type":"malware","source":"Trellix TIG","software_attack_id":"S3400","tidal_id":"f27afe5b-5876-5825-8160-b265e8bbf01f","created":"2025-04-11T15:06:36.422956Z","modified":"2025-04-11T15:06:36.422959Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"24b00bc1-7815-42ba-ab5b-37633ce77815","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"6f22f232-f96f-44df-a4ee-be510d5fe080","name":"cat","type":"tool","source":"Trellix TIG","software_attack_id":"S3421","tidal_id":"334cad54-8aa2-5e60-b273-28f186ce8816","created":"2025-04-11T15:06:44.888426Z","modified":"2025-04-11T15:06:44.888430Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0b3a4d14-2dd2-492c-add6-24453939a9af","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"04deccb5-9850-45c3-a900-5d7039a94190","name":"Catchamas","type":"malware","source":"MITRE","software_attack_id":"S0261","tidal_id":"5d4d0c6a-cef6-536a-8e1e-99aafb57ae27","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Thrip June 2018](https://app.tidalcyber.com/references/482a6946-b663-4789-a31f-83fb2132118d)]</sup>","group_attack_id":"G0076","group_id":"a3b39b07-0bfa-4c69-9f01-acf7dc6033b4","name":"Thrip","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ee88afaa-88bc-4c20-906f-332866388549","name":"Caterpillar WebShell","type":"malware","source":"MITRE","software_attack_id":"S0572","tidal_id":"029abcc0-f288-54c0-9c17-3d96c894b805","created":"2021-02-10T18:20:51.309000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ClearSky Lebanese Cedar Jan 2021](https://app.tidalcyber.com/references/53944d48-caa9-4912-b42d-94a3789ed15b)]</sup><sup>[[CheckPoint Volatile Cedar March 2015](https://app.tidalcyber.com/references/a26344a2-63ca-422e-8cf9-0cf22a5bee72)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c0541811-a261-4d62-8a63-363abd93e3de","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"73ff6a0c-12fd-43d6-b2ea-2949a7f748b1","name":"CBROVER","type":"malware","source":"Tidal Cyber","software_attack_id":"S3172","tidal_id":"b108c34c-9058-59a5-ac88-53e73a445573","created":"2024-09-13T19:21:23.895356Z","modified":"2024-09-13T19:21:23.895359Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5895e61a-119e-471d-be9a-282365b7f029","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"191279c6-9c73-4146-8406-ed8002487c17","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8babce25-4902-4ef9-98b9-9ee4ae971aec","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7664bfa5-8477-4903-9103-1144113fca36","name":"CC-Attack","type":"malware","source":"Tidal Cyber","software_attack_id":"S3085","tidal_id":"ce2b2f08-3aac-53c5-8862-68bf3a855330","created":"2023-10-10T20:48:50.157628Z","modified":"2023-10-10T20:48:50.157635Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Flashpoint Glossary Killnet](/references/502cc03b-350b-4e2d-9436-364c43a0a203)]</sup>","group_attack_id":"G3022","group_id":"35fb7663-5c5d-43fe-a507-49612aa7960e","name":"Killnet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3aca5c62-0fc4-46af-829e-2cbc60a11c4e","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":"TidalCyberIan"},{"id":"4eb0720c-7046-4ff1-adfd-ae603506e499","name":"CCBkdr","type":"malware","source":"MITRE","software_attack_id":"S0222","tidal_id":"15467150-06ce-5250-ae7b-10f771de8e00","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"753e294b-959a-4b18-a3be-631674b1280f","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"}],"owner_name":null},{"id":"e00c2a0c-bbe5-4eff-b0ad-b2543456a317","name":"ccf32","type":"malware","source":"MITRE","software_attack_id":"S1043","tidal_id":"9a3ab6e6-17c9-57b6-9d9e-1810a6409e8e","created":"2022-09-22T20:11:10.003000Z","modified":"2022-10-10T19:47:44.529000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d1f9aebd-7262-4c87-b2e3-a0b533b012af","name":"CCleaner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3614","tidal_id":"01ffbbf6-c21f-57a8-b34b-b9617e4f190a","created":"2025-10-24T16:13:49.460418Z","modified":"2025-10-24T16:13:49.460421Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 BlackSuit October 14 2025](/references/5edcf0bf-1cd2-4f22-9d3c-be8eb1befda0)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"dce7f32f-60ea-432a-b3ac-57bfbf4b0dc4","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f0ad01d0-0e21-4e70-83e0-cab0f5354a6a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1c88ce6e-51b3-408d-a4c2-7781f5c1d9ae","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"65ea5aeb-36c1-5ce1-a4ef-01167ab659ca","name":"cd00r","type":"malware","source":"MITRE","software_attack_id":"S1204","tidal_id":"65ea5aeb-36c1-5ce1-a4ef-01167ab659ca","created":"2025-04-22T20:46:56.001409Z","modified":"2025-04-22T20:46:56.001414Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"ef2fc77a-db9d-468d-9ff4-7dfede718c35","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d9ea2696-7c47-44cd-8784-9aeef5e149ea","name":"Cdb","type":"tool","source":"Tidal Cyber","software_attack_id":"S3329","tidal_id":"e9bbfd12-d699-5225-81e8-e6ebab5a02c6","created":"2024-01-12T14:48:28.403236Z","modified":"2024-01-12T14:48:28.403240Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a7d02c33-3654-4335-978b-749a0f2e37db","name":"WinDbg","description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","source":"USER","associated_software_id":"d7c0308d-b35f-4a1e-a0a2-784250b63725","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"0b731b6d-60a7-4944-bf04-834591161b22","name":"Cdb.exe","description":"<sup>[[Cdb.exe - LOLBAS Project](/references/e61b035f-6247-47e3-918c-2892815dfddf)]</sup>","source":"Tidal Cyber","associated_software_id":"4e9c6329-2df3-4815-bf21-8f18de3046b0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3179","group_id":"66b0f5f6-3377-4f5d-ac79-605dad9221f1","name":"Ink Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"70373ef5-f513-4a68-abe8-e54c8aa4671e","tag":"4479b9e9-d912-451a-9ad5-08b3d922422d"},{"id":"7b4fe5b8-8ab5-47ce-8cab-9719eed99594","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ce87fee3-9dc3-4c52-ab48-0f908b8cefc7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"338fb787-a89f-46f6-9146-947364d32147","name":"CDBLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3800","tidal_id":"48ffe5da-d36f-5c63-b7da-36795a3c4452","created":"2025-12-24T14:57:26.844922Z","modified":"2025-12-24T14:57:26.844926Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3179","group_id":"66b0f5f6-3377-4f5d-ac79-605dad9221f1","name":"Ink Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"03c42c25-1cff-4a1f-a76c-88ee16a4f2f0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a6ba66d6-112c-46e0-aef3-68cbae6b7a6a","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"fcb4798a-32e7-4aea-870c-638d770e5e95","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0b9ec92a-21f6-4842-b158-3f51dd9518e5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0dc7a5a5-c304-40bb-87d7-c0f77dd84b29","name":"CDumper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3158","tidal_id":"17603216-073c-5681-959a-10758a445596","created":"2024-09-04T12:51:11.836445Z","modified":"2024-09-04T12:51:11.836449Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"01a1b020-8380-43d5-a24b-0801bc1c2c9b","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"017e3e4b-a5a2-4d81-b682-ecb77dac2866","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ff5d669c-0f18-48da-8cfc-560036d55d17","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4dc99c3a-fbf1-479f-96da-de7dabf509bd","name":"CE-Notes","type":"malware","source":"Tidal Cyber","software_attack_id":"S3725","tidal_id":"3c5c184b-498d-564a-b8ac-0db18fb22a44","created":"2025-12-10T14:15:00.767755Z","modified":"2025-12-10T14:15:00.767758Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"18a6e638-3b7b-4f47-9158-a53a848c761f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f99617fa-5594-4816-bd1f-3968f9725c79","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e2886cf9-3145-4020-8365-02834e76924b","name":"Cephalus Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3545","tidal_id":"70bf31a2-2d20-5f67-b7d3-3cbb501bca19","created":"2025-09-15T19:14:00.631297Z","modified":"2025-09-15T19:14:00.631302Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[huntress.com August 21 2025](/references/ff3cc4e2-ff9b-40e5-a5e1-af6fc14ccb67)]</sup>","group_attack_id":"G3125","group_id":"4f797580-fff2-4f5c-a5d2-bffeaced17e4","name":"Cephalus Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7ae5a4e9-8388-4216-9c6b-930115a7d8d1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"723f0012-bb30-41af-ba21-fb7cdb6b9532","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fa2e93f5-14e8-5a09-9856-19eac70daf68","name":"Cerberus","type":"malware","source":"Mobile","software_attack_id":"S0480","tidal_id":"fa2e93f5-14e8-5a09-9856-19eac70daf68","created":"2026-01-28T13:08:09.937474Z","modified":"2026-01-28T13:08:09.937475Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"34e1c197-ac43-4634-9a0d-9148c748f774","name":"CertOC","type":"tool","source":"Tidal Cyber","software_attack_id":"S3197","tidal_id":"6cb9645a-93d7-50f4-bffa-a1e1792325cf","created":"2024-01-12T14:47:42.836335Z","modified":"2024-01-12T14:47:42.836339Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fbc3a6a8-5031-4aa5-8514-efbad5f87d4b","name":"CertOC.exe","description":"<sup>[[CertOC.exe - LOLBAS Project](/references/b906498e-2773-419b-8c6d-3e974925ac18)]</sup>","source":"Tidal Cyber","associated_software_id":"53a36e49-d37d-4572-9f4c-f738db27d9a5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"095cb0cb-035f-485a-b083-6348457141bd","tag":"fb909648-ee44-4871-abe6-82c909c4d677"},{"id":"a7861512-f357-4830-a074-ba41cf87ca49","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c7fb849e-41ef-46d7-8071-90479efd1eda","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"43050f80-ce28-49e3-aac6-cb3f4a07f4b4","name":"CertReq","type":"tool","source":"Tidal Cyber","software_attack_id":"S3198","tidal_id":"3352bb62-aabb-5b95-9239-97fe2bdb2418","created":"2024-01-12T14:47:43.205943Z","modified":"2024-01-12T14:47:43.205947Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"179f9b33-8cc6-489f-9239-e16cb337b1a1","name":"CertReq.exe","description":"<sup>[[CertReq.exe - LOLBAS Project](/references/be446484-8ecc-486e-8940-658c147f6978)]</sup>","source":"Tidal Cyber","associated_software_id":"e15e8ff8-4ca9-4c89-9a3a-b89e41623204","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d2e25202-6362-45e3-b847-917c511c5bfb","tag":"35a798a2-eaab-48a3-9ee7-5538f36a4172"},{"id":"9b845a97-62eb-40a4-ae3d-edcae3bec3c2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"50e7d948-7cd2-4ee8-9c45-55972f50b60f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2fe21578-ee31-4ee8-b6ab-b5f76f97d043","name":"certutil","type":"tool","source":"MITRE","software_attack_id":"S0160","tidal_id":"71bf3d57-4a1c-55ae-89b0-fc0a968c2a55","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dc2187c3-8ad1-4d87-9c76-2618db516ec0","name":"certutil.exe","description":"","source":"MITRE","associated_software_id":"9d959b69-ce56-418b-b074-90d83062ca28","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Accenture Hogfish April 2018](https://app.tidalcyber.com/references/c8e9fee1-9981-499f-a62f-ffe59f4bb1e7)]</sup><sup>[[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)]</sup><sup>[[Symantec Cicada November 2020](https://app.tidalcyber.com/references/28a7bbd8-d664-4234-9311-2befe0238b5b)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 Sofacy Feb 2018](https://app.tidalcyber.com/references/0bcc2d76-987c-4a9b-9e00-1400eec4e606)]</sup><sup>[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](https://app.tidalcyber.com/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Huntress September 15 2025](/references/14473272-5941-4ebb-8ea7-5521f6a9a283)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"[Medusa Group](https://app.tidalcyber.com/groups/5dd29b96-60b6-5c98-8fc0-510502c700b0) has utilized [certutil](https://app.tidalcyber.com/software/2fe21578-ee31-4ee8-b6ab-b5f76f97d043) to download additional tools within victim environments.<sup>[[CISA Medusa Group Medusa Ransomware March 2025](https://app.tidalcyber.com/references/fe6f032e-11f3-5d6d-9a65-e5fc54cb2779)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Sygnia Elephant Beetle Jan 2022](https://app.tidalcyber.com/references/932897a6-0fa4-5be3-bf0b-20d6ddad238e)]</sup>","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [certutil](https://app.tidalcyber.com/software/2fe21578-ee31-4ee8-b6ab-b5f76f97d043) during operations.<sup>[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]</sup>","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup><sup>[[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Malwarebytes Higaisa 2020](https://app.tidalcyber.com/references/6054e0ab-cf61-49ba-b7f5-58b304477451)]</sup><sup>[[PTSecurity Higaisa 2020](https://app.tidalcyber.com/references/cf8f3d9c-0d21-4587-a707-46848a15bd46)]</sup>","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8338d95e-0be1-4684-8029-d460818f4713","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"36483b6e-d1ef-4e27-8044-4ec38f2fc478","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9ecefaf6-d107-49cf-bbab-5eaf49421920","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"60f50378-a1d7-4904-b819-b9aad9d314ca","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"70f84d99-d26d-406a-8db3-7de422eab4f6","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"616b67a6-429c-47b2-94ef-cf7b925871c8","tag":"412da5b4-fb41-40fc-a29a-78dc9119aa75"},{"id":"9716b542-510f-4417-bd56-b51f2e1aa1a2","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"92f421a8-90ca-4d44-a7c1-174c52fc6258","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"1bac76c8-9107-4659-92f2-4554a66515e0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fd715b3a-e0d9-4c9c-b382-015137aa1526","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"4e86a5ed-cac4-407e-b3d6-1baf997486ce","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f736f909-a228-4090-a538-a4581dddc5cc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"49d95f18-8461-4d38-af36-7eef03ae1aaf","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"d4267e8f-fece-44a7-b965-c1aca29efb7f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"0c8efcd0-bfdf-4771-8754-18aac836c359","name":"Chaes","type":"malware","source":"MITRE","software_attack_id":"S0631","tidal_id":"b33871ff-68c0-5428-89a5-0f35c3276980","created":"2021-06-30T16:13:40.232000Z","modified":"2021-10-12T21:51:39.986000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"48f84497-4ae6-47b9-a1cb-f469a256e35f","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"7a6105a0-11e7-4df5-a31d-ea39faf19136","name":"ChainLine","type":"malware","source":"Trellix TIG","software_attack_id":"S3473","tidal_id":"b0384aeb-16c9-5762-a6f9-37347d8ebd3b","created":"2025-04-11T15:06:54.567645Z","modified":"2025-04-11T15:06:54.567649Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b4924037-8896-461a-9546-23bb54731d1b","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"38750918-3f0e-5e69-a4eb-542c6cbc3dee","name":"Chameleon","type":"malware","source":"Mobile","software_attack_id":"S1083","tidal_id":"38750918-3f0e-5e69-a4eb-542c6cbc3dee","created":"2026-01-28T13:08:09.937865Z","modified":"2026-01-28T13:08:09.937867Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"cbca9c9a-c511-40dd-a9f5-208fce8f4a5c","name":"Change","type":"tool","source":"Tidal Cyber","software_attack_id":"S3857","tidal_id":"71dfa2c6-3188-511f-852b-9a118660973b","created":"2026-01-06T18:05:03.449649Z","modified":"2026-01-06T18:05:03.449653Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8fe398b6-7ae1-48f6-8151-8d457cea5123","name":"Change.exe","description":"<sup>[[Change.exe - LOLBAS Project](/references/0453d07a-e6f5-496b-b90d-006d3c081fad)]</sup>","source":"USER","associated_software_id":"2f5dce69-0cbf-4bd8-bc75-73c821c977ef","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fcde7399-b81c-419d-a42c-4253f8d5b032","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"92c88765-6b12-42cd-b1d7-f6a65b2236e2","name":"Chaos","type":"malware","source":"MITRE","software_attack_id":"S0220","tidal_id":"21a442b9-30f5-5f79-8cf0-556c41418c31","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"d1a32e00-2ecf-4b9d-949b-b6fd73a22a92","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8a9b9a8c-f26f-4c38-888f-3c020168b148","name":"Chaos Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3588","tidal_id":"28569e50-8b75-5199-b3d4-965b8d3f7f6a","created":"2025-10-13T17:29:24.563188Z","modified":"2025-10-13T17:29:24.563191Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"85779b30-a6c9-47f2-b454-63c772c39336","name":"Lucky_Gh0$t","description":"<sup>[[Fortinet Blog October 08 2025](/references/b032fa1a-0876-43af-b5af-b109f5ff1449)]</sup>","source":"USER","associated_software_id":"07c58ac3-a6d7-4749-b085-5a735ac8f419","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"71ac8d78-fd49-4309-bcee-077daf7c1351","name":"BlackSnake","description":"<sup>[[Fortinet Blog October 08 2025](/references/b032fa1a-0876-43af-b5af-b109f5ff1449)]</sup>","source":"USER","associated_software_id":"1d7644b9-2983-41fe-b483-395404ae728d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c4e2dd6f-aa68-45b5-96b7-6ef7e811f29e","name":"Chaos-C++","description":"<sup>[[Fortinet Blog October 08 2025](/references/b032fa1a-0876-43af-b5af-b109f5ff1449)]</sup>","source":"USER","associated_software_id":"12e0b3d2-d37d-4f29-bbbf-406ece604093","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f569cee5-705a-4aef-a4fa-a82603149d52","name":"Chaos-C++_type3","description":"<sup>[[Fortinet Blog October 08 2025](/references/b032fa1a-0876-43af-b5af-b109f5ff1449)]</sup>","source":"USER","associated_software_id":"0ded1f78-ff2b-49a2-984f-32947ad79e90","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"23206dd9-45b3-45c6-8d9c-50b744909a61","name":"Chaos_2021","description":"<sup>[[Fortinet Blog October 08 2025](/references/b032fa1a-0876-43af-b5af-b109f5ff1449)]</sup>","source":"USER","associated_software_id":"faecdea4-8feb-4255-b311-c3fd9d987673","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"5f5c9f81-cac0-4e7b-9659-dccac479dca2","name":"Chaos-C++_type2","description":"<sup>[[Fortinet Blog October 08 2025](/references/b032fa1a-0876-43af-b5af-b109f5ff1449)]</sup>","source":"USER","associated_software_id":"0ac8d991-a3f9-4bb2-af30-e411d0b8e42e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"b43056dd-3264-49e0-b63b-5a3555ba5881","name":"Chaos-C++_type1","description":"<sup>[[Fortinet Blog October 08 2025](/references/b032fa1a-0876-43af-b5af-b109f5ff1449)]</sup>","source":"USER","associated_software_id":"3236cba7-8c74-4fd6-a1c3-7317d7048c20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3129","group_id":"b8d85288-faf3-4db5-924e-34e37c96eb68","name":"Chaos","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"16361a10-c1df-4f6b-b60d-6d38f63a250b","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"e9f72b5a-6a19-41d1-ae67-b5442dfaf5f7","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"666a1c30-5af7-4726-ad54-70b0718be5c0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"51a4ad02-ddde-4835-b5e1-37bf462c4f9a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ccd88643-555e-5153-aa35-bd76b66090ae","name":"Charger","type":"malware","source":"Mobile","software_attack_id":"S0323","tidal_id":"ccd88643-555e-5153-aa35-bd76b66090ae","created":"2026-01-28T13:08:09.938989Z","modified":"2026-01-28T13:08:09.938990Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b1e3b56f-2e83-4cab-a1c1-16999009d056","name":"CharmPower","type":"malware","source":"MITRE","software_attack_id":"S0674","tidal_id":"93447577-c4a0-5b8f-9c05-1bb93ec10660","created":"2022-01-24T16:56:36.108000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point APT35 CharmPower January 2022](https://app.tidalcyber.com/references/81dce660-93ea-42a4-902f-0c6021d30f59)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"00aed22d-bf92-4a65-bd37-5c7b5a1ccca6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"b349b8e5-8093-4380-9903-6933f97de778","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"3f2283ef-67c2-49a3-98ac-1aa9f0499361","name":"ChChes","type":"malware","source":"MITRE","software_attack_id":"S0144","tidal_id":"be24838b-9f23-58bd-98a6-dda49bc1e8c7","created":"2017-05-31T21:33:22.451000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9ee89ef4-89b7-48c8-ba66-881269735924","name":"HAYMAKER","description":"Based on similarities in reported malware behavior and open source reporting, it is assessed that the malware named HAYMAKER by FireEye is likely the same as the malware ChChes. <sup>[[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]</sup> <sup>[[Twitter Nick Carr APT10](https://app.tidalcyber.com/references/0f133f2c-3b02-4b3b-a960-ef6a7862cf8f)]</sup>","source":"MITRE","associated_software_id":"c65b2f44-b691-46e9-90da-2014a929ab35","owner_id":null,"owner_name":null},{"id":"846bba3c-1b5c-4ee7-a31c-d58080beec72","name":"Scorpion","description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","source":"MITRE","associated_software_id":"0b494f14-2546-4b8f-b688-9472f7e8dc7d","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ecf91914-6c5a-4f9f-834b-ab8f2de39c88","name":"chcon","type":"tool","source":"Trellix TIG","software_attack_id":"S3442","tidal_id":"d476427d-7bae-5825-95b8-74b75f561628","created":"2025-04-11T15:06:48.864813Z","modified":"2025-04-11T15:06:48.864817Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c8a0da8c-4edc-4f72-9760-4507262b6592","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"bb5cbc64-4f34-49e6-88c0-bf844777cbbe","name":"Checkmarks","type":"malware","source":"Tidal Cyber","software_attack_id":"S3461","tidal_id":"5a1d0bf5-63ff-5972-98d1-59be0424fb2c","created":"2025-04-08T16:39:02.093636Z","modified":"2025-04-08T16:39:02.093642Z","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"eaa63dc4-58e0-4787-ac7f-e35b86c57f94","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"9c37032d-e852-4d7a-84e6-241959328611","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"d08be099-8674-4826-bd10-36f93c206b85","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"3508fff7-6ff0-4de0-8c99-36b4ab1d2433","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"8bc055ae-c592-411a-b5cc-5dd8f91fbce7","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"05a322b8-5964-4337-a487-b615bc3f0efc","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fd677935-b9b4-4d5d-a0ae-2a160b37c1c1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6475bc8c-b95d-5cb3-92f0-aa7e2f18859a","name":"Cheerscrypt","type":"malware","source":"MITRE","software_attack_id":"S1096","tidal_id":"4b9b304b-9ea4-5366-9ae5-d1d9c81d58af","created":"2024-04-25T13:28:19.056133Z","modified":"2024-04-25T13:28:19.056136Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)]</sup><sup>[[Trend Micro Cheerscrypt May 2022](https://app.tidalcyber.com/references/ca7ccf2c-37f3-522a-acfb-09daa16e23d8)]</sup>","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"40a76f53-b0c5-4247-b16b-46373b108ce9","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"}],"owner_name":null},{"id":"716a55f6-c2ac-5e8f-ba4b-64140083e996","name":"CHEMISTGAMES","type":"malware","source":"Mobile","software_attack_id":"S0555","tidal_id":"716a55f6-c2ac-5e8f-ba4b-64140083e996","created":"2026-01-28T13:08:09.938583Z","modified":"2026-01-28T13:08:09.938585Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[CYBERWARCON CHEMISTGAMES](https://app.tidalcyber.com/references/8adfb6ce-6342-53a7-a993-a3cd6f2429d8)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"ffe8bcd0-4538-5990-b13f-d97f87f56f96","name":"CherryBlos","type":"malware","source":"Mobile","software_attack_id":"S1225","tidal_id":"ffe8bcd0-4538-5990-b13f-d97f87f56f96","created":"2026-01-28T13:08:09.938056Z","modified":"2026-01-28T13:08:09.938057Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2fd6f564-918e-4ee7-920a-2b4be858d11a","name":"Cherry Picker","type":"malware","source":"MITRE","software_attack_id":"S0107","tidal_id":"3c1342b9-0c43-55b8-a7e4-86fcf0dc678b","created":"2017-05-31T21:33:05.710000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"966f4b5c-e5f3-598e-9ac0-a5174c56827b","name":"CHIMNEYSWEEP","type":"malware","source":"MITRE","software_attack_id":"S1149","tidal_id":"966f4b5c-e5f3-598e-9ac0-a5174c56827b","created":"2024-10-31T16:28:03.911867Z","modified":"2024-10-31T16:28:03.911870Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"90613e4e-43c5-4ac5-aa73-f61df5c72049","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"723c5ab7-23ca-46f2-83bb-f1d1e550122c","name":"China Chopper","type":"malware","source":"MITRE","software_attack_id":"S0020","tidal_id":"37648f0c-8b20-50f8-b1eb-e8942f3acb45","created":"2017-05-31T21:32:18.315000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) used the `China Chopper` web shell as a persistence mechanism on compromised Microsoft Exchange servers.<sup>[[apt41_dcsocytec_dec2022](https://app.tidalcyber.com/references/fad90e96-93fd-59bd-970e-f0b37cac331d)]</sup><sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup><sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup><sup>[[Accenture MUDCARP March 2019](https://app.tidalcyber.com/references/811d433d-27a4-4411-8ec9-b3a173ba0033)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Mustang Panda](https://app.tidalcyber.com/groups/4a4641b1-7686-49da-8d83-00d8013f4b47) has used [China Chopper](https://app.tidalcyber.com/software/723c5ab7-23ca-46f2-83bb-f1d1e550122c) web shells to maintain access to victims’ environments.<sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]</sup><sup>[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]</sup><sup>[[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)]</sup><sup>[[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Volexity Exchange Marauder March 2021](https://app.tidalcyber.com/references/ef0626e9-281c-4770-b145-ffe36e18e369)]</sup><sup>[[FireEye Exchange Zero Days March 2021](https://app.tidalcyber.com/references/5e5452a4-c3f5-4802-bcb4-198612cc8282)]</sup><sup>[[Rapid7 HAFNIUM Mar 2021](https://app.tidalcyber.com/references/cf05d229-c2ba-54f2-a79d-4b7c9185c663)]</sup>","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA20-259A Iran-Based Actor September 2020](https://app.tidalcyber.com/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup><sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]</sup>","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky ToddyCat June 2022](https://app.tidalcyber.com/references/285c038b-e5fc-57ef-9a98-d9e24c52e2cf)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3c3ceafb-0dbd-4451-b1c2-6423a94528f8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0467c32c-ed91-4621-98b5-40d2d200e848","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"7c36563a-9143-4766-8aef-4e1787e18d8c","name":"Chinoxy","type":"malware","source":"MITRE","software_attack_id":"S1041","tidal_id":"9fe6cc2b-e8e8-5d2b-aca0-e77fb2c5ae36","created":"2022-09-21T16:46:22.726000Z","modified":"2022-10-10T19:58:31.652000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"bd2b2375-4f16-42b2-a862-959b5b41c2af","name":"Chisel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3087","tidal_id":"89109672-aab8-50e5-91e2-8548ee03453f","created":"2023-10-20T15:14:22.507835Z","modified":"2023-10-20T15:14:22.507841Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e9e85cc5-71d7-4ba0-a212-463ece05aba8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"0343a0b9-cb18-45a8-8312-3be07f95dcc1","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"2a556218-6034-4f35-8189-99b7408f1cec","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"5e457a83-a73d-43ae-ab35-e450b24ae477","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0aec5371-5c35-47b7-8885-7ef8c00da659","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"67c9da16-3b83-4281-8300-ed6ac86db8fc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"606933fe-727c-4c86-b381-4b4d6bd1fd37","name":"chmod","type":"tool","source":"Trellix TIG","software_attack_id":"S3417","tidal_id":"a5656f54-6aaf-5da2-a628-b49e771cdb39","created":"2025-04-11T15:06:44.232592Z","modified":"2025-04-11T15:06:44.232596Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"5a13032e-9153-437e-9c9e-36b1f11e03af","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7a2b00ef-8a37-4901-bf0c-17da0ebf3d69","name":"Chocolatey","type":"tool","source":"Tidal Cyber","software_attack_id":"S3030","tidal_id":"52783437-d826-5cb8-8989-29ffd26cf0c3","created":"2023-08-18T18:56:19.731165Z","modified":"2023-08-18T18:56:19.731173Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"65913b46-4c5f-40bb-9436-ac482e045915","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"1bea2839-e5a2-423e-ac07-14b87e74acce","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"851dfa9d-c2be-414b-a337-844839af82a1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"fccc6f9c-3ada-41d1-9fd6-c4530be630d8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"84be644e-71fc-4644-a9d5-7e7ebb08147f","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"80f90907-15c2-4ac2-a20b-ad4e575ece01","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"f831d290-7966-4e4f-b43e-da5bf436aec3","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"602023d7-f5b5-465e-bf6b-f428e3ce183e","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"eaa17213-80bd-4a94-9def-f9de6d5988fc","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e624bd04-6cdd-4774-a69c-2fe1231672c0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2af6ea37-5aaa-46e1-8551-d9b3deea45cb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"01c6c49a-f7c8-44cd-a377-4dfd358ffeba","name":"CHOPSTICK","type":"malware","source":"MITRE","software_attack_id":"S0023","tidal_id":"652371e1-f140-5ac3-914d-bf2dc48efa10","created":"2017-05-31T21:32:19.389000Z","modified":"2022-04-14T17:21:52.879000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f4762139-a9d6-4813-a6f8-168010eeec40","name":"X-Agent","description":"<sup>[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)]</sup> <sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup>","source":"MITRE","associated_software_id":"fabf19bb-0fc7-451c-8c69-4b6c706b4e3f","owner_id":null,"owner_name":null},{"id":"3f5b77e7-28ef-4e06-a2ba-d7188a5c4ab3","name":"Xagent","description":"<sup>[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)]</sup> <sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup>","source":"MITRE","associated_software_id":"ceb44e2f-ffbb-4316-90a2-f011a3dcad57","owner_id":null,"owner_name":null},{"id":"5df20e72-bf08-4a95-b81b-a5ea73905b3e","name":"SPLM","description":"<sup>[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)]</sup> <sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup>","source":"MITRE","associated_software_id":"14492dd1-4146-47ad-9ea0-5e6e934b625c","owner_id":null,"owner_name":null},{"id":"0e7b706f-c6c5-4ea2-8d35-581e9448f229","name":"Backdoor.SofacyX","description":"<sup>[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]</sup>","source":"MITRE","associated_software_id":"cbdaa2bf-7ffb-4e48-9e8e-c06b42199d44","owner_id":null,"owner_name":null},{"id":"4f9ad7bb-c277-4e1d-bf70-9711dbfa1334","name":"webhp","description":"<sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup>","source":"MITRE","associated_software_id":"472502d3-e94a-4045-a232-33733d6e30aa","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)]</sup><sup>[[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)]</sup><sup>[[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"24949e9f-0e6b-4726-83ee-4cbac2302a82","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"cdb9ae89-c9b8-4295-97d1-6a8f93f281ce","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f480ba1d-eda8-4938-bf70-9b10ff7fa562","name":"Chrome App-Bound Encryption Decryption","type":"tool","source":"Tidal Cyber","software_attack_id":"S3841","tidal_id":"12bc9a0c-31b6-532c-b2f9-bb57c3aa7059","created":"2025-12-29T17:41:07.398449Z","modified":"2025-12-29T17:41:07.398453Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6ee8717a-14e4-4de2-998e-30130b87d7f9","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"15ffdb77-507c-4c02-bece-5c1e953e5147","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"918d97bd-38d5-4945-b274-73afebc0ba94","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b1131fe1-cd63-4221-a8a1-748753674520","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"270dafd4-e13b-4fa5-aba7-ec0a0877e30d","name":"Chrome Audio Capture (malicious variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3888","tidal_id":"51342186-582c-5432-aef7-17593bf11420","created":"2026-01-06T18:05:08.626023Z","modified":"2026-01-06T18:05:08.626027Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.koi.ai January 05 2026](/references/5da3facd-7bd9-4a02-843a-ad4b3fa273d7)]</sup>","group_attack_id":"G3190","group_id":"d2ed88a2-5514-4336-bda7-770dbe4fd451","name":"DarkSpectre","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"eae2c814-9f72-4d4b-8313-544097221554","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"2e9f43bc-70ec-4758-96bc-eebb784f0e40","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"3fb3db8d-c44d-48da-92b4-cdedd4a20ced","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"73bebf97-5dc3-4a11-bddd-cb9c80f09f2b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"43450547-a0a8-4a24-ad3d-62dfb741cdd5","name":"ChromElevator","type":"tool","source":"Tidal Cyber","software_attack_id":"S3718","tidal_id":"239fce1c-0c33-5c82-804e-44617acf9d77","created":"2025-12-10T14:14:59.305851Z","modified":"2025-12-10T14:14:59.305855Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ENKI Kimsuky KimJongRAT November 21 2025](/references/e060d834-1dfa-4451-b921-7aa26a2ffa30)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3dbe0fec-5bfc-4cbf-b0be-e9bcf990feb0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"db52e0c4-ab06-435f-a100-06bf2837015c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1523b0d7-9c95-4f39-a23b-7ca347748dc6","name":"ChromeLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3386","tidal_id":"880e5d85-7952-574b-ae75-62f0621db24e","created":"2024-09-27T17:01:39.050487Z","modified":"2024-09-27T17:01:39.050491Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eae5642b-4ade-45c5-b088-1d0979a79861","name":"CS_installer","description":"<sup>[[VMware Chromeloader September 19 2022](/references/5c2985f1-2d80-488b-ab63-fbd56aba229b)]</sup>","source":"Tidal Cyber","associated_software_id":"67584385-7500-4134-9f7f-835e951da175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"04e3bd5f-3de7-4c9d-a6bb-870f780e8b63","name":"AdSearch","description":"<sup>[[Red Canary TDR ChromeLoader](/references/bcfe9d10-11fe-4241-8262-bce07e8a11c1)]</sup>","source":"Tidal Cyber","associated_software_id":"39300828-6733-4cd3-b09b-0735e00d9985","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Red Canary March 18 2024](/references/a86131cd-1a42-4222-9d39-221dd6e054ba)]</sup>","group_attack_id":"G3055","group_id":"6d23e83f-fd4f-4802-bd01-daff7348741d","name":"Charcoal Stork","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3b2ecc9d-816b-4414-8484-e7ae8f555368","tag":"9775efc2-e8ac-47de-bd2a-bb08202b48fd"},{"id":"1d7f877f-dd78-40aa-9494-b062a2b0495f","tag":"707e8a2b-e223-4d99-91c2-43de4b4459f6"},{"id":"1f4bb25a-d4ae-4ca6-9ecc-bcdc4e86fa1f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c7e6e1f7-3628-41bb-829c-ce83c2139cdc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1f91e89f-5e64-44c2-86e5-b10d3e134688","name":"Chrome Remote Desktop","type":"tool","source":"Tidal Cyber","software_attack_id":"S3507","tidal_id":"d0fe1226-1e3a-5a44-b73b-d7801be58e1e","created":"2025-07-08T16:59:11.576064Z","modified":"2025-07-08T16:59:11.576067Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Palo Alto Unit 42 North Korean IT Workers 2024](/references/61819211-7260-53c1-833e-eac36f209b0c)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"23b7f44d-b3d2-4c0f-b314-afe5c831a21e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0d2bb5e4-26d5-4f3b-ae36-55bbc4d27559","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"8f723287-9709-444d-9d33-59ee583b5728","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"487e15f6-0b92-44b9-84c0-0bcc5eef1a3d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b3063af3-f446-4bc8-ac3a-593283c4d25a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fbd7bdae-1e35-459b-944d-87939b9bf824","name":"ChromeStealer Exfiltrator","type":"malware","source":"Tidal Cyber","software_attack_id":"S3959","tidal_id":"63aa08bb-c24f-56db-abed-705c19d2ed8b","created":"2026-01-23T20:31:08.374950Z","modified":"2026-01-23T20:31:08.374954Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"bfa3caa4-ca47-4054-b056-ee86d9aa8b42","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"d8ed944d-9e3c-43db-9fa3-8ca94d507193","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"6da809ce-c0ce-457d-9536-a5ba14a280ca","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"02854212-c41d-468c-b18f-a062fd4c8532","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"df77ed2a-f135-4f00-9a5e-79b7a6a2ed14","name":"Chrommme","type":"malware","source":"MITRE","software_attack_id":"S0667","tidal_id":"cac9766b-fe46-53a2-91b9-dea7ead66acd","created":"2021-12-01T18:36:54.260000Z","modified":"2022-05-04T22:38:46.222000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"21ce53f0-afbb-41e6-a215-2fe45c79cbde","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"a45b2ee6-43dd-47e8-9846-385a06c0c9ac","name":"Cicada3301","type":"malware","source":"Tidal Cyber","software_attack_id":"S3164","tidal_id":"0b63c0f9-d972-5843-a7fc-6bb2c7876eeb","created":"2024-09-06T15:14:34.468064Z","modified":"2024-09-06T15:14:34.468068Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Truesec AB August 30 2024](/references/de2de0a9-17d2-41c2-838b-7850762b80ae)]</sup>","group_attack_id":"G3051","group_id":"7a28cff6-80df-49e1-8457-a0305e736897","name":"Cicada3301 Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dac45060-c287-4729-a90a-626f77a13b72","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"f2fc74ea-ed6c-40fa-8b5a-2e8dd5252a48","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"fc1439b8-d4c5-4a98-b085-9ce596414df0","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"71e8e544-9285-48ea-8324-07eacf7d1e09","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5195401a-13fd-4a58-8887-69668321a2f8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"539af1f6-68b0-4f18-ab64-5476b167cc7c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3e6c08f5-1454-4e7f-adec-bf10397795e7","name":"Cipher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3475","tidal_id":"d8d4d6fe-1859-560f-b7b8-064194b7e97c","created":"2025-05-20T16:19:08.391415Z","modified":"2025-05-20T16:19:08.391420Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"425a0bab-585b-4f9f-adfd-22e819094d0b","name":"Cipher.exe","description":"<sup>[[Cipher.exe - LOLBAS Project](/references/3c8f87b6-655c-4e3b-ab0b-f626aac2afad)]</sup>","source":"Tidal Cyber","associated_software_id":"0c0eb8c0-c6c7-454c-a5b1-fc45ab5dc5d8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"aa49b178-b173-4e74-bc9b-90423c0f0b6a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c67fec05-d8cb-4b98-8a89-5d1819f18373","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3927db0c-407d-5f37-9acd-eb4dfa2c3381","name":"cipher.exe","type":"tool","source":"MITRE","software_attack_id":"S1205","tidal_id":"3927db0c-407d-5f37-9acd-eb4dfa2c3381","created":"2025-04-22T20:47:02.851068Z","modified":"2025-04-22T20:47:02.851072Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Picus Security February 14 2025](/references/efe72414-6e7e-42ad-8162-223558cb83cf)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Picus Security February 14 2025](/references/efe72414-6e7e-42ad-8162-223558cb83cf)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Nearest Neighbor Volexity](https://app.tidalcyber.com/references/25b312ea-0d7a-5f05-9db1-14bbab909317)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8523bb23-4a0b-4405-ae24-3be1a2d37aa8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"b9241e1e-f30b-5a86-8fb5-8b53655b8458","name":"Circles","type":"malware","source":"Mobile","software_attack_id":"S0602","tidal_id":"b9241e1e-f30b-5a86-8fb5-8b53655b8458","created":"2026-01-28T13:08:09.938827Z","modified":"2026-01-28T13:08:09.938828Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"703aa52a-afac-5932-82df-3041433ac68e","name":"CLAIMLOADER","type":"malware","source":"MITRE","software_attack_id":"S1236","tidal_id":"703aa52a-afac-5932-82df-3041433ac68e","created":"2025-10-29T21:08:48.110662Z","modified":"2025-10-29T21:08:48.110663Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[IBM MUSTANG PANDA PUBLOAD CLAIMLOADER JUNE 2025](https://app.tidalcyber.com/references/0ca87e7b-f32e-5265-9dba-c059d1ba92c6)]</sup><sup>[[2025_IBM_PUBLOAD_TONESHELL_HIUPAN_CLAIMLOADER_MUSTANG PANDA](https://app.tidalcyber.com/references/386af393-d4be-5590-9b9e-592d30d431f8)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4bac93bd-7e58-4ddb-a205-d99597b9e65e","name":"Clambling","type":"malware","source":"MITRE","software_attack_id":"S0660","tidal_id":"663fe403-a77f-5a93-9496-78903346cf34","created":"2021-11-12T20:54:55.974000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup><sup>[[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]</sup><sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"0be69dcd-9a9c-4f18-947c-e21286dd8c79","name":"Claude Code","type":"tool","source":"Tidal Cyber","software_attack_id":"S3631","tidal_id":"48162940-8ce0-588f-a8de-94c6aed18bde","created":"2025-11-19T17:45:39.086679Z","modified":"2025-11-19T17:45:39.086682Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"60d24f49-d043-4124-a6f1-ad0646cb3a77","name":"Claude","description":"<sup>[[Anthropic AI-Orchestrated Campaign November 13 2025](/references/a57a05ce-83d0-4cde-bacd-2b7281ba3833)]</sup>","source":"USER","associated_software_id":"a6074ee4-2f7f-4eae-9744-5cc2973e1c47","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Anthropic AI-Orchestrated Campaign November 13 2025](/references/a57a05ce-83d0-4cde-bacd-2b7281ba3833)]</sup>","group_attack_id":"G3149","group_id":"587d6063-8261-484b-b4d7-c8b42a8c4a62","name":"GTG-1002","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c02e1133-9970-46a8-a881-dfde46cca516","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4644b125-6266-4adc-97fa-45b035cac1db","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2329baf2-86d9-4937-bf70-df1da4af2a73","name":"ClickFix","type":"tool","source":"Tidal Cyber","software_attack_id":"S3685","tidal_id":"d2992346-6c16-5797-ac7a-1504d518ad0c","created":"2025-12-10T14:14:54.005210Z","modified":"2025-12-10T14:14:54.005214Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[eSentire November 13 2025](/references/f346f327-f0e4-4405-bf3c-c0723c23384f)]</sup>","group_attack_id":"G3155","group_id":"bd396d01-231e-4b59-ab3d-fbf1aceb2a26","name":"SheldIO","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"94580d92-f0b0-49b5-8272-3f8ac8185a54","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4b874c38-7a90-4785-be46-7b4a988ab8ce","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4bc36e22-6529-4a4a-a5d2-461f3925c5f3","name":"CL_Invocation","type":"tool","source":"Tidal Cyber","software_attack_id":"S3378","tidal_id":"3c110604-5ded-5e06-a522-7e688bfb60a0","created":"2024-01-12T14:48:46.966408Z","modified":"2024-01-12T14:48:46.966412Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"22caac14-075b-404d-a35c-d987cc9a62a1","name":"CL_Invocation.ps1","description":"<sup>[[CL_Invocation.ps1 - LOLBAS Project](/references/a53e093a-973c-491d-91e3-bc7804d87b8b)]</sup>","source":"Tidal Cyber","associated_software_id":"351a3856-6bc0-4712-923b-8e921785b95b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d624996a-d079-492c-a27a-f82b0b29f8fd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7eeeb427-9dd7-45c4-bd71-356323dc7090","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cb950179-334d-4bd9-9cfb-87b09d279a3b","name":"CL_LoadAssembly","type":"tool","source":"Tidal Cyber","software_attack_id":"S3376","tidal_id":"e775afbd-dfe5-5589-9084-e27bd669c5ed","created":"2024-01-12T14:48:46.230103Z","modified":"2024-01-12T14:48:46.230107Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a30c2c43-f823-466f-bfd4-45b2a58b2bec","name":"CL_LoadAssembly.ps1","description":"<sup>[[CL_LoadAssembly.ps1 - LOLBAS Project](/references/31a14027-1181-49b9-87bf-78a65a551312)]</sup>","source":"Tidal Cyber","associated_software_id":"9c4d1519-33eb-4280-aa2e-aca22b8e822c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0e2dda06-ba3a-4afa-a5cf-e8de06bbb7b6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"262df396-976b-410f-90c8-90ae8271a9b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3c63792a-1184-416e-aa9b-18da72e88327","name":"CL_Mutexverifiers","type":"tool","source":"Tidal Cyber","software_attack_id":"S3377","tidal_id":"03bec89b-2efe-5e68-8cb4-c2ef69c968d7","created":"2024-01-12T14:48:46.598615Z","modified":"2024-01-12T14:48:46.598619Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5c75fd56-0471-4dc0-9fb2-3dda8269e59d","name":"CL_Mutexverifiers.ps1","description":"<sup>[[CL_Mutexverifiers.ps1 - LOLBAS Project](/references/75b89502-21ed-4920-95cc-212eaf17f281)]</sup>","source":"Tidal Cyber","associated_software_id":"06c669e0-0111-45c3-868d-0b5fad1d1b42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"641208ed-750f-478c-bd0e-433bdf9d4b51","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6047cac0-6d51-4077-a752-002bb978cb6d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"246d5e70-487e-413f-9868-34905d9d1856","name":"Cloak Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3973","tidal_id":"75ba28e0-f68b-582a-8b1c-09e952648974","created":"2026-01-23T20:31:10.521077Z","modified":"2026-01-23T20:31:10.521081Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fbae3639-139a-43b2-b656-fd2658959726","name":"ARCrypter variant","description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","source":"USER","associated_software_id":"53b21003-6096-4efa-aa72-62fe2c934b96","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"575c36b4-6c06-4103-bc5c-5fab9a7cb8e7","name":"Babuk-derived ransomware","description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","source":"USER","associated_software_id":"a9a70ab1-5fd2-475f-828a-04077598925b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","group_attack_id":"G3211","group_id":"41d6d175-2f69-45e6-9663-9ff0cf8649e3","name":"Cloak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9e3672f6-80a0-4b7e-abc7-6f34e322d944","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"85092ac0-89b7-43b4-8e28-a1d7c86637e3","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"866c0282-75df-4026-835d-0ad4e5ebab73","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"dffae810-7822-45f9-99fb-dd65b6d9ecf4","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"6f0c80bc-9c3b-4d07-a184-f0bd45a04eff","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f295a357-df23-4561-a259-fc0d65492e6e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8930d0a5-eee4-4458-9169-6c6008ee3a87","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5321aa75-924c-47ae-b97a-b36f023abf2a","name":"Clop","type":"malware","source":"MITRE","software_attack_id":"S0611","tidal_id":"4348ff00-24cc-50a0-81f8-55ee5237d918","created":"2021-05-10T23:19:38.608000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit42 Clop April 2021](https://app.tidalcyber.com/references/ce48d631-757c-480b-8572-b7d9f4d738c6)]</sup><sup>[[Cybereason Clop Dec 2020](https://app.tidalcyber.com/references/f54d682d-100e-41bb-96be-6a79ea422066)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9f0077c4-09d8-4c91-add8-cacf32c1d991","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"7e8ea076-0f08-488d-ac7c-4719a3b366d9","tag":"b15c16f7-b8c7-4962-9acc-a98a39f87b69"},{"id":"d9465343-bbd6-4ba0-8bcf-5af3df608b49","tag":"b18b5401-d88d-4f28-8f50-a884a5e58349"},{"id":"ed617f04-89d9-477f-86fd-f46b70aed27e","tag":"ac862a66-a4ec-4285-9a21-b63576a5867d"},{"id":"df98940e-5f66-4bee-9c75-a149888eba49","tag":"5ab5f811-5c7e-4f77-ae90-59d3beb93346"},{"id":"4fee637d-2ef7-42fb-be54-67bc67803333","tag":"1b5da77a-bf84-4fba-a6d7-8b3b8f7699e0"},{"id":"9882021d-c1e8-4be5-8b82-18cd59a2f613","tag":"e401022a-36ac-486d-8503-dd531410a927"},{"id":"f1572322-a339-4cf6-9327-185d5bbbaa18","tag":"8a77c410-bed9-4376-87bf-5ac84fbc2c9d"},{"id":"6e3ef8d3-08f8-41dc-9dde-3639ca642ea0","tag":"ab64f2d8-8da3-48de-ac66-0fd91d634b22"},{"id":"bc1d9966-24fb-4484-a9b3-738f81d27f72","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"410494fa-6b24-4895-867a-550bf0f8d51f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"47c84bf4-58bb-4842-97c5-329736fd38ee","name":"CloudAtlas (Backdoor)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3835","tidal_id":"c22714bf-0104-5a74-a576-12251b6b77cb","created":"2025-12-29T17:41:06.413236Z","modified":"2025-12-29T17:41:06.413240Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d6aee2bf-8ff6-45af-8352-268ced3be62e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"f559cf02-96b0-4c6b-8009-9ad96067cb26","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"5cea4be4-5a2a-4c34-812f-ada28e5ed4b9","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"3772db04-c96c-4f64-877f-0e5e6b04423e","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"42241928-bf89-4d16-87b5-d183c4bfb5c6","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"817087b7-e94f-400e-be2f-fd9c405a049e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d22914e9-37b9-4fd9-8a1d-a28dd702a29a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c6570736-8638-4b42-b3cf-bd80f9a63ff7","name":"CloudAtlas::Plugin (FileGrabber)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3836","tidal_id":"0de69489-479f-5113-9a55-1909a941e29d","created":"2025-12-29T17:41:06.568772Z","modified":"2025-12-29T17:41:06.568776Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"09f37340-b26f-44a4-8f99-5e4ee506a2f4","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"7e2c439e-db02-4042-9e04-7a8253252979","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"918ff986-5229-4ec9-9ae2-45eb467c0f6c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"38d6fbb1-b6d2-485a-a11e-842bae733271","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f2f92484-874d-4207-95f7-763eb01d42d7","name":"CloudAtlas::Plugin (InfoCollector)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3837","tidal_id":"f93ccc83-f84a-5433-b4ac-9d8cad1982c8","created":"2025-12-29T17:41:06.758442Z","modified":"2025-12-29T17:41:06.758447Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"72ce69c5-017b-4d3e-81f6-06b427b889f3","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"6bb3033f-25f3-4efd-ba67-c8ca3de3fa91","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"1e20c019-9ef4-4827-8c52-1f80eab13086","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"46c2953e-9179-45c5-a76c-efe7a4f803a6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8d0b57d5-7d09-4927-a6fb-621c83def94f","name":"CloudAtlas::Plugin (PasswordStealer)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3838","tidal_id":"620dae39-684a-50f9-8757-729f2d8b0fac","created":"2025-12-29T17:41:06.936585Z","modified":"2025-12-29T17:41:06.936591Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3f0151d1-3d3a-456d-a9f5-1231f39c722b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"e5f9db5e-7c72-404f-a3f0-cf8947f988ee","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"0f4edf8d-2221-4ff0-b826-3855febab689","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"00d4792c-7a03-48dc-a157-06014b69ee8e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0ff3f973-4f01-4b01-9e42-1d08bb105007","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7a57e81b-2453-4aaf-94ad-c007bd7105a2","name":"CloudChat Infostealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3129","tidal_id":"9811ceeb-3c79-5530-890a-c3d1508bf047","created":"2024-06-13T20:12:33.724139Z","modified":"2024-06-13T20:12:33.724143Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"6215f6df-ea18-41ac-8c26-0b7fcf0952d4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2465bee6-3118-4bcd-828f-f915acb6468c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b3dd424b-ee96-449c-aa52-abbc7d4dfb86","name":"CloudDuke","type":"malware","source":"MITRE","software_attack_id":"S0054","tidal_id":"937f1a3b-7cda-5660-a249-b78a08e2e412","created":"2017-05-31T21:32:38.128000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"59d0f44a-2aad-42c3-97cc-4c92e8527f00","name":"MiniDionis","description":"","source":"MITRE","associated_software_id":"4f8334fd-987a-4d3a-b7cf-e5e1800eee90","owner_id":null,"owner_name":null},{"id":"941f9757-9100-4791-9a6e-77843e6d1e5d","name":"CloudLook","description":"","source":"MITRE","associated_software_id":"f714e1f8-1a16-46cc-981c-26729d500770","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd7f518a-89e0-49a0-a02a-b153f44c15f3","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"b34e9f4e-4e08-4a11-9499-86ed40f93d94","name":"Cloudflared","type":"tool","source":"Tidal Cyber","software_attack_id":"S3450","tidal_id":"cf649fbc-7dd7-5734-a61d-0d811ff3ce57","created":"2025-03-17T18:33:49.050275Z","modified":"2025-03-17T18:33:49.050279Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"36c89a2e-5bbb-4bc5-979d-46f4442e4844","name":"ArgoTunnel","description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","source":"Tidal Cyber","associated_software_id":"cf9771f1-4afb-4b7a-8fa5-45d13b34286e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog October 06 2025](/references/242bd97d-dad0-49af-9ed6-f150542b8ded)]</sup>","group_attack_id":"G3139","group_id":"0aa009a3-4c8d-44d9-aa5f-6f68eb7d846c","name":"Storm-1175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5d944e93-e98d-4068-85a0-9a07756e0b82","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"0aa09241-f6f4-4e24-b1a6-348f5eb57208","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7afbde0e-deae-4937-b952-e8d7605a4e8b","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f38ccc1c-1b9f-4c0c-8963-443a5908f7ea","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"e8c3f7c4-a377-4a39-a528-7b74d912ba67","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"98d89476-63ec-4baf-b2b3-86c52170f5d8","name":"cmd","type":"tool","source":"MITRE","software_attack_id":"S0106","tidal_id":"cccfdae8-f98a-5ff5-9bab-cd1115303658","created":"2017-05-31T21:33:05.319000Z","modified":"2022-10-13T20:24:11.194000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"899f559b-a722-4020-9af0-a8ce9b578535","name":"Windows Command Shell (cmd.exe)","description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","source":"USER","associated_software_id":"ac8e6213-d8de-4691-9fb0-562b10380ff5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"cb5d677d-ba18-4116-9c4b-3b99061cad5a","name":"Windows Command Shell","description":"<sup>[[The DFIR Report November 17 2025](/references/0b46ec32-fa74-4d0a-8816-0dab60e575cb)]</sup>","source":"USER","associated_software_id":"f0a06ed1-61e8-46e8-8bc1-df146bbe3ab9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"94b63e82-16a8-4bc0-a239-2c28cabfa131","name":"cmd.exe","description":"","source":"MITRE","associated_software_id":"2757101d-84c7-4acc-be12-2f2a7b79bc2e","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Ukraine Targeting October 29 2025](/references/08b6d849-2837-4af9-bb8a-e0425e6a02e4)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ESET Nomadic Octopus 2018](/references/50dcb3f0-1461-453a-aab9-38c2e259173f)]</sup>","group_attack_id":"G0133","group_id":"5f8c6ee0-f302-403b-b712-f1e3df064c0c","name":"Nomadic Octopus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G3187","group_id":"e396b406-57df-4260-bb75-b337ff726785","name":"Weaxor ransomware operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[FireEye Know Your Enemy FIN8 Aug 2016](/references/0119687c-b46b-4b5f-a6d8-affa14258392)]</sup><sup>[[FireEye Obfuscation June 2017](/references/6d1089b7-0efe-4961-8abc-22a882895377)]</sup><sup>[[Bitdefender FIN8 July 2021](/references/aee3179e-1536-40ab-9965-1c10bdaa6dff)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","group_attack_id":"G3211","group_id":"41d6d175-2f69-45e6-9663-9ff0cf8649e3","name":"Cloak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[WeLiveSecurity Scarab August 22 2023](/references/7cbf97fe-1809-4089-b386-a8bfd083df39)]</sup>","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup><sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell Lateral Movement](https://app.tidalcyber.com/references/fcc9b52a-751f-4985-8c32-7aaf411706ad)]</sup>","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye Operation Double Tap](/references/4b9af128-98da-48b6-95c7-8d27979c2ab1)]</sup><sup>[[Symantec Buckeye](/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]</sup>","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Talos Kimsuky Nov 2021](/references/17927f0e-297a-45ec-8e1c-8a33892205dc)]</sup><sup>[[KISA Operation Muzabi](/references/8742ac96-a316-4264-9d3d-265784483f1a)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye APT41 Aug 2019](/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup><sup>[[FireEye APT41 March 2020](/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 Gorgon Group Aug 2018](/references/d0605185-3f8d-4846-a718-15572714e15b)]</sup>","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro Muddy Water March 2021](/references/16b4b834-2f44-4bac-b810-f92080c41f09)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Anomali MUSTANG PANDA October 2019](/references/70277fa4-60a8-475e-993a-c74241b76127)]</sup><sup>[[Avira Mustang Panda January 2020](/references/bc7755a0-5ee3-477b-b8d7-67174a59d0e2)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Talos Group123](/references/bf8b2bf0-cca3-437b-a640-715f9cc945f7)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Malwarebytes Higaisa 2020](/references/6054e0ab-cf61-49ba-b7f5-58b304477451)]</sup><sup>[[Zscaler Higaisa 2020](/references/26d7ee2c-d4f7-441a-9073-49c9049b017e)]</sup><sup>[[PTSecurity Higaisa 2020](/references/cf8f3d9c-0d21-4587-a707-46848a15bd46)]</sup>","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike AQUATIC PANDA December 2021](/references/fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2)]</sup>","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET Turla PowerShell May 2019](/references/68c0f34b-691a-4847-8d49-f18b7f4e5188)]</sup><sup>[[Symantec Waterbug Jun 2019](/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro TA505 June 2019](/references/e664a0c7-154f-449e-904d-335be1b72b29)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Volexity SolarWinds](/references/355cecf8-ef3e-4a6e-a652-3bf26fe46d88)]</sup><sup>[[Microsoft Analyzing Solorigate Dec 2020](/references/8ad72d46-ba2c-426f-bb0d-eb47723c8e11)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cycraft Chimera April 2020](/references/a5a14a4e-2214-44ab-9067-75429409d744)]</sup><sup>[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup><sup>[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 TA551 Jan 2021](/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Palo Alto Unit 42 OutSteel SaintBot February 2022](/references/b0632490-76be-4018-982d-4b73b3d13881)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 Playbook Dec 2017](/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]</sup><sup>[[Talos Seduploader Oct 2017](/references/2db77619-72df-461f-84bf-2d1c3499a5c0)]</sup><sup>[[Unit42 Cannon Nov 2018](/references/8c634bbc-4878-4b27-aa18-5996ec968809)]</sup><sup>[[Accenture SNAKEMACKEREL Nov 2018](/references/c38d021c-d84c-4aa7-b7a5-be47e18df1d8)]</sup><sup>[[TrendMicro Pawn Storm Dec 2020](/references/3bc249cd-f29a-4a74-a179-a6860e43683f)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Novetta Blockbuster](/references/bde96b4f-5f98-4ce5-a507-4b05d192b6d7)]</sup><sup>[[Novetta Blockbuster Destructive Malware](/references/de278b77-52cb-4126-9341-5b32843ae9f1)]</sup><sup>[[McAfee Lazarus Resurfaces Feb 2018](/references/4e4cb57d-764a-4233-8fc6-d049a1caabe9)]</sup><sup>[[US-CERT SHARPKNOT June 2018](/references/b6bb568f-de15-4ace-8075-c08e7835fea2)]</sup><sup>[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]</sup><sup>[[McAfee GhostSecret](/references/d1cd4f5b-253c-4833-8905-49fb58e7c016)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Morphisec Cobalt Gang Oct 2018](/references/0a0bdd4b-a680-4a38-967d-3ad92f04d619)]</sup><sup>[[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)]</sup><sup>[[PTSecurity Cobalt Group Aug 2017](/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)]</sup><sup>[[Group IB Cobalt Aug 2017](/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]</sup><sup>[[Unit 42 Cobalt Gang Oct 2018](/references/8956f0e5-d07f-4063-bf60-f8b964d03e6d)]</sup><sup>[[TrendMicro Cobalt Group Nov 2017](/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[DFIR Ryuk in 5 Hours October 2020](/references/892150f4-769d-447d-b652-e5d85790ee37)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rancor Unit42 June 2018](/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]</sup>","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[SecureWorks BRONZE UNION June 2017](/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Symantec Shuckworm January 2022](/references/3abb9cfb-8927-4447-b904-6ed071787bef)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c3b2747c-c82c-429c-bba3-3c3d32986736","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"545ac552-5f97-4b34-b53f-c0b5ab533fbf","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"73519ac9-01fc-4cab-81af-64ac9957cfe7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6505037b-41d8-482a-b36e-3c453798bf73","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e4e94746-c61a-4271-b2aa-7cd2a9f0fb48","tag":"a968c9f3-c190-488f-bacc-92e8f1ce295c"},{"id":"33049693-0852-4d89-9f71-a26b1daf3e43","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6c4406c8-c8d5-4bed-a8bf-233ddf4b7be9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"da252f67-2d4e-419f-b493-d4a1d024a01c","name":"Cmdkey","type":"tool","source":"Tidal Cyber","software_attack_id":"S3201","tidal_id":"8cce4829-39ab-5fea-906a-349e295a9ff2","created":"2024-01-12T14:47:43.573961Z","modified":"2024-01-12T14:47:43.573965Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f20ab947-efa4-42ce-84ee-5b7fc4bc3984","name":"Cmdkey.exe","description":"<sup>[[Cmdkey.exe - LOLBAS Project](/references/c9ca075a-8327-463d-96ec-adddf6f1a7bb)]</sup>","source":"Tidal Cyber","associated_software_id":"adcf033c-3514-40b4-81fc-d0534cd0d050","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Kaspersky Lyceum October 2021](/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a897a544-306c-4e4d-829e-35a462e1b55c","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"765b7c2f-ab35-4a4f-b79b-bdd7acdd6ed6","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"0a74da0f-7214-475e-a08e-ed72701d8c2f","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"112e7785-93f9-4896-8010-b5c29fc66480","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fd52db5a-01ed-4dea-8ce6-99de3206d6dc","tag":"96bff827-e51f-47de-bde6-d2eec0f99767"},{"id":"aaa2416b-2563-49c2-aa74-d7a29f63a93f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6e9187b7-9f1b-45c9-8d6a-23b214e3aa5d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"44a523a8-9ed6-4f01-9a53-0e8ea1e15b51","name":"cmdl32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3202","tidal_id":"c0a1166f-8a98-5020-b2eb-8a83edb518cc","created":"2024-01-12T14:47:43.954111Z","modified":"2024-01-12T14:47:43.954115Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"979b6530-dd16-4d7f-aaca-166b5996304b","name":"cmdl32.exe","description":"<sup>[[cmdl32.exe - LOLBAS Project](/references/2628e452-caa1-4058-a405-7c4657fa3245)]</sup>","source":"Tidal Cyber","associated_software_id":"ceb926c4-0b32-4073-bfd8-b7fc05cd1d62","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"34f732c2-e6d4-4711-8235-4ae7dd420b92","tag":"4c8f8830-0b2c-4c79-b1db-8659ede492f0"},{"id":"cd2a11ea-d1d1-4508-b580-8717a5a6766b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2a00d249-5a00-402f-a722-e5114f3c2783","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6f848e15-5234-4445-9a05-2949e4c57f0b","name":"Cmstp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3203","tidal_id":"6ed59957-0b07-5336-b92c-99e3311585a7","created":"2024-01-12T14:47:44.364030Z","modified":"2024-01-12T14:47:44.364033Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7cc16603-ebbc-4cad-910b-5b94b16438a9","name":"Cmstp.exe","description":"<sup>[[Cmstp.exe - LOLBAS Project](/references/86c21dcd-464a-4870-8aae-25fcaccc889d)]</sup>","source":"Tidal Cyber","associated_software_id":"7daa8928-e3ff-4e2c-9a33-df39bec265e1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)]</sup><sup>[[Morphisec Cobalt Gang Oct 2018](/references/0a0bdd4b-a680-4a38-967d-3ad92f04d619)]</sup><sup>[[Unit 42 Cobalt Gang Oct 2018](/references/8956f0e5-d07f-4063-bf60-f8b964d03e6d)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e0525875-160b-4557-875d-08f30572957f","tag":"65938118-2f00-48a1-856e-d1a75a08e3c6"},{"id":"d7fe21eb-ea02-4f31-be67-76dff7abc287","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4ae4d1d0-6823-4edd-b783-66d4d5ca696c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"fbd3f71a-e123-5527-908c-9e7ea0d646e8","name":"COATHANGER","type":"malware","source":"MITRE","software_attack_id":"S1105","tidal_id":"42306077-12f8-590d-921b-0ea6b13f57c4","created":"2024-04-25T13:28:17.405019Z","modified":"2024-04-25T13:28:17.405024Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9b6bcbba-3ab4-4a4c-a233-cd12254823f6","name":"Cobalt Strike","type":"malware","source":"MITRE","software_attack_id":"S0154","tidal_id":"534c3eee-3f0a-5db1-b05e-c1500861b449","created":"2017-12-14T16:46:06.044000Z","modified":"2022-10-12T23:24:12.980000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a16bd3ba-2047-4965-9381-d47d098f84a8","name":"Cobalt Strike Beacon","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"202e0c47-cdfb-494c-aaba-e8cc1b955253","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Proofpoint Leviathan Oct 2017](https://app.tidalcyber.com/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)]</sup><sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup><sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye SUNBURST Backdoor December 2020](https://app.tidalcyber.com/references/d006ed03-a8af-4887-9356-3481d81d43e4)]</sup><sup>[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]</sup><sup>[[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)]</sup><sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup><sup>[[SentinelOne NobleBaron June 2021](https://app.tidalcyber.com/references/98cf2bb0-f36c-45af-8d47-bf26aca3bb09)]</sup><sup>[[ESET T3 Threat Report 2021](https://app.tidalcyber.com/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)]</sup><sup>[[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]</sup><sup>[[Secureworks IRON RITUAL USAID Phish May 2021](https://app.tidalcyber.com/references/0d42c329-5847-4970-9580-2318a566df4e)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) has used [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6) as a post-exploitation tool.<sup>[[Picus BlackByte 2022](https://app.tidalcyber.com/references/de5a3cdd-2169-5d1c-b78a-e5fbdf55a71c)]</sup><sup>[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]</sup><sup>[[Volexity OceanLotus Nov 2017](https://app.tidalcyber.com/references/ed9f5545-377f-4a12-92e4-c0439cc5b037)]</sup><sup>[[Cybereason Oceanlotus May 2017](https://app.tidalcyber.com/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)]</sup><sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup><sup>[[Volexity Ocean Lotus November 2020](https://app.tidalcyber.com/references/dbea2493-7e0a-47f0-88c1-5867f8bb1199)]</sup><sup>[[Amnesty Intl. Ocean Lotus February 2021](https://app.tidalcyber.com/references/a54a2f68-8406-43ab-8758-07edd49dfb83)]</sup><sup>[[Unit 42 KerrDown February 2019](https://app.tidalcyber.com/references/bff5dbfe-d080-46c1-82b7-272e03d2aa8c)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup><sup>[[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)]</sup><sup>[[Mandiant FIN7 Apr 2022](https://app.tidalcyber.com/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) has utilized [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6) for C2 communications and used a unique “license_id” of “666.”<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) operations include the use of [Cobalt Strike](https://app.tidalcyber.com/software/9b6bcbba-3ab4-4a4c-a233-cd12254823f6).<sup>[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]</sup><sup>[[rapid7-email-bombing](https://app.tidalcyber.com/references/b57af46b-a26b-5fca-8509-406889261d41)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky LuminousMoth July 2021](https://app.tidalcyber.com/references/e21c6931-fba8-52b0-b6f0-1c8222881fbd)]</sup><sup>[[Bitdefender LuminousMoth July 2021](https://app.tidalcyber.com/references/6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3)]</sup>","group_attack_id":"G1014","group_id":"b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a","name":"LuminousMoth","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Google Cloud Blog November 20 2025](/references/a99c8dce-a85b-404f-8b91-65135de27537)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G3187","group_id":"e396b406-57df-4260-bb75-b337ff726785","name":"Weaxor ransomware operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]</sup><sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]</sup><sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Eset PlugX Korplug Mustang Panda March 2022](https://app.tidalcyber.com/references/9fca64ae-e272-5849-b9e4-82c5578cafba)]</sup><sup>[[Anomali MUSTANG PANDA October 2019](https://app.tidalcyber.com/references/70277fa4-60a8-475e-993a-c74241b76127)]</sup><sup>[[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)]</sup><sup>[[Recorded Future REDDELTA July 2020](https://app.tidalcyber.com/references/e2bc037e-d483-4670-8281-70e51b16effe)]</sup><sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup><sup>[[Crowdstrike MUSTANG PANDA June 2018](https://app.tidalcyber.com/references/35e72170-b1ec-49c9-aefe-a24fc4302fa6)]</sup><sup>[[McAfee Dianxun March 2021](https://app.tidalcyber.com/references/a40a69d7-7abc-4829-9905-98c156a809fe)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Talos Cobalt Group July 2018](https://app.tidalcyber.com/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)]</sup><sup>[[PTSecurity Cobalt Group Aug 2017](https://app.tidalcyber.com/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)]</sup><sup>[[Group IB Cobalt Aug 2017](https://app.tidalcyber.com/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]</sup><sup>[[Proofpoint Cobalt June 2017](https://app.tidalcyber.com/references/c4922659-88b2-4311-9c9b-dc9b383d746a)]</sup> <sup>[[RiskIQ Cobalt Nov 2017](https://app.tidalcyber.com/references/ebf961c5-bd68-42f3-8fd3-000946c7ae9c)]</sup><sup>[[RiskIQ Cobalt Jan 2018](https://app.tidalcyber.com/references/7d48b679-d44d-466e-b12b-16f0f9858d15)]</sup><sup>[[Crowdstrike Global Threat Report Feb 2018](https://app.tidalcyber.com/references/6c1ace5b-66b2-4c56-9301-822aad2c3c16)]</sup><sup>[[TrendMicro Cobalt Group Nov 2017](https://app.tidalcyber.com/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]</sup><sup>[[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]</sup>","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup><sup>[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)]</sup><sup>[[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)]</sup><sup>[[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup><sup>[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup><sup>[[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]</sup>","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT19](https://app.tidalcyber.com/references/d75508b1-8b85-47c9-a087-bc64e8e4cb33)]</sup>","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup><sup>[[Mandiant_UNC2165](https://app.tidalcyber.com/references/92e39558-cd2c-54c4-8930-aafdd2f14bca)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]</sup>","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CrowdStrike AQUATIC PANDA December 2021](https://app.tidalcyber.com/references/fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2)]</sup>","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used multiple publicly available tools during operations, such as Cobalt Strike.<sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Volexity InkySquid BLUELIGHT August 2021](https://app.tidalcyber.com/references/7e394434-364f-4e50-9a96-3e75dacc9866)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 DarkHydrus July 2018](https://app.tidalcyber.com/references/800279cf-e6f8-4721-818f-46e35ec7892a)]</sup><sup>[[Unit 42 Playbook Dec 2017](https://app.tidalcyber.com/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]</sup>","group_attack_id":"G0079","group_id":"f2b31240-0b4a-4fa4-82a4-6bb00e146e75","name":"DarkHydrus","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cycraft Chimera April 2020](https://app.tidalcyber.com/references/a5a14a4e-2214-44ab-9067-75429409d744)]</sup><sup>[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G1020","group_id":"0898e7cb-118e-5eeb-b856-04e56ed18182","name":"Mustard Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup><sup>[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]</sup>","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Google TAG Ukraine IABs September 7 2022](/references/848da19d-b02d-4b78-b3c1-a72d5034fd45)]</sup>","group_attack_id":"G3077","group_id":"9d665cc1-8ecc-4064-8221-c74bd6ffd97a","name":"UAC-0098","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[BlackBerry BlackCat Threat Overview](/references/59f98ae1-c62d-460f-8d2a-9ae287b59953)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"54213336-2769-4597-aa71-ffeeb0079ddf","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"fd82e601-5843-42d8-82f9-fc213ef0c5a6","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"589f8477-8f59-4d47-8fc7-27c9fc4659b9","tag":"9b9e99a7-5efa-47c7-9f27-ea0792da38a9"},{"id":"dde51fd3-5974-4d0c-8267-459fec9e8b16","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"d7701786-8ab0-4780-87c5-0b5f80c1dad8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"28dd4989-f5be-4af1-b287-bfd3b8b910fe","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"c5e1ee3e-76e4-4a97-a687-b56b5bc46d5c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"caa31e3b-3918-4886-9d94-4c034925dcc1","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"40064385-3a4d-4b01-a39d-72ccc5b923eb","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"d2c572f6-12ce-4b34-9bd4-90be6e5643ba","tag":"56d89c06-23a0-4642-adfc-1fffd3524191"},{"id":"0ad25478-86bc-4fb3-a6f6-546835f2bc64","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"15eb5700-8fd4-47c2-9608-9404e8f916ad","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a337f06b-a246-4331-87b5-9c7ba07593a2","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"8708c4d7-778a-40fe-a43a-3eec7bd9cd9b","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"cf47b3ce-1392-4904-a4e6-f65aebebddc6","name":"Cobalt Strike Random C2 Profile Generator","type":"malware","source":"Tidal Cyber","software_attack_id":"S3080","tidal_id":"cca3df03-c521-5189-8bca-af0c08842012","created":"2023-09-22T15:01:32.673923Z","modified":"2023-09-22T15:01:32.673934Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3f2c4d87-ada7-4987-b811-580ea815ce51","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"876be5cb-8e04-4ec3-8e7d-7211f7ffb355","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":"TidalCyberIan"},{"id":"d4e6f9f7-7f4d-47c2-be24-b267d9317303","name":"Cobian RAT","type":"malware","source":"MITRE","software_attack_id":"S0338","tidal_id":"207f0ef6-471b-54df-9a45-9d0d5df972ed","created":"2019-01-29T21:40:37.350000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2635fc5b-84ff-40b1-94c6-d9478d3714fb","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"49d440e4-b2ea-4e7d-8ded-8589ddf679d9","name":"code","type":"tool","source":"Tidal Cyber","software_attack_id":"S3306","tidal_id":"6ff0b77f-01a7-531f-8483-054834162163","created":"2024-01-12T14:48:19.819491Z","modified":"2024-01-12T14:48:19.819495Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"67b88f73-fcbf-4a0b-ab7c-7b5f972f0da8","name":"VS Code","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"c23258cc-5a63-4f1b-ae36-db98117ccaa3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"7938f376-2b8e-4113-9914-292e2aeb1f35","name":"vscode.exe","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"914d4182-605e-4a33-922c-536201e76779","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"04c08c69-256c-4e46-be32-567c0a09c29c","name":"Visual Studio Code","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"0b52c1cf-5b38-4afd-a393-5d80cff1ec60","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"ae8da2a7-2ce7-4aa5-8256-1962ec754428","name":"code.exe","description":"<sup>[[code.exe - LOLBAS Project](/references/4a93063b-f3a3-4726-870d-b8f744651363)]</sup>","source":"Tidal Cyber","associated_software_id":"74673d53-5fe4-4e98-ade5-b4a545d2373c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b6594130-12b3-4225-ac70-d7994208cf60","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2ea2a5bc-a46e-4566-9136-b67e349f8a29","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"032b3f44-1a8a-4818-9def-35f1382ef725","name":"coinbase_check.ps1","type":"malware","source":"Tidal Cyber","software_attack_id":"S3948","tidal_id":"4b850ea4-50dd-5a8e-8a97-73bc7b402acd","created":"2026-01-14T13:31:40.325937Z","modified":"2026-01-14T13:31:40.325940Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"8603a5ad-e2dc-4570-aff0-aa77ddead501","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"5a3a7874-0d3c-44b9-96a0-f9f45a875db4","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"2c96c111-8f7a-4c69-9a42-45fc321b7339","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"04f0e1be-3d74-450f-a489-596f86ffa749","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"102f08fd-cf32-4a09-8fa8-ab1492236b05","name":"Coinminer (nuts/poop)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3873","tidal_id":"78031d84-ffb0-5a9c-9ab6-5cf9488d0da1","created":"2026-01-06T18:05:06.299697Z","modified":"2026-01-06T18:05:06.299701Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"05f6da09-0f4b-47fc-8e6e-d91968b12a00","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"},{"id":"0579cc66-b82a-45a6-8d92-b98444ae0a1d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"016c776e-7c28-4efd-b6c1-e4ae570d38c1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b0d9b31a-072b-4744-8d2f-3a63256a932f","name":"CoinTicker","type":"malware","source":"MITRE","software_attack_id":"S0369","tidal_id":"b442efa6-a40b-51c4-adcf-4cb6b1b00733","created":"2019-04-23T18:41:36.914000Z","modified":"2020-03-30T15:23:53.711000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9f006b88-2f13-4c99-ade0-839da70d1e11","name":"Colorcpl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3204","tidal_id":"f4ebc151-31a9-56e3-9e58-2e35a3635db1","created":"2024-01-12T14:47:44.738071Z","modified":"2024-01-12T14:47:44.738075Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4719e863-dac0-409d-b6d3-52d7ce388044","name":"Colorcpl.exe","description":"<sup>[[Colorcpl.exe - LOLBAS Project](/references/53ff662d-a0b3-41bd-ab9e-a9bb8bbdea25)]</sup>","source":"Tidal Cyber","associated_software_id":"6044424d-3732-4cac-85a8-b4059f4e0af4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d2c966dd-3358-49af-b899-082a9bdf4ef3","tag":"884eb1b1-aede-4db0-8443-ba50624682e1"},{"id":"69431965-bd1a-4fac-95e1-19779a533f8b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f4714d85-7dcd-4fff-8ad6-861369001255","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"26060e4b-1005-4739-a2d6-8030cabeacf5","name":"Comdai","type":"malware","source":"Tidal Cyber","software_attack_id":"S3540","tidal_id":"15520e54-40b7-5065-9d13-762b922328dc","created":"2025-09-10T16:39:29.121770Z","modified":"2025-09-10T16:39:29.121773Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"cd09ad4a-9577-4269-a7b1-dcca6d639e77","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"26e8182a-25ad-4942-9dbe-d73e8cacdd7c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b9f33e20-5b75-476a-86c6-4b829244bbdb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"341fc709-4908-4e41-8df3-554dae6d72b0","name":"Comnie","type":"malware","source":"MITRE","software_attack_id":"S0244","tidal_id":"ce48084e-9b43-585a-a307-d563ce3a92ab","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"7870c28c-2f35-4fd2-a253-e4aea7dfb257","name":"COMPOOD","type":"malware","source":"Tidal Cyber","software_attack_id":"S3757","tidal_id":"c5fc60ee-3fe2-541f-89e5-7299905d7d3a","created":"2025-12-17T14:18:50.383159Z","modified":"2025-12-17T14:18:50.383162Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3160","group_id":"1313da23-bbc5-4724-a278-fd6ca5e561f0","name":"Earth Lamia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3161","group_id":"2b008386-ffdc-433d-9b09-1e2cf4f3a4a4","name":"Jackpot Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3163","group_id":"a80c62db-7e04-44a8-8692-945aa22e09d6","name":"UNC6586","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3164","group_id":"0ca3cd2f-9650-4b70-9a65-6a5b512554ca","name":"UNC6588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3165","group_id":"5f8d373c-6992-4a2b-8a86-a16cbd45165a","name":"UNC6595","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3166","group_id":"d92dff67-9704-4503-ad57-867bea3e6bfa","name":"UNC6600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3167","group_id":"0e6985de-e4c1-494b-8901-9aa491202f6f","name":"UNC6603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"0f47fc64-6095-4113-9c1e-0de1a181e45a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"42870ccd-5397-4ac7-a86e-4c80821291be","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"74117c5a-a102-4680-9c5f-c3bf5d7fac9a","name":"ComputerDefaults","type":"tool","source":"Tidal Cyber","software_attack_id":"S3476","tidal_id":"ec501670-9ee0-5cb1-9d98-e05158a34024","created":"2025-05-20T16:19:08.557967Z","modified":"2025-05-20T16:19:08.557971Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d0b077ae-b6d6-4850-b095-33c324a0a38e","name":"ComputerDefaults.exe","description":"<sup>[[ComputerDefaults.exe - LOLBAS Project](/references/48a081b8-18ff-43b8-ba95-5856aacc6afa)]</sup>","source":"Tidal Cyber","associated_software_id":"59d51b7b-f4fb-441e-aab3-9de643f3aa1a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ea8ca0b2-24d5-4dc2-8af1-dfd62fa3745f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2f005fb3-0783-4288-8e29-7f0f18cfd280","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"300c5997-a486-4a61-8213-93a180c22849","name":"ComRAT","type":"malware","source":"MITRE","software_attack_id":"S0126","tidal_id":"f0e3ad68-e3f8-5ab4-8afb-2ecea64c2a54","created":"2017-05-31T21:33:13.252000Z","modified":"2022-10-18T21:58:12.936000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Waterbug](https://app.tidalcyber.com/references/ec02f951-17b8-44cb-945a-e5c313555124)]</sup><sup>[[Unit 42 IronNetInjector February 2021 ](https://app.tidalcyber.com/references/f04c89f7-d951-4ebc-a5e4-2cc69476c43f)]</sup><sup>[[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9b1ca867-e724-45d6-b07e-371a5df6743c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"0448178d-fff1-4174-8339-e6bfca78fb84","name":"Comsvcs","type":"tool","source":"Tidal Cyber","software_attack_id":"S3323","tidal_id":"d73f7df8-fb10-53b3-a9ac-7ae5e79602a4","created":"2024-01-12T14:48:26.248625Z","modified":"2024-01-12T14:48:26.248629Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1fa287c7-a4a3-4072-9dd0-ba7b634c0880","name":"Comsvcs.dll","description":"<sup>[[Comsvcs.dll - LOLBAS Project](/references/2eb2756d-5a49-4df3-9e2f-104c41c645cd)]</sup>","source":"Tidal Cyber","associated_software_id":"07f103cf-9a8a-4f68-a96b-877113e6c538","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]</sup><sup>[[FireEye APT35 2018](/references/71d3db50-4a20-4d8e-a640-4670d642205c)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"62aea35b-bd8d-4709-9e1c-0ed08ef0f0ec","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3a7cf4cf-f49f-48e2-82da-924f0de917fd","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a175c55b-bf8e-4412-a45a-ac2e6615579c","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"018b09f2-1d16-4efe-8321-8a571663b9a7","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"cdcc64dc-ee3e-42cf-90ce-5dcfb36b6e8d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2c47772f-df0c-416f-b212-1e872976c317","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"98c3a651-25ba-4b72-b468-6158b81b47c5","tag":"334b0ee4-5a0d-4634-91c8-236593b818a0"},{"id":"70bc2cde-a64d-4e45-975f-6bba5f68ef50","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"64ac1af4-b4bf-43c8-9ee2-bec772132388","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f5a45f49-4a79-59bb-b84d-6e50e2dc8cb8","name":"Concipit1248","type":"malware","source":"Mobile","software_attack_id":"S0426","tidal_id":"f5a45f49-4a79-59bb-b84d-6e50e2dc8cb8","created":"2026-01-28T13:08:09.938459Z","modified":"2026-01-28T13:08:09.938460Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[{"id":"cd984d33-2dae-4c85-ac93-c9bd93bdc4ae","name":"Corona Updates","description":"<sup>[[TrendMicro Coronavirus Updates](https://app.tidalcyber.com/references/81c771f0-8baf-5185-8221-4d783e68f447)]</sup>","source":"Mobile","associated_software_id":"1644624f-608e-503a-ab12-2f3f7d234c6a","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"ef33f1fa-18a3-4b30-b359-17b7930f43a7","name":"Conficker","type":"malware","source":"MITRE","software_attack_id":"S0608","tidal_id":"4212fb97-a58b-57af-a428-42533da296c3","created":"2021-02-23T20:50:32.845000Z","modified":"2022-05-24T14:00:00.188000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cdf82a5d-e399-451e-9d95-38500cae6298","name":"Kido","description":"<sup>[[SANS Conficker](https://app.tidalcyber.com/references/2dca2274-5f25-475a-b87d-97f3e3a525de)]</sup>","source":"ICS","associated_software_id":"a8d8ea16-3ec8-41bb-a27a-7f67511a78ee","owner_id":null,"owner_name":null},{"id":"b964a105-a309-4eeb-8ddb-f4e2aba607bd","name":"Downadup","description":"<sup>[[SANS Conficker](https://app.tidalcyber.com/references/2dca2274-5f25-475a-b87d-97f3e3a525de)]</sup>","source":"ICS","associated_software_id":"2871c307-fede-464e-b25e-ad6051d25c63","owner_id":null,"owner_name":null},{"id":"b663e730-924d-4332-ae78-165cd782bb72","name":"Downadup","description":"<sup>[[SANS Conficker](https://app.tidalcyber.com/references/2dca2274-5f25-475a-b87d-97f3e3a525de)]</sup> ","source":"MITRE","associated_software_id":"2871c307-fede-464e-b25e-ad6051d25c63","owner_id":null,"owner_name":null},{"id":"2d9c5a54-c465-46b8-b0f1-9c1e6eb3a4fb","name":"Kido","description":"<sup>[[SANS Conficker](https://app.tidalcyber.com/references/2dca2274-5f25-475a-b87d-97f3e3a525de)]</sup> ","source":"MITRE","associated_software_id":"a8d8ea16-3ec8-41bb-a27a-7f67511a78ee","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"a418d216-d70b-410c-9de8-41232d636ab2","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"0e178275-4eb7-4fae-a703-d9730adf6a26","name":"ConfigSecurityPolicy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3205","tidal_id":"d6fab602-293b-5bb0-9107-11a86f8f04de","created":"2024-01-12T14:47:45.275970Z","modified":"2024-01-12T14:47:45.275973Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eb5bb379-c403-4f10-8d49-c3d7020d634e","name":"ConfigSecurityPolicy.exe","description":"<sup>[[ConfigSecurityPolicy.exe - LOLBAS Project](/references/30b8a5d8-596c-4ab3-b3db-b799cc8923e1)]</sup>","source":"Tidal Cyber","associated_software_id":"45ba655d-a1fc-4305-abed-38f72ef3a832","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"239ced3d-4715-442b-8437-20ee1d1201fb","tag":"d99039e1-e677-4226-8b63-e698d6642535"},{"id":"d614f271-8dc5-44d1-97ac-4bacec14ff92","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"cbf78fcb-f4e1-4c29-9ea4-8ed6755630c2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d3f8a214-3e65-4b7d-aed6-97a3e38ef8e0","name":"Conhost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3206","tidal_id":"5319198c-602a-568d-9962-de2f33f10f6c","created":"2024-01-12T14:47:45.751783Z","modified":"2024-01-12T14:47:45.751786Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7829c614-b785-49cf-adf0-21017cd710e4","name":"Conhost.exe","description":"<sup>[[Conhost.exe - LOLBAS Project](/references/5ed807c1-15d1-48aa-b497-8cd74fe5b299)]</sup>","source":"Tidal Cyber","associated_software_id":"8a24ebd6-9351-4197-8728-6aa45e3dfce3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b2a632f9-b3ff-40eb-b84c-56849de7cb36","tag":"ea54037d-e07b-42b0-afe6-33576ec36f44"},{"id":"db11d2e8-fdc1-4122-834c-b63e4c340ac9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d77515d1-89df-4f74-8dcc-87a06e645372","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6f9bb24d-cce2-49de-bedd-1849d9bde7a0","name":"ConnectWise","type":"tool","source":"MITRE","software_attack_id":"S0591","tidal_id":"5fe3efd0-fa82-5884-8651-e8328012e548","created":"2021-03-18T13:39:27.676000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"88e96478-a49a-4cf5-b88d-04221550794d","name":"ScreenConnect","description":"<sup>[[Anomali Static Kitten February 2021](https://app.tidalcyber.com/references/710ed789-de1f-4601-a8ba-32147827adcb)]</sup>","source":"MITRE","associated_software_id":"0280eeae-b087-48c3-937c-2edf419f6835","owner_id":null,"owner_name":null},{"id":"65563180-a4dd-4e96-8f3e-185dbc3c8330","name":"ConnectWise Control","description":"<sup>[[Red Canary December 09 2025](/references/6d71e655-029e-49b0-8285-30e036e63140)]</sup>","source":"USER","associated_software_id":"96075a42-07bb-472a-aea5-bb2ac39d9c36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8ddbb700-001a-4086-ae79-64210153276c","name":"ConnectWise ScreenConnect","description":"<sup>[[Huntress December 31 2025](/references/a07eaeca-f826-42da-aee3-86c96875c600)]</sup>","source":"USER","associated_software_id":"297d4984-6c06-4512-99b0-151dff4dba4d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has used [ConnectWise](https://app.tidalcyber.com/software/6f9bb24d-cce2-49de-bedd-1849d9bde7a0) to maintain persistence.<sup>[[Mandiant UNC3944 May 2025](https://app.tidalcyber.com/references/ba2831ec-0f30-574b-afdc-e8a7ec12b1ea)]</sup><sup>[[Check Point Scattered Spider JUL 2025](https://app.tidalcyber.com/references/276a2ed6-d532-51ee-9066-83145b7506c5)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Truesec AB August 30 2024](/references/de2de0a9-17d2-41c2-838b-7850762b80ae)]</sup>","group_attack_id":"G3051","group_id":"7a28cff6-80df-49e1-8457-a0305e736897","name":"Cicada3301 Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group SafePay March 10 2025](/references/5d63bb19-02d7-47b2-a120-9601ba09d99e)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Anomali Static Kitten February 2021](https://app.tidalcyber.com/references/710ed789-de1f-4601-a8ba-32147827adcb)]</sup><sup>[[Tetra Defense Sodinokibi March 2020](https://app.tidalcyber.com/references/a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50)]</sup>","group_attack_id":"G0115","group_id":"b4d068ac-9b68-4cd8-bf0c-019f910ef8e3","name":"GOLD SOUTHFIELD","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[EclecticIQ May 14 2025](/references/cb0d3cb0-4a3c-4948-b58f-d3d745ef92a2)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Anomali Static Kitten February 2021](https://app.tidalcyber.com/references/710ed789-de1f-4601-a8ba-32147827adcb)]</sup><sup>[[Trend Micro Muddy Water March 2021](https://app.tidalcyber.com/references/16b4b834-2f44-4bac-b810-f92080c41f09)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c8f93afa-47b8-4b20-bbbc-da0e60131fd3","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"1dc055e3-5fcb-4e99-8adc-85fdf1d454f8","tag":"6b4ccbb1-d9a9-4ca3-9178-7d332c2c8a14"},{"id":"6c1ccaf2-a140-4595-845e-5362636fbab9","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"fefe28ea-c803-48a6-9f5e-21b1bc5b11d1","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"834954db-2b69-4d7b-8099-4d9480069299","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"ad190a3c-7612-4600-acd4-585a2f04bf1c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"73cc6fa3-51c4-45fd-a8ea-5e20cc3f0960","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"2500b5cd-c173-47eb-b403-aafec5f2b43f","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"1ca0d6db-6f30-4f7c-bf5a-39796e71eaff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e89e1ff8-3fbc-4664-9010-f4a79e673a02","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"39b47913-8165-4cbd-9bb4-820a9ef0dd99","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"d7eb1b45-1d41-4323-841f-7c11179323e1","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"56855aea-b438-4d85-ae87-0e0b569f4b1f","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f7b15caa-dd3a-452f-b835-1f481c00ae10","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f58caa4e-1c20-417f-a4dd-3024e103eba3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7df8df77-908b-4d8e-b4e0-70b6c38dc129","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a2d6050a-4bad-44e4-aa9a-446565d90505","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":null},{"id":"710f4e93-0aa9-44e6-9d8e-62435dbff8bb","name":"conqueror.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3815","tidal_id":"06df8095-e39b-5c46-9deb-3f15bd524556","created":"2025-12-24T14:57:29.086673Z","modified":"2025-12-24T14:57:29.086677Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6d991ae0-ffde-437e-87e2-6d96d56dc173","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"b7b95248-3a64-4d60-9772-925f8b00a66f","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"0b41923f-9997-432e-ba7d-e5d730217af8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"828e5a2b-a0cd-4d85-8a3c-22ed329eb98c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c8672cca-babb-40e5-8bc7-800bd1e3774e","name":"consent.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3763","tidal_id":"e140ea84-854c-5738-adc2-720600030ffc","created":"2025-12-17T14:18:51.320082Z","modified":"2025-12-17T14:18:51.320086Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","group_attack_id":"G3170","group_id":"dddd119f-edac-4077-958b-6a775dd4a147","name":"Shanya Packer Operator","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"91680f41-6925-41b8-a349-8558bf6643ee","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a2c86b58-0a28-40c8-88a8-cf8ce44f90af","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8e995c29-2759-4aeb-9a0f-bb7cd97b06e5","name":"Conti","type":"malware","source":"MITRE","software_attack_id":"S0575","tidal_id":"ae061f61-2923-56b0-8642-8b6bac1a970e","created":"2021-02-17T18:51:57.710000Z","modified":"2022-09-29T16:45:13.038000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]</sup>","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"de981d1e-f5a0-4ec3-b2ac-23dfc5ad0ac8","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"74ba26a5-0dd3-4d54-9c8f-6e5cbc11cb6e","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"4600e8ca-357d-4cbf-afad-f9de2e14a227","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"a90111e6-39c9-420a-a736-ace02bea7f24","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"959e0ec4-5242-4a02-a099-f3aaeb142101","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ad94da91-7416-4b2b-a64a-82f863771149","tag":"0ed7d10c-c65b-4174-9edb-446bf301d250"},{"id":"fd991f83-ecc9-4ad1-b180-6ce8c50fe289","tag":"3d90eed2-862d-4f61-8c8f-0b8da3e45af0"},{"id":"68510b55-c337-4973-a66b-c8955e311851","tag":"12a2e20a-7c27-46bb-954d-b372833a9925"},{"id":"b8f55bd1-583d-448f-8b7c-501b32bbe6a6","tag":"1b98f09a-7d93-4abb-8f3e-1eacdb9f9871"},{"id":"45bd659f-aa21-4e0f-bfae-50a63fa0bf06","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"9bad9600-0d9f-4b8c-8ebe-c25dd47c31ba","tag":"dea4388a-b1f2-4f2a-9df9-108631d0d078"},{"id":"ce441caf-28da-42ef-a190-72a6b9afb7ae","tag":"24448a05-2337-4bc9-a889-a83f2fd1f3ad"},{"id":"9b9a6cdb-c05b-4899-83a3-c900d8691a80","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"596c48e0-528d-4797-b8fe-10bd3d2b5121","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"efc46430-b27f-4b05-bc36-1d5eba685ec7","name":"Control","type":"tool","source":"Tidal Cyber","software_attack_id":"S3207","tidal_id":"44544de5-1315-5b1a-a851-6fefdd8cadea","created":"2024-01-12T14:47:46.120187Z","modified":"2024-01-12T14:47:46.120191Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4b684811-8f00-4b38-8496-95146a80c07b","name":"Control.exe","description":"<sup>[[Control.exe - LOLBAS Project](/references/d0c821b9-7d37-4158-89fa-0dabe6e06800)]</sup>","source":"Tidal Cyber","associated_software_id":"94e2981f-681e-4bb8-bcef-98f8ed60f4ed","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6c47e8a7-1c37-4604-a605-84b59f7db189","tag":"53ac2b35-d302-4bdd-9931-5b6c6cb31b96"},{"id":"91d5280e-4e39-42f0-b0a5-7e8384b8ea74","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7ee9133c-1e20-4e6f-bfe9-b9f8f539291d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6e2c4aef-2f69-4507-9ee3-55432d76341e","name":"CookieMiner","type":"malware","source":"MITRE","software_attack_id":"S0492","tidal_id":"b2228db5-4c34-5e27-9dfc-df308b4045c3","created":"2020-07-22T19:00:00.779000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f13c8455-d615-4f8d-9d9c-5b31e593cd8a","name":"CORALDECK","type":"malware","source":"MITRE","software_attack_id":"S0212","tidal_id":"a870f488-40ac-5fb9-a212-d6a2f082690d","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c928448b-1b41-4920-b3a1-36f1175ffc3d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"b7dacd5c-eaba-48db-bdd7-e779a82b2ba7","name":"coregen","type":"tool","source":"Tidal Cyber","software_attack_id":"S3330","tidal_id":"073cfe5f-2423-58ba-ba84-266a5ba9231d","created":"2024-01-12T14:48:28.775629Z","modified":"2024-01-12T14:48:28.775633Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9cb45e94-99bf-46a7-94c5-29d6e5658074","name":"coregen.exe","description":"<sup>[[coregen.exe - LOLBAS Project](/references/f24d4cf5-9ca9-46bd-bd43-86b37e2a638a)]</sup>","source":"Tidal Cyber","associated_software_id":"462f4c43-12e3-4901-b741-72e8c6e6e98a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d133a888-04d2-4e34-a055-3ca8c72e33db","tag":"a19a158e-aec4-410a-8c3e-e9080b111183"},{"id":"44cf958f-3ec5-45c7-9c6e-18d0b32f2432","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b087935e-8fe4-441a-8819-7322ee646b2c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"caa50504-2669-4725-87bb-8c56f1944933","name":"Core Impact","type":"tool","source":"Tidal Cyber","software_attack_id":"S3460","tidal_id":"7b7667b5-e7d7-5a15-83a5-25c3e53daee1","created":"2025-04-08T16:39:01.858072Z","modified":"2025-04-08T16:39:01.858077Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b7e7e4a1-ccee-4c6f-8401-3955afd0bcb2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ac452f04-a776-4a95-a7d5-b422136af42b","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"7fd588ae-0843-4107-b2a2-01955bfc0487","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c72d2b45-6ada-4615-9705-2656168db7f4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3b193f62-2b49-4eff-bdf4-501fb8a28274","name":"CORESHELL","type":"malware","source":"MITRE","software_attack_id":"S0137","tidal_id":"90aa94e3-0e5d-5324-b4d9-04f770fddc5e","created":"2017-05-31T21:33:18.506000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c75a41d8-df0f-4607-8b07-76747810a7d9","name":"SOURFACE","description":"<sup>[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)]</sup> <sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup><sup>[[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]</sup>","source":"MITRE","associated_software_id":"36d5d0ca-1bfc-45b1-ac54-2da2e1b2a5c7","owner_id":null,"owner_name":null},{"id":"e66db2f3-651c-44d4-91ad-fb4b6065ecbf","name":"Sofacy","description":"This designation has been used in reporting both to refer to the threat group ([APT28](https://app.tidalcyber.com/groups/5b1a5b9e-4722-41fc-a15d-196a549e3ac5)) and its associated malware.<sup>[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)]</sup> <sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup><sup>[[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]</sup>","source":"MITRE","associated_software_id":"8af3037f-732c-433e-8689-701593604bae","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2ed6edb1-3c5a-4a2f-b1b2-665c369c94bd","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"de5b362c-c3fd-5ea0-9d73-dca9d6d5a417","name":"CorKLOG","type":"malware","source":"MITRE","software_attack_id":"S1235","tidal_id":"de5b362c-c3fd-5ea0-9d73-dca9d6d5a417","created":"2025-10-29T21:08:48.110735Z","modified":"2025-10-29T21:08:48.110736Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Zscaler PAKLOG CorkLog SplatCloak Splatdropper April 2025](https://app.tidalcyber.com/references/499c7ced-17e7-592b-ad58-5e3a40328554)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e4e37a06-ee31-44bf-a818-efa236ada136","name":"Corona (Mirai Botnet Variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3167","tidal_id":"03a76d1c-e302-59b9-b0a9-313ccd653b23","created":"2024-09-06T15:14:35.082095Z","modified":"2024-09-06T15:14:35.082098Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"a4946afd-07b4-4993-abf4-60a85497f8a7","tag":"55cb344a-cbd5-4fd1-a1e9-30bbc956527e"},{"id":"e7440b65-df80-41e0-aadc-c4722225d4d1","tag":"f925e659-1120-4b76-92b6-071a7fb757d6"},{"id":"ff0dfec6-acc7-4f79-be04-e00e5066929a","tag":"06236145-e9d6-461c-b7e4-284b3de5f561"},{"id":"22f37b91-2e26-406d-b8b3-1d03f7d08648","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"fd087d7a-08b0-4a02-9836-c84202c6cb4b","tag":"33d35d5e-f0cf-4c66-9be3-a3ffe6610b1a"},{"id":"d5eea712-dbbb-45ad-849d-3d5c849b7c51","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":"TidalCyberIan"},{"id":"c55a3933-c7d0-5cbe-9bf5-fef67ccf206a","name":"Corona Updates","type":"malware","source":"Mobile","software_attack_id":"S0425","tidal_id":"c55a3933-c7d0-5cbe-9bf5-fef67ccf206a","created":"2026-01-28T13:08:09.937993Z","modified":"2026-01-28T13:08:09.937994Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"2ef926fc-dff0-4744-b7b6-7752ef28b209","name":"Wabi Music","description":"<sup>[[TrendMicro Coronavirus Updates](https://app.tidalcyber.com/references/81c771f0-8baf-5185-8221-4d783e68f447)]</sup>","source":"Mobile","associated_software_id":"ef4c0daa-bbbb-5c62-bc1f-8dbd877e747f","owner_id":null,"owner_name":null},{"id":"12d93e43-b76a-41e0-b598-4b05890963b6","name":"Concipit1248","description":"<sup>[[TrendMicro Coronavirus Updates](https://app.tidalcyber.com/references/81c771f0-8baf-5185-8221-4d783e68f447)]</sup>","source":"Mobile","associated_software_id":"9f8c5cc1-5015-5d0f-9272-df5a4e78c26e","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"0d52eca7-3522-42e1-8450-358ea7114c06","name":"CosmicDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3782","tidal_id":"68e8366b-7853-561d-8f44-ecf7a9758cb4","created":"2025-12-24T14:57:24.076515Z","modified":"2025-12-24T14:57:24.076519Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d47a9b71-2e36-49dd-8ae5-905f60b5c34e","name":"CosmicDoor.macOS","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"923294af-31fa-4e11-a2b6-2a7b1bf86da8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"47dd1707-8b07-44f3-b0dc-e5b51e7d89ac","name":"CosmicDoor.Windows","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"70c17915-d7e4-4375-a7d5-1e9fa6c55f68","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"28c5dc91-318f-4b47-9ab4-5c13844042c6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"afa3a90a-5aa4-4265-84a3-b17be45fac57","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"b46975fb-5829-43e5-94e5-acb2f14dd069","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0a29d4c0-9824-4764-8065-23dfbd6d2915","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"43b317c6-5b4f-47b8-b7b4-15cd6f455091","name":"CosmicDuke","type":"malware","source":"MITRE","software_attack_id":"S0050","tidal_id":"99545c1f-977f-57f0-9a1d-de54935604de","created":"2017-05-31T21:32:36.550000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3f0427ff-2b73-4275-b612-ba4f2d2d77c7","name":"TinyBaron","description":"","source":"MITRE","associated_software_id":"b46da8df-d944-4bf0-b715-dad7dbc6d658","owner_id":null,"owner_name":null},{"id":"8df5fe1b-184a-4a87-9244-244eb3c5f92a","name":"BotgenStudios","description":"","source":"MITRE","associated_software_id":"f5f9ef72-8f34-47d6-a767-86b3b07ce00e","owner_id":null,"owner_name":null},{"id":"9fafca05-8cff-41ae-beba-dd50db7d9c15","name":"NemesisGemina","description":"","source":"MITRE","associated_software_id":"d7724aad-70a0-40a8-ad43-a92bedb8f8fd","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b0190895-1cff-4589-aa0b-a9d8261c8869","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"ea9e2d19-89fe-4039-a1e0-467b14554c6f","name":"CostaBricks","type":"malware","source":"MITRE","software_attack_id":"S0614","tidal_id":"6cf559c2-4900-58b7-b4b7-fdb6e1cae292","created":"2021-05-24T15:56:18.522000Z","modified":"2022-10-05T16:34:18.865000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c9cea5ac-b426-5484-a228-6eeffa173611","name":"Covenant","type":"tool","source":"MITRE","software_attack_id":"S1155","tidal_id":"c9cea5ac-b426-5484-a228-6eeffa173611","created":"2024-10-31T16:28:08.623216Z","modified":"2024-10-31T16:28:08.623222Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[HAFNIUM](https://app.tidalcyber.com/groups/1bcc9382-ccfe-4b04-91f3-ef1250df5e5b) used [Covenant](https://app.tidalcyber.com/software/c9cea5ac-b426-5484-a228-6eeffa173611) for command and control following compromise of internet-facing servers.<sup>[[Microsoft HAFNIUM March 2020](https://app.tidalcyber.com/references/6a986c46-79a3-49c6-94d2-d9b1f5db08f3)]</sup><sup>[[Microsoft Silk Typhoon MAR 2025](https://app.tidalcyber.com/references/08dd388f-5c10-57bc-8263-7214fe667b4a)]</sup>","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f1096809-b870-47aa-b50c-32413b0783ea","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9fddc90d-8518-4461-af27-3bcf6e4da3ae","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"c24727e2-a288-4201-bf1a-3dbcdfe754d3","name":"CowTunnel","type":"malware","source":"Tidal Cyber","software_attack_id":"S3752","tidal_id":"4aa5df33-38dd-5ce8-80a0-3116e55bc53b","created":"2025-12-17T14:18:49.616646Z","modified":"2025-12-17T14:18:49.616649Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"3b807763-3914-4882-a9d7-efdae56f7259","name":"NTPClient payload","description":"<sup>[[Huntress December 09 2025](/references/daa411cf-b40b-445a-81f8-7b851ef15e00)]</sup>","source":"USER","associated_software_id":"594ab13f-0cfa-4926-a79e-2eb921fea494","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"23fcaa1c-0dd5-4326-8427-4dd356a1a19f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0721cfa6-d44c-4c7e-8d4c-d1f541068d1f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c2353daa-fd4c-44e1-8013-55400439965a","name":"CozyCar","type":"malware","source":"MITRE","software_attack_id":"S0046","tidal_id":"946f059b-2227-5949-ac9f-0f60b01ac23a","created":"2017-05-31T21:32:35.022000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e1880d53-16e2-4055-9da9-61fc13118bef","name":"CozyDuke","description":"","source":"MITRE","associated_software_id":"58e77779-2cc6-4570-95a7-fb59b089ab28","owner_id":null,"owner_name":null},{"id":"d3c41287-ead9-42bd-9657-0280e926633f","name":"CozyBear","description":"","source":"MITRE","associated_software_id":"49b8f0f4-77aa-4c7e-925d-054102c7178b","owner_id":null,"owner_name":null},{"id":"5694df56-a690-4ff9-9b19-467a190d26a9","name":"Cozer","description":"","source":"MITRE","associated_software_id":"60187172-ade3-4d87-8d51-3b064838867d","owner_id":null,"owner_name":null},{"id":"d541afa1-c54a-4dc9-939b-aacc5251fc44","name":"EuroAPT","description":"","source":"MITRE","associated_software_id":"8b01f729-fa16-4bd7-b5d3-2d84a1ecb32b","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8808a768-af43-4049-b6de-dae9195ffd3d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"47e710b4-1397-47cf-a979-20891192f313","name":"CrackMapExec","type":"tool","source":"MITRE","software_attack_id":"S0488","tidal_id":"a9ae1a7f-74da-5530-b3d7-205d0f4da6aa","created":"2020-07-17T14:23:05.958000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"\n<sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) used [CrackMapExec](https://app.tidalcyber.com/software/47e710b4-1397-47cf-a979-20891192f313) during intrusions.<sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]</sup><sup>[[BitDefender Chafer May 2020](https://app.tidalcyber.com/references/24ea6a5d-2593-4639-8616-72988bf2fa07)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks IRON LIBERTY July 2019](https://app.tidalcyber.com/references/c666200d-5392-43f2-9ad0-1268d7b2e86f)]</sup><sup>[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]</sup><sup>[[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rakesh Krishnan Devman May 23 2025](/references/4d14f459-c939-4120-b2e2-2a8a36b01e76)]</sup>","group_attack_id":"G3110","group_id":"b7b61ba1-7b0c-4568-a5ee-8b6634ed5b60","name":"Devman Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b04e8ef3-21e9-4dae-9793-1850afd397ec","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c1e2dfcb-f631-4d78-b286-2539f3275eb7","tag":"f683d62f-15d4-43c0-a8a3-7d6310e552f3"},{"id":"23033451-d3db-4d4e-a43e-ebd3a41d0714","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"f5f796df-515b-4110-876f-35f5e6ba9e43","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"233da2cd-17d5-4c0d-b647-1ef95e8fe7ce","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"69ae59ea-e115-4fbd-840e-2aa5a842ad20","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"40803fed-ffb9-4618-bc50-4a0710c9bd8a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c3c0fc46-02ef-44a0-8f7c-3a38f85b9855","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"536ac912-2334-4852-ac18-b8bec67eff64","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1ca927bf-7820-433d-a927-f44e1b48e31c","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"3b6a4a6d-5226-4c87-8cc4-168376e23379","name":"CrashFix","type":"malware","source":"Tidal Cyber","software_attack_id":"S3979","tidal_id":"5d265eea-ab94-5994-85fe-4d6fe8cee1bf","created":"2026-01-23T20:31:11.384389Z","modified":"2026-01-23T20:31:11.384392Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9b12c2a1-56fd-4bb6-b9f8-c369e151d4c1","name":"ClickFix (variant)","description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","source":"USER","associated_software_id":"12c12468-1db4-49c8-8f6f-60227741a72a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","group_attack_id":"G3213","group_id":"a0202bc8-abe6-42c1-ac84-1dc27b9e322f","name":"KongTuke","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"af5e4041-50c8-4c35-bf73-85f46970ce95","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"449afd4d-96ba-4172-857b-ca486416783f","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"92dea35f-fea0-4c27-b65b-626483efa06b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"0780d26c-0ff0-40ec-be33-b03c32f8d52d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7d5cdaa3-b4a8-4342-a405-bf595766eae5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"85ddc5bd-5559-449d-bb5c-c58e6d43fed5","name":"CRASHPAD","type":"malware","source":"Tidal Cyber","software_attack_id":"S3638","tidal_id":"d22acae7-9a5a-5da6-bfb0-05e3fd6654f1","created":"2025-11-19T17:45:40.132997Z","modified":"2025-11-19T17:45:40.133000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"117a45fe-de74-4474-83cf-00ef30239a7c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c87a39e9-d9b0-44a9-bf44-750d41d89bcc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1cd7e998-ae58-42aa-a3e0-d3858aa44c70","name":"crazyhunter.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3896","tidal_id":"5f6acce6-b28a-5755-b0a3-61ec75cfff27","created":"2026-01-14T13:31:31.592800Z","modified":"2026-01-14T13:31:31.592805Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"44354a99-7db9-484b-9407-ba5a9e53884a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"2481ea05-c02a-4380-b3e8-fb5dab7378a9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"46a29ef4-0672-4372-a217-9b4b1dd57c96","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"43286361-2659-40bd-b0e6-0e7952da4f3a","name":"CrazyHunter ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3893","tidal_id":"91bacb1a-54b8-58dc-9c0e-cd8aa4f2536a","created":"2026-01-14T13:31:31.082595Z","modified":"2026-01-14T13:31:31.082600Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f1a0a769-d6f6-4130-abb1-780067fd6cc2","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9b427aeb-bafa-4777-863f-5672aa4f671f","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"160f50dc-7b94-49c7-9db1-75dd2f7a96ca","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"d0c8079d-fdac-4de5-844b-b0082d2ec16e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"90e86554-a79c-4cc4-ba3a-19823027cf74","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a574b315-523c-45c3-8743-feb3d541e81a","name":"Createdump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3331","tidal_id":"0c0ff1f9-b950-524f-bbb0-72ebd9f04945","created":"2024-01-12T14:48:29.124781Z","modified":"2024-01-12T14:48:29.124785Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"47df2f27-f2a2-4857-8f0c-e75179b93b8c","name":"Createdump.exe","description":"<sup>[[Createdump.exe - LOLBAS Project](/references/f3ccacc1-3b42-4042-9a5c-f5b483a5e801)]</sup>","source":"Tidal Cyber","associated_software_id":"8a49e7dc-04ce-44d3-919d-91700e11e1c9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a3b4fbe2-199f-405a-bd9e-7a4b35e89433","tag":"7beee233-2b65-4593-88e6-a5c0c02c6a08"},{"id":"080b5f1f-2633-42a8-bde4-b83b2190f42a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"60152ee0-503c-4644-8ed6-09435a9f141e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"516ffd19-72b9-43a1-b866-bb075fdcb137","name":"CredoMap","type":"malware","source":"Tidal Cyber","software_attack_id":"S3099","tidal_id":"17a7117e-9908-511e-b01c-0ffdd6794dab","created":"2023-12-06T16:45:21.542195Z","modified":"2023-12-06T16:45:21.542200Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERTFR-2023-CTI-009](/references/5365ac4c-fbb8-4389-989e-a64cb7693371)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"27a28353-92f8-4b2e-a4ab-dbc2d10e296a","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"541be567-7ecf-41c8-b5fe-7a7d48218de6","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"7f7f05c3-fbb1-475e-b672-2113709065c8","name":"CreepyDrive","type":"malware","source":"MITRE","software_attack_id":"S1023","tidal_id":"11f50586-b992-50ec-97ee-c58089be753d","created":"2022-07-07T14:30:25.403000Z","modified":"2022-08-10T13:07:11.790000Z","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft POLONIUM June 2022](https://app.tidalcyber.com/references/689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd)]</sup>","group_attack_id":"G1005","group_id":"7fbd7514-76e9-4696-8c66-9f95546e3315","name":"POLONIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5fb2238b-1213-4ae0-908e-726dbc29a852","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"991ada6d-9f84-43e4-8ac2-a2ebfd5e3a60","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"3c704bd1-a80b-4bf8-b828-49decbe7a66f","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"93ebf10d-4034-4059-9b33-7c0151ec423d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"11ce380c-481b-4c9b-b44e-06f1a91c01c1","name":"CreepySnail","type":"malware","source":"MITRE","software_attack_id":"S1024","tidal_id":"8dfc2b62-6fb3-5cc2-9c76-04be18969e9d","created":"2022-07-08T14:05:44.014000Z","modified":"2022-08-08T20:18:47.253000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft POLONIUM June 2022](https://app.tidalcyber.com/references/689ff1ab-9fed-4aa2-8e5e-78dac31e6fbd)]</sup>","group_attack_id":"G1005","group_id":"7fbd7514-76e9-4696-8c66-9f95546e3315","name":"POLONIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3b3f296f-20a6-459a-98c5-62ebdee3701f","name":"Crimson","type":"malware","source":"MITRE","software_attack_id":"S0115","tidal_id":"90c01c50-44da-521c-b4f7-330ebea5116f","created":"2017-05-31T21:33:08.679000Z","modified":"2022-09-22T18:16:11.378000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b5691880-3483-4eb2-8075-a6232299f4bd","name":"MSIL/Crimson","description":"<sup>[[Proofpoint Operation Transparent Tribe March 2016](https://app.tidalcyber.com/references/8e39d0da-114f-4ae6-8130-ca1380077d6a)]</sup>","source":"MITRE","associated_software_id":"349d3f77-068f-4300-98b9-05245f5f3a7a","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Proofpoint Operation Transparent Tribe March 2016](https://app.tidalcyber.com/references/8e39d0da-114f-4ae6-8130-ca1380077d6a)]</sup><sup>[[Cisco Talos Transparent Tribe Education Campaign July 2022](https://app.tidalcyber.com/references/acb10fb6-608f-44d3-9faf-7e577b0e2786)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8173a00b-4fa2-4af5-b9af-ed60f8876a05","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fc2ef581-a460-4655-9e34-62c36873ff45","name":"cron","type":"tool","source":"Tidal Cyber","software_attack_id":"S3693","tidal_id":"7d0c4df1-3ebf-5ba6-b169-c0b3fb9542cd","created":"2025-12-10T14:14:55.211528Z","modified":"2025-12-10T14:14:55.211531Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"dd7e7eb5-8fe3-4234-8bf8-634eb6434a39","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"edd1fc5f-4cf9-4002-b6fc-7c0ab8dc0b4d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c9930462-ee59-4ad5-8dc5-28fc647a3486","name":"CrossC2","type":"tool","source":"Tidal Cyber","software_attack_id":"S3747","tidal_id":"ce2b3852-2461-5bb4-9415-c13b3762ea17","created":"2025-12-17T14:18:48.868685Z","modified":"2025-12-17T14:18:48.868689Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"1017c49b-37d7-4962-b15d-98748b94283c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"642792d4-4909-485e-9967-9153ee5b305b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"38811c3b-f548-43fa-ab26-c7243b84a055","name":"CrossRAT","type":"malware","source":"MITRE","software_attack_id":"S0235","tidal_id":"01811dd1-62b0-5d50-8256-536d74c1dd14","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)]</sup>","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ea655d8a-4bea-4f66-8732-6ebc37ef83a8","name":"CrowDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3604","tidal_id":"bc87a672-7fd2-5c8d-9907-310511624927","created":"2025-10-24T16:13:47.987651Z","modified":"2025-10-24T16:13:47.987655Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro October 22 2025](/references/230dbb27-9f4b-417f-ae7f-e88de27f4bc5)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ea470d21-9970-4d7a-a125-9a78c7f960b4","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"4090bb33-dcaf-44d6-b7d7-655f92a9cd51","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"66978296-cdbe-4214-9a11-ae1e5fed9d02","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"65a5b958-02ec-4b31-80ca-96dc634895fd","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ca2aeebb-fa81-4a4f-b7b0-dc092607cc5e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c441a356-3fa5-48af-b463-e0210c3f590e","name":"CrowdStrike.exe wiper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3655","tidal_id":"8195fccb-06e8-592e-8d39-b7195812cd07","created":"2025-11-26T19:38:18.341577Z","modified":"2025-11-26T19:38:18.341582Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cyber Daily Handala June 16 2025](/references/0d279886-6dfd-4587-b0af-98b425b84a50)]</sup>","group_attack_id":"G3113","group_id":"9462ee53-0e12-4441-a722-dabf6b3677b9","name":"Handala Hack Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a2b409b7-05d0-4d00-922d-fcfb639379dc","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"89378d53-8de6-40c9-b938-d24360cceb9d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e1ad229b-d750-4148-a1f3-36e767b03cd1","name":"Crutch","type":"malware","source":"MITRE","software_attack_id":"S0538","tidal_id":"8acb9d3b-58ad-59c4-98f2-f3c7f9348f51","created":"2020-12-04T20:43:50.481000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Crutch December 2020](https://app.tidalcyber.com/references/8b2f40f5-7dca-4edf-8314-a8f5bc4831b8)]</sup><sup>[[Talos TinyTurla September 2021](https://app.tidalcyber.com/references/94cdbd73-a31a-4ec3-aa36-de3ea077c1c7)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1b6fa662-556e-49ae-a420-41f7bfd36eb8","name":"CryptBot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3430","tidal_id":"2bee3ce5-f40d-5ad4-9c36-4c68532810ba","created":"2025-02-18T15:18:32.803786Z","modified":"2025-02-18T15:18:32.803789Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cybercrime Report February 11 2025](/references/17685d5c-4255-445e-a546-e0dfb92378c2)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"91dd986f-7d37-4fb3-aad5-a54b09de3a19","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"2c510b11-10b7-4839-addb-7f122be2d751","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6c0b1e51-8f21-44d5-b059-89bd6cb8e5ba","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"12ce6d04-ebe5-440e-b342-0283b7c8a0c8","name":"Cryptoistic","type":"malware","source":"MITRE","software_attack_id":"S0498","tidal_id":"64252c4e-07b5-5bcd-b32a-af4d2adfa4b2","created":"2020-08-10T14:26:12.369000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelOne Lazarus macOS July 2020](https://app.tidalcyber.com/references/489c52a2-34cc-47ff-b42b-9d48f83b9e90)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"91f3c609-4855-471e-9a0c-d7ebd3605b64","name":"Crystal PDF","type":"malware","source":"Tidal Cyber","software_attack_id":"S3856","tidal_id":"ee52a1b6-de17-5a3b-958a-53f74f6825e9","created":"2025-12-29T17:41:09.695700Z","modified":"2025-12-29T17:41:09.695703Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"976eac5c-ae1a-4065-8793-0aa4eefff5a9","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"2fd48725-1de3-44a3-a1b9-6c1d80a0e639","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"45232fd9-a10c-46d9-aa9a-2730dd33e579","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"ae43fb75-a2ca-49f0-bf6a-9cccc07e2a1f","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"b1c43415-b6ea-40fa-a03e-2c8f5f8d6bb2","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"db39ddc5-533c-47c2-88cb-ac3896069c5d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9c3c484b-86dc-4781-ac5a-f1b9a2204e9d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"939eeb6b-3f74-43b6-8ead-644457ee7d78","name":"Csc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3208","tidal_id":"1b02f633-340d-5f51-80c2-281e04cbb232","created":"2024-01-12T14:47:46.494957Z","modified":"2024-01-12T14:47:46.494961Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2f3dd328-c1cb-4711-92a8-c1762925f427","name":"Csc.exe","description":"<sup>[[Csc.exe - LOLBAS Project](/references/276c9e55-4673-426d-8f49-06edee2e3b30)]</sup>","source":"Tidal Cyber","associated_software_id":"909a545e-eec1-4c0d-a57e-a183bf036bb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ClearSky MuddyWater Nov 2018](/references/a5f60f45-5df5-407d-9f68-bc5f7c42ee85)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a3a1c6a-9e04-49f5-b7bb-be95640787d4","tag":"2ee25dd6-256c-4659-b1b6-f5afc943ccc1"},{"id":"d45c8512-8f53-4b84-9946-376af242acc5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"666165f1-50d2-43ae-9043-ba7547a29615","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"83036c61-d8cf-42f8-a9e5-dc3d26d75cdc","name":"Cscript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3209","tidal_id":"270bd9fd-cec4-543b-b8b8-21a12a38dd38","created":"2024-01-12T14:47:46.864406Z","modified":"2024-01-12T14:47:46.864410Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"85524fce-888e-4754-ad46-8635c24c0d12","name":"Cscript.exe","description":"<sup>[[Cscript.exe - LOLBAS Project](/references/428b6223-63b7-497f-b13a-e472b4583a9f)]</sup>","source":"Tidal Cyber","associated_software_id":"589c7b11-190b-4cd3-b8c4-cf623697d207","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fdfbb17c-3242-445f-a045-8a80dd1620d7","tag":"7cae5f59-dbbf-406f-928d-118430d2bdd0"},{"id":"afdc105a-e05c-4557-8c94-939460e67905","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"852e2341-6496-4072-b1b6-62ae768f6fff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a11e4ebf-59e4-4b79-8a20-be1618dfbaed","name":"csi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3332","tidal_id":"1f116d59-e034-5aad-b893-15419e6d0d79","created":"2024-01-12T14:48:29.459618Z","modified":"2024-01-12T14:48:29.459622Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"adf2b27f-3e99-42a9-8d00-45d15feb8b05","name":"csi.exe","description":"<sup>[[csi.exe - LOLBAS Project](/references/b810ee91-de4e-4c7b-8fa8-24dca95133e5)]</sup>","source":"Tidal Cyber","associated_software_id":"bebeee27-af58-4daa-ae34-c432ba0aaf0d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dfd17d38-b62a-48f2-9d51-890c6a552797","tag":"86bb7f3c-652c-4f77-af2a-34677ff42315"},{"id":"c81c4070-c02d-48f1-809a-a7c058a08b3f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"40843646-32bf-4d3b-a5f5-d49c57f38cde","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7f1992a7-f17c-47f9-8cbf-974ae4d7bf2a","name":"CSmtp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3531","tidal_id":"f1ec1a5d-2438-5660-a62f-ac792f13ea85","created":"2025-08-28T19:35:48.971656Z","modified":"2025-08-28T19:35:48.971659Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud June 15 2023](/references/beb7f804-f6b7-4b9c-996b-61136b97a546)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6973313c-81d3-473e-9680-cc3c107f48fa","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5c452c5f-7c59-4635-a30f-4dbddb94bb3e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"e942b27c-8bc0-424a-a801-d5589ff7a26c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"93816918-aae4-4ada-8c5e-e55d9e2d8f50","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"eb481db6-d7ba-4873-a171-76a228c9eb97","name":"CSPY Downloader","type":"tool","source":"MITRE","software_attack_id":"S0527","tidal_id":"817600cc-b673-5d0d-b58d-a27cde18a06a","created":"2020-11-09T14:30:35.202000Z","modified":"2022-10-18T23:14:56.867000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"095064c6-144e-4935-b878-f82151bc08e4","name":"Cuba","type":"malware","source":"MITRE","software_attack_id":"S0625","tidal_id":"984cc794-41d0-58ea-87db-05b5fb4fa769","created":"2021-06-18T22:05:58.411000Z","modified":"2021-10-12T21:13:50.228000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Cuba Ransomware October 2022](/references/d6ed5172-a319-45b0-b1cb-d270a2a48fa3)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"47ecac2d-4684-4fdd-98cd-d89fef5a523d","tag":"64d3f7d8-30b7-4b03-bee2-a6029672216c"},{"id":"40547678-c2fc-4b93-9160-66a821962f50","tag":"375983b3-6e87-4281-99e2-1561519dd17b"},{"id":"a6e477d3-db52-4c5b-bb0a-6afc97665060","tag":"3ed2343c-a29c-42e2-8259-410381164c6a"},{"id":"b1b775a0-d865-4b4f-8dfd-97f0a48c1dc4","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"0b941d17-8345-4884-ad03-9ac36b0a48e4","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"0c209374-0448-4e85-901e-b32237cadc12","tag":"4bc9ab8f-7f57-4b1a-8857-ffaa7e5cc930"},{"id":"0afa4846-8a17-4e88-9dfa-c0efc50c770d","tag":"17864218-bc4f-4564-8abf-97c988eea9f7"},{"id":"2c4d3ffb-a998-4a48-835d-de7a0f8142d3","tag":"b6458e46-650e-4e96-8e68-8a9d70bcf045"},{"id":"5ddaacdd-11ca-4226-93ea-9492b0600590","tag":"bac51672-8240-4182-9087-23626023e509"},{"id":"ab593e03-0187-4755-97d5-cab3574334d3","tag":"c5c8f954-1bc0-45d5-9a4f-4385d0a720a1"},{"id":"488138e8-cc4e-4ad3-afa0-ff4ec5655aab","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"c774fe27-033d-4330-bf48-4729a572bd7d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"6e8c24c1-1cbd-5698-9a91-c3e0d937adf4","name":"Cuckoo Stealer","type":"malware","source":"MITRE","software_attack_id":"S1153","tidal_id":"6e8c24c1-1cbd-5698-9a91-c3e0d937adf4","created":"2024-10-31T16:28:03.370633Z","modified":"2024-10-31T16:28:03.370636Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"911e9591-b488-4b48-b468-9fb32c9999d3","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"fe225b25-1c82-4be2-93f7-08989cf1f201","name":"curl","type":"tool","source":"Trellix TIG","software_attack_id":"S3465","tidal_id":"aa60820e-e69f-52c8-a12d-5290d7faf455","created":"2025-04-11T15:06:53.210211Z","modified":"2025-04-11T15:06:53.210215Z","platforms":[],"associated_software":[{"id":"0c0a2fda-d09d-4a7c-ba8a-c4ff9777c533","name":"curl.exe","description":"","source":"Trellix TIG","associated_software_id":"c61ab276-ecfe-4ab4-a221-6ecc1e8b9e98","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"1e29a1b4-50d4-4699-b90a-e5100f652c66","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"7cd296ab-b749-41ea-ab52-10bb03cce12e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"0fe16787-d354-403e-8579-8ce422d6ab54","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"d9ed6b74-d029-4b8c-92eb-520a356ab6cd","name":"Custom Dropper/Unpacker (xd.sh, cloud)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3687","tidal_id":"f15af112-5713-55a6-8527-a5167c01616a","created":"2025-12-10T14:14:54.180048Z","modified":"2025-12-10T14:14:54.180052Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d5a0ef3f-54ec-4d9b-a528-14d98b499b6f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"aa55618d-bf27-4413-a584-577e3d86d0f3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6881b13c-ba09-4702-bf0f-6f86aa895a05","name":"Custom Real-Time Phishing Kits","type":"tool","source":"Tidal Cyber","software_attack_id":"S3984","tidal_id":"a3349650-e89e-5ca1-bc5e-cfdec5cfa894","created":"2026-01-23T20:31:12.116080Z","modified":"2026-01-23T20:31:12.116083Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"},{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"85b869d4-1255-45d8-ace2-b461ead2bbcd","name":"Vishing Kits","description":"<sup>[[www.okta.com January 23 2026](/references/5ba030cc-d314-44ba-8eb1-8bd49319f6c4)]</sup>","source":"USER","associated_software_id":"0afa8e5a-77bc-4fc4-8e0c-6faa04a84f32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"5d4a961e-6d90-446c-a20f-581563870403","name":"Hybrid Phishing Kits","description":"<sup>[[www.okta.com January 23 2026](/references/5ba030cc-d314-44ba-8eb1-8bd49319f6c4)]</sup>","source":"USER","associated_software_id":"af91194f-c26b-46c4-bf9f-96d81c530ef2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[www.okta.com January 23 2026](/references/5ba030cc-d314-44ba-8eb1-8bd49319f6c4)]</sup><sup>[[BleepingComputer January 22 2026](/references/daff40d1-f22d-4dac-92d4-d0cdc3a25c10)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8afa1289-02ff-440e-aa1c-28d03296bae2","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"0913aaa8-176c-4564-af52-4655fb4e266f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"b61b7a22-6d75-4f6e-913c-3c2c9d6f34c4","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"a173e577-9a1b-4e73-8b50-5f5d224b1e50","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"06a8798a-bd8d-4bb2-ac98-7d2890c46ed7","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"96bf6ec8-e03c-4874-9e11-c6f910a8ec96","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bfdf8ca0-97e4-48bb-92b6-909f5c387ea8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3ff0d4fc-6678-42f0-869b-f48906d98f82","name":"CustomShellHost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3210","tidal_id":"e6583517-d05f-5c2d-9e8a-a1730c366aa3","created":"2024-01-12T14:47:47.225637Z","modified":"2024-01-12T14:47:47.225641Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a45110a8-8c68-4aeb-87b9-668376785df5","name":"CustomShellHost.exe","description":"<sup>[[CustomShellHost.exe - LOLBAS Project](/references/96324ab1-7eb8-42dc-b19a-fa1d9f85e239)]</sup>","source":"Tidal Cyber","associated_software_id":"642284c2-5216-47f6-994b-98ff2fa839b9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2f1f703a-8d9e-4de8-8cbc-b29ca28d2588","tag":"536c3d51-9fc4-445e-9723-e11b69f0d6d5"},{"id":"01fbd02d-3f81-4fa7-8888-66fcc4995594","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ceded1a7-9f04-4c69-a6c1-b6c6aed89ed6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7fb3ea46-97ef-40d4-a6e0-1ad98158651a","name":"CVE-2017-11882 Exploit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3967","tidal_id":"42fb7c13-765e-55af-b4bc-bb6aefe6ebe3","created":"2026-01-23T20:31:09.580181Z","modified":"2026-01-23T20:31:09.580185Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","group_attack_id":"G3210","group_id":"abc6d74d-e425-4181-93ed-bb16f911871b","name":"Donot Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"0b476757-5409-4b62-b33d-3fa76ab36e59","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"54b7571d-3be1-4602-b95a-52179a9b7f40","tag":"0c358281-3438-4fe3-8bb6-d215f208d53d"},{"id":"f169558b-d96d-438a-8ab1-551c755e0c66","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"030e8305-5160-4bf6-8227-02f169c8bf75","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ea398c4d-b8c7-4744-8ff1-6e461dbde83d","name":"Cyberduck","type":"tool","source":"Tidal Cyber","software_attack_id":"S3616","tidal_id":"057e51de-794f-5ac1-acf4-73449147dbd5","created":"2025-11-11T13:26:32.289471Z","modified":"2025-11-11T13:26:32.289478Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a0ce17d4-4835-4e3f-8431-d63405232927","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"26d48d0d-7fa9-4cda-918c-e1db4a166e3e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"664c7426-fd2a-437c-afbf-1c6596949fc7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ac9e314c-1e14-4b56-92a2-0ba96c986f13","name":"CyberVolk Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3466","tidal_id":"fba287cf-dab6-5772-bb3b-7205a8a3bbff","created":"2025-04-11T15:33:57.288792Z","modified":"2025-04-11T15:33:57.288798Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aa9bc396-beb2-4ec5-974f-6038d9ea7aa1","name":"Invisible Ransom","description":"<sup>[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]</sup>","source":"Tidal Cyber","associated_software_id":"4c648717-9db6-4287-a51c-4f72cd98ffb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]</sup>","group_attack_id":"G3096","group_id":"82fc3514-e812-47f8-8e76-8bc5a8e3121c","name":"CyberVolk","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"68bdb0a1-9bc5-414e-9790-6f762dea2f92","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"78d96df0-6a9d-4b8a-bdee-9e59be525c3e","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"2a77451b-e7df-4ea0-b8a4-fa06dea42f29","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"76ed2e2c-f4d0-4933-ac34-81ad2791dca9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"68792756-7dbf-41fd-8d48-ac3cc2b52712","name":"Cyclops Blink","type":"malware","source":"MITRE","software_attack_id":"S0687","tidal_id":"95175b84-6dcb-55ff-a7ca-afa0273d6485","created":"2022-03-03T15:37:41.440000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[NCSC CISA Cyclops Blink Advisory February 2022](https://app.tidalcyber.com/references/bee6cf85-5cb9-4000-b82e-9e15aebfbece)]</sup><sup>[[Trend Micro Cyclops Blink March 2022](https://app.tidalcyber.com/references/64e9a24f-f386-4774-9874-063e0ebfb8e1)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f7a7447a-99ba-42f2-a606-1c80f0c477fa","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"fdee9ac1-0344-490f-91f0-07d101fb3932","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"9d521c18-09f0-47be-bfe5-e1bf26f7b928","name":"Dacls","type":"malware","source":"MITRE","software_attack_id":"S0497","tidal_id":"0cbe30dc-49e3-563f-9faa-4619248831e2","created":"2020-08-07T14:53:56.534000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelOne Lazarus macOS July 2020](https://app.tidalcyber.com/references/489c52a2-34cc-47ff-b42b-9d48f83b9e90)]</sup><sup>[[TrendMicro macOS Dacls May 2020](https://app.tidalcyber.com/references/0ef8691d-48ae-4057-82ef-eb086c05e2b9)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a45bddd0-ce0b-4549-93d5-e0d9e8dc121c","name":"DaemonicLogistics","type":"malware","source":"Tidal Cyber","software_attack_id":"S3674","tidal_id":"982bcf4a-efae-5281-90e1-be17a53bba9f","created":"2025-12-10T14:14:52.126463Z","modified":"2025-12-10T14:14:52.126467Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET PlushDaemon November 19 2025](/references/fd6d089e-4549-4442-91bf-3cf1e85db012)]</sup>","group_attack_id":"G3069","group_id":"3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6","name":"PlushDaemon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9572922d-c657-407e-b5df-44a17edb0e47","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d5931a14-2eba-44f7-a1c4-d342cb5e5531","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d4f5132b-9de8-4227-8c13-3c20428f3859","name":"DAMASCENED PEACOCK","type":"malware","source":"Tidal Cyber","software_attack_id":"S3470","tidal_id":"4f11fb0a-e2b8-51c3-8f71-ea8b3f6fa556","created":"2025-04-23T15:51:42.679813Z","modified":"2025-04-23T15:51:42.679817Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[UK MOD DAMASCENED PEACOCK April 11 2025](/references/92351a33-f2bc-4c49-9ba7-dc9468795168)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6b338ce7-a07f-4bfd-b025-235b7c93109e","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"cfc6af16-3676-4e96-82c8-f8d045c3fd71","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a123add2-461f-45cf-b8e5-f0188b836e21","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"df0d1376-4bab-408f-b4ca-e27efacb04ee","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8cef8031-96c4-4c3d-b703-6fc3fa21813c","name":"DanaBot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3423","tidal_id":"95f5f1c0-013b-59ae-8a0c-b0455376e685","created":"2025-02-11T18:20:39.155695Z","modified":"2025-02-11T18:20:39.155699Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"be7d957f-96fd-4555-ab9a-1ff213c8b1f7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"b52998d5-d345-414b-8c14-35239835cdbf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c6dbbe5b-82e7-4e54-8676-0f4e96d96055","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"131c0eb2-9191-4ccd-a2d6-5f36046a8f2f","name":"DanBot","type":"malware","source":"MITRE","software_attack_id":"S1014","tidal_id":"a7e551e3-e9bd-5b9c-b4f4-095ffca6e730","created":"2022-06-03T14:35:23.246000Z","modified":"2022-09-01T14:11:46.207000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SecureWorks August 2019](https://app.tidalcyber.com/references/573edbb6-687b-4bc2-bc4a-764a548633b5)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"032269a3-5c64-4bfe-9340-3a690a9f689b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"74f88899-56d0-4de8-97de-539b3590ab90","name":"DarkComet","type":"malware","source":"MITRE","software_attack_id":"S0334","tidal_id":"e6ded319-192a-53ed-820f-e5d63938ee89","created":"2019-01-29T19:18:28.468000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fdd52ea2-a313-490e-9492-a4acd2017344","name":"DarkKomet","description":"<sup>[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]</sup>","source":"MITRE","associated_software_id":"afb90bbd-2299-4f3a-a9a8-792f4401e08f","owner_id":null,"owner_name":null},{"id":"b4d8fb4a-4130-4eec-aabc-6949f48ca918","name":"FYNLOS","description":"<sup>[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]</sup>","source":"MITRE","associated_software_id":"abbedb20-272b-4278-ab46-8e46e7cd70ed","owner_id":null,"owner_name":null},{"id":"bb346f9a-7140-46c4-b6d7-cd3ba3c96c16","name":"Fynloski","description":"<sup>[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]</sup>","source":"MITRE","associated_software_id":"f319bc98-ef43-47ef-8572-601f0be6fb68","owner_id":null,"owner_name":null},{"id":"bdc84346-035e-4ca7-8180-777849982524","name":"Krademok","description":"<sup>[[TrendMicro DarkComet Sept 2014](https://app.tidalcyber.com/references/fb365600-4961-43ed-8292-1c07cbc530ef)]</sup>","source":"MITRE","associated_software_id":"cc96486b-d19d-4819-8265-9203a28ba6c9","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Unit 42 ProjectM March 2016](https://app.tidalcyber.com/references/adee82e6-a74a-4a91-ab5a-97847b135ca3)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]</sup>","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Elfin Mar 2019](/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a1be74f-387d-497b-b69d-90eb289f9c90","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"39d81c48-8f7c-54cb-8fac-485598e31a55","name":"DarkGate","type":"malware","source":"MITRE","software_attack_id":"S1111","tidal_id":"112f4e5b-9b5d-5d9e-8424-5cdf5fc03d23","created":"2024-04-25T13:28:19.435528Z","modified":"2024-04-25T13:28:19.435531Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Malwarebytes Pikabot December 15 2023](/references/50b29ef4-7ade-4672-99b6-fdf367170a5b)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"10f09370-1b45-4239-b4f4-303bc8033b38","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"4cec07ef-7236-44c3-9495-9a01d805de0c","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"31b8840d-2642-4955-b997-072de53fc91f","name":"dark-kill","type":"tool","source":"Tidal Cyber","software_attack_id":"S3620","tidal_id":"31a781ed-ce06-54c7-aae1-6f50a6339de8","created":"2025-11-11T13:26:33.816496Z","modified":"2025-11-11T13:26:33.816499Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"46953af0-9f90-4a60-8256-ee73e23329f0","name":"dark.sys","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"0ca82f17-bd62-4576-8ff0-6115f42553e9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b7ef4eaa-e027-4a1a-a37b-d7e352eb1910","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"927b4412-9baf-4456-942c-defae4c37bcc","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ce446b45-f558-4692-9d55-036424b90f92","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"02c8cd4d-2255-4337-96a1-d2bab5dd6c2e","name":"DarkMusical","type":"malware","source":"Tidal Cyber","software_attack_id":"S3964","tidal_id":"7ace9c09-15cf-5466-b74e-f2b1ae4fb618","created":"2026-01-23T20:31:09.143650Z","modified":"2026-01-23T20:31:09.143653Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","group_attack_id":"G3210","group_id":"abc6d74d-e425-4181-93ed-bb16f911871b","name":"Donot Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f37825f4-1a32-4b67-b0aa-a9b9ec7fffb6","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"5a84a55c-8852-4d91-816f-c33aab5d98b3","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"be8d7ac9-133a-4f9a-887e-f633352aa5ab","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"b80a8c44-c0d2-4b38-9f18-46c6e3c86758","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"ce0406d6-5d23-4d91-97f1-7a58cd4b3afc","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"6c7d97ea-dab2-4cd8-af2c-0dfde3cdcf78","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"ccbde55d-7798-40fe-a40b-392b8308667b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"41b4d8ce-6969-4baa-8a65-4b3206e4fce6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"35abcb6b-3259-57c1-94fc-50cfd5bde786","name":"DarkTortilla","type":"malware","source":"MITRE","software_attack_id":"S1066","tidal_id":"f227400c-4f86-5ac9-8228-35f11f1ab900","created":"2023-05-26T01:20:53.179005Z","modified":"2023-05-26T01:20:53.179008Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"740a0327-4caf-4d90-8b51-f3f9a4d59b37","name":"DarkWatchman","type":"malware","source":"MITRE","software_attack_id":"S0673","tidal_id":"a3e0aaf2-5eb6-5bc6-acd7-d5c5cf973b06","created":"2022-01-10T19:43:47.281000Z","modified":"2022-10-18T23:16:37.724000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f8de0aec-06f7-40a1-909d-590d3ca55b8d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"27f3fdd1-de91-40fe-bbc5-0d7125ff287d","name":"DarkWisp","type":"malware","source":"Tidal Cyber","software_attack_id":"S3712","tidal_id":"379e6de4-9987-5f4a-866d-6669810ba5db","created":"2025-12-10T14:14:58.286801Z","modified":"2025-12-10T14:14:58.286805Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","group_attack_id":"G3157","group_id":"271cfdb6-e918-4a86-9289-c6a4d6b99ce4","name":"Water Gamayun","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c5d1153f-4680-4a76-86d5-2194f090a2f4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4c02de9f-579e-429f-9348-5f7602452b9a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fad65026-57c4-4d4f-8803-87178dd4b887","name":"Daserf","type":"malware","source":"MITRE","software_attack_id":"S0187","tidal_id":"847aa92b-2128-5d2a-bb59-f103fc8d687b","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b4266b69-f6d1-4b1a-b8d1-13fa716d7820","name":"Muirim","description":"<sup>[[Trend Micro Daserf Nov 2017](https://app.tidalcyber.com/references/4ca0e6a9-8c20-49a0-957a-7108083a8a29)]</sup>","source":"MITRE","associated_software_id":"82694e7e-140d-4ee6-93a0-03af069029cf","owner_id":null,"owner_name":null},{"id":"c3e307a0-015c-425b-86e8-1e10e473dde3","name":"Nioupale","description":"<sup>[[Trend Micro Daserf Nov 2017](https://app.tidalcyber.com/references/4ca0e6a9-8c20-49a0-957a-7108083a8a29)]</sup>","source":"MITRE","associated_software_id":"dae98258-e7d1-4e13-9c88-13d5fe07bf89","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Trend Micro Daserf Nov 2017](https://app.tidalcyber.com/references/4ca0e6a9-8c20-49a0-957a-7108083a8a29)]</sup><sup>[[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"dd555a4c-3b04-48c1-988f-d530d699a5bf","name":"DataSvcUtil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3211","tidal_id":"810db6ef-0211-59f8-aa3c-6c8e56238a7f","created":"2024-01-12T14:47:47.604972Z","modified":"2024-01-12T14:47:47.604976Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"19ffd64e-a0bb-4dc2-be9d-f592cc81b9b8","name":"DataSvcUtil.exe","description":"<sup>[[DataSvcUtil.exe - LOLBAS Project](/references/0c373780-3202-4036-8c83-f3d468155b35)]</sup>","source":"Tidal Cyber","associated_software_id":"c64f5d2e-d645-4dd8-bc8f-9e515f8f80c3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"68db5b8e-aacb-4bc7-a1a2-4c67d76a2e07","tag":"0576be43-65c6-4d1a-8a06-ed8232ca0120"},{"id":"8d6c7fc6-3379-4338-838f-df58bd166c35","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1ba58351-4b41-46a1-b9ab-cf351e8d0648","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"789791b7-1ea1-4b18-8253-4663bb7ec143","name":"DBatLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3002","tidal_id":"0f34c39d-be47-517f-9bf8-f1f39791b381","created":"2024-06-13T20:12:25.221012Z","modified":"2024-06-13T20:12:25.221015Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"28e11e8a-aef7-4a75-9197-fe8184fdd568","name":"ModiLoader","description":"<sup>[[DBatLoader Actively Distributing Malwares Targeting European Businesses](/references/42ee2e91-4dac-41ce-b2ec-fde21c258a28)]</sup>","source":"Tidal Cyber","associated_software_id":"6eef0dd4-d721-4f6e-9cc0-d7e4967eb401","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6821d482-52f3-4be2-8e7a-ac37c891dce1","name":"MoDi RAT","description":"<sup>[[Sophos News September 24 2020](/references/8cfa3dc4-a6b4-4204-b1e5-5b325955936d)]</sup>","source":"Tidal Cyber","associated_software_id":"c49680e0-f233-431b-b25c-039051407ad5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"9f24048d-85df-4df7-adb8-b51b8393ef66","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"67d8e250-2f42-4212-916d-90891093472e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8d078b8d-5cd1-4479-9b33-5d252962b952","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3c261299-02e9-402a-a766-d453a907e51d","name":"DBoxAgent","type":"malware","source":"Tidal Cyber","software_attack_id":"S3968","tidal_id":"81ed9011-bb80-5367-9e7f-cf8fe9616ac0","created":"2026-01-23T20:31:09.722537Z","modified":"2026-01-23T20:31:09.722541Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d314f290-528a-42d4-aed4-ce2fbd1ecb3e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"6568f7d2-e07e-4adf-a8d3-af4810d9adb5","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"30bc5dc4-7988-45cd-8a9a-2cee47a66b3f","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"dc3bd2fc-c43a-4db0-bba3-e048f3c53339","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"4fc75d86-6c25-4bb8-846d-678f3ce0c9a4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d4dd1f15-ae62-43af-bc3a-c8cf646535b4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b57a4fb4-17fa-505c-a276-5caeee74e6b0","name":"DCHSpy","type":"malware","source":"Mobile","software_attack_id":"S1243","tidal_id":"b57a4fb4-17fa-505c-a276-5caeee74e6b0","created":"2026-01-28T13:08:09.938367Z","modified":"2026-01-28T13:08:09.938368Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[Lookout_DCHSpy_July2025](https://app.tidalcyber.com/references/f89b4a98-873c-5756-8164-cfc0735a51c2)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"8bebf2ec-e224-4062-8ddb-44d353d45166","name":"DCRat","type":"malware","source":"Tidal Cyber","software_attack_id":"S3428","tidal_id":"9b3395e4-21b8-54c7-8730-83946d074aef","created":"2025-02-18T15:18:31.956942Z","modified":"2025-02-18T15:18:31.956947Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac5a98bb-3ac4-4445-af85-d3ebbd6b7db4","name":"DarkCrystal RAT","description":"","source":"Tidal Cyber","associated_software_id":"be82055c-0017-40d3-96b6-2bc428bfd52c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"66f73265-e0a9-4e9c-9884-f7ecb19b3324","name":"AsyncRAT variant","description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","source":"USER","associated_software_id":"189abbed-0473-44fb-9d33-510df1f270b3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"353978c5-8a71-4eff-91f2-e502716bdb76","name":"AsyncRAT fork","description":"<sup>[[Securonix January 05 2026](/references/314a9db4-8a16-4732-aa23-b24b38897943)]</sup>","source":"USER","associated_software_id":"d92910f9-2d71-4d08-9ee9-2735d58d2518","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f3a57d11-cc6c-495a-8855-8532c0486cc9","name":"Dark Crystal RAT","description":"<sup>[[Splunk October 18 2022](/references/78bccfce-ac5c-4413-9f6b-3be2762d7882)]</sup>","source":"Tidal Cyber","associated_software_id":"31a1b916-17f7-4e59-8cea-3edd106bdd2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Securonix January 05 2026](/references/314a9db4-8a16-4732-aa23-b24b38897943)]</sup>","group_attack_id":"G3197","group_id":"a28a00b1-dbee-448c-9f91-690dcca00de8","name":"PHALT#BLYX Threat Actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cybercrime Report February 11 2025](/references/17685d5c-4255-445e-a546-e0dfb92378c2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d948966a-1db7-469c-b0e4-ef623b0e0778","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"1688d5be-e058-46ae-827a-6e99033592be","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"29aa5ff2-7338-4cee-9948-80aa38720955","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"2dd8eeb9-0279-4cf5-b638-7068e83df607","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a889dbc8-687b-43ce-8e65-4ce42afe099c","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"24cf9592-efe3-4867-8b72-850433bb5364","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"1ebea3d2-86cc-4132-ad51-ae25e9143e47","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c2438700-1b2b-449d-9e78-5642e92c0371","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"26ae3cd1-6710-4807-b674-957bd67d3e76","name":"DCSrv","type":"malware","source":"MITRE","software_attack_id":"S1033","tidal_id":"b49e8c79-5651-5323-b014-b693f457a297","created":"2022-08-11T22:31:31.468000Z","modified":"2022-10-18T13:08:43.567000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Checkpoint MosesStaff Nov 2021](https://app.tidalcyber.com/references/d6da2849-cff0-408a-9f09-81a33fc88a56)]</sup>","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"41ac9076-16ce-4d49-bdfb-333a77e40b85","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"83560740-0417-46d0-a3a4-e9e9b99762d1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"9d64b10e-62f8-43b7-8a02-7f1ddd8858e1","name":"DCSYNCER.SLICK","type":"malware","source":"Tidal Cyber","software_attack_id":"S3639","tidal_id":"1ffe2f96-3be2-5efa-9283-95e52ba1bb4f","created":"2025-11-19T17:45:40.269520Z","modified":"2025-11-19T17:45:40.269523Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"dac9f825-6b7a-4f15-a8f4-360652b08491","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f2364309-38eb-4f81-9b2a-d5a4431d3c6f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0657b804-a889-400a-97d7-a4989809a623","name":"DDKONG","type":"malware","source":"MITRE","software_attack_id":"S0255","tidal_id":"cc123278-95ae-589d-8a78-e2992e31dad0","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]</sup>","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d191f182-60cb-4cdf-943b-dd6e5dd7afce","name":"DDOSIA","type":"malware","source":"Trellix TIG","software_attack_id":"S3436","tidal_id":"0c7efae3-a92f-57c5-a407-0a4f84040e61","created":"2025-04-11T15:06:47.741382Z","modified":"2025-04-11T15:06:47.741386Z","platforms":[],"associated_software":[{"id":"cde0ab89-54f8-4950-b312-63c3817ef5d9","name":"Go-Stresser","description":"<sup>[[Censys December 15 2025](/references/896d30b9-30aa-4323-945b-30ed4113a2b8)]</sup>","source":"USER","associated_software_id":"8ce837df-3234-44a3-8b01-40875d453c23","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"56d2aa13-ef6c-4f42-9ce5-fbaaee368bbf","name":"Dosia","description":"","source":"Trellix TIG","associated_software_id":"3808831f-81bf-4753-8987-87f6e883aeeb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"fec2448f-68b8-435b-b8dd-7048f082ad5b","name":"Go Stresser","description":"","source":"Trellix TIG","associated_software_id":"3620347e-1cb5-4ab1-b9f0-3d9f3b36d4d7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3006","group_id":"7c1a627e-7ea8-4919-a590-7637f1c887f3","name":"NoName057(16)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"ed52314b-2459-4c48-ac8d-813774044db7","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":"TidalCyberIan"},{"id":"e9533664-90c5-5b40-a40e-a69a2eda8bc9","name":"DEADEYE","type":"malware","source":"MITRE","software_attack_id":"S1052","tidal_id":"f8c37fb3-372b-5ea6-a57a-5e7039f73414","created":"2023-05-26T01:20:54.760922Z","modified":"2023-05-26T01:20:54.760926Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"27732d5a-fe42-5727-8345-e2e0051ae1d3","name":"DEADEYE.EMBED","description":"<sup>[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]</sup>","source":"MITRE","associated_software_id":"a5895370-3911-4fd5-a61d-5e7cdf4eaa7b","owner_id":null,"owner_name":null},{"id":"549c4c79-c0e1-5768-ac75-0e60d807afe2","name":"DEADEYE.APPEND","description":"<sup>[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]</sup>","source":"MITRE","associated_software_id":"f55765f5-c5b6-4b6d-a50d-f96793569149","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"b6d782a4-ef57-4668-b1be-cba80c69b1e8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"787609d5-43b0-5c79-9b88-9788de1a5f6f","name":"DEADWOOD","type":"malware","source":"MITRE","software_attack_id":"S1134","tidal_id":"787609d5-43b0-5c79-9b88-9788de1a5f6f","created":"2024-10-31T16:28:08.295586Z","modified":"2024-10-31T16:28:08.295590Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[DEADWOOD](https://app.tidalcyber.com/software/787609d5-43b0-5c79-9b88-9788de1a5f6f) was previously linked to [APT33](https://app.tidalcyber.com/groups/99bbbe25-45af-492f-a7ff-7cbc57828bac) operations in 2019.<sup>[[RecordedFuture IranianResponse 2020](https://app.tidalcyber.com/references/a83365fb-aae4-57ca-9d11-1ad14d27976f)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[DEADWOOD](https://app.tidalcyber.com/software/787609d5-43b0-5c79-9b88-9788de1a5f6f) has been used by [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) in wiping operations.<sup>[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"288c55a5-17e2-454b-8256-ecaf48fc8e05","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"64dc5d44-2304-4875-b517-316ab98512c2","name":"DealersChoice","type":"malware","source":"MITRE","software_attack_id":"S0243","tidal_id":"57d14411-2a06-5a72-8f04-27b13de93005","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sofacy DealersChoice](https://app.tidalcyber.com/references/ec157d0c-4091-43f5-85f1-a271c4aac1fc)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e51f10c5-e26f-4ecb-a465-334ccad63bce","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"832f5ab1-1267-40c9-84ef-f32d6373be4e","name":"DEATHRANSOM","type":"malware","source":"MITRE","software_attack_id":"S0616","tidal_id":"b5a06e46-0114-5880-b93b-b9463ed6e868","created":"2021-06-02T15:48:55.838000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"34a826db-ab32-46c4-910c-c1807162ee07","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"08af45c6-0eba-4b9e-98a2-62e0c811a578","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"719cbcf5-3b46-46df-93ac-9db443d32093","name":"DEEPROOT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3640","tidal_id":"958a44c3-cc6c-5e20-825e-7f14db46f8fd","created":"2025-11-19T17:45:40.407611Z","modified":"2025-11-19T17:45:40.407615Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"be613cbc-0eef-46bd-ac00-c12fff850497","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"edd6b021-7a18-4e9d-ad95-c31a30762bdd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ff25ec03-1e8d-427e-b207-1e1ecca542ec","name":"DefaultPack","type":"tool","source":"Tidal Cyber","software_attack_id":"S3333","tidal_id":"c4c09ae4-5f4c-59fc-aea0-ea3b80c4990e","created":"2024-01-12T14:48:29.812639Z","modified":"2024-01-12T14:48:29.812643Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b15fb2b8-f182-4e11-95ad-41686c2c0c64","name":"DefaultPack.EXE","description":"<sup>[[DefaultPack.EXE - LOLBAS Project](/references/106efc3e-5816-44ae-a384-5e026e68ab89)]</sup>","source":"Tidal Cyber","associated_software_id":"95c59305-52c1-4d55-a9cd-8ce48e7a3a30","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"25388a85-4f6a-43db-8ad4-a8d0c42e0e49","tag":"4f7be515-680e-4375-81f6-c71c83dd440d"},{"id":"2b39684b-f460-4d8b-995f-dc7954842922","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c08c07a6-c893-48a4-b27f-0876f9c412d9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e8830cf3-53f3-4d15-858c-584589405fad","name":"Defender Control","type":"tool","source":"Tidal Cyber","software_attack_id":"S3031","tidal_id":"54466477-2f1b-5633-8ac9-c937d3a101fe","created":"2023-08-18T18:56:19.975606Z","modified":"2023-08-18T18:56:19.975615Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"60306ae7-71fd-4369-b4d8-844bae24d3d8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3c3829fa-41d4-48a6-98bf-0623fb2c0a20","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"457b5e3d-4fb6-4bd7-b401-8fe1d8727125","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"049fd609-37fb-4e7f-9139-09c221bc8daf","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"fa851d89-1157-40f7-828c-e228d1bf393f","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"81ca0d4e-fac5-4a95-b374-eae2d18c9766","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b63ba1af-6b3f-4398-9d2d-9b19e142987d","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"4f95d2a2-41e0-403d-a2fc-ab7074c91ad1","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"1e4b521a-dab8-4edc-8c53-675da6c6b025","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7df912f5-b264-436e-8640-79440f09e5e9","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"911d8f07-b846-4697-a81a-20afc95481eb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8ecc7711-f512-5c56-b73a-9579470841b7","name":"DEFENSOR ID","type":"malware","source":"Mobile","software_attack_id":"S0479","tidal_id":"8ecc7711-f512-5c56-b73a-9579470841b7","created":"2026-01-28T13:08:09.938228Z","modified":"2026-01-28T13:08:09.938229Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f484fae4-53ca-456b-89f1-3a583beacb9e","name":"Demodex","type":"malware","source":"Tidal Cyber","software_attack_id":"S3407","tidal_id":"3880c4c2-eb91-5f1d-8513-4d76befad567","created":"2024-10-25T19:44:35.402875Z","modified":"2024-10-25T19:44:35.402880Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup><sup>[[Sygnia July 17 2024](/references/7d30acb4-9600-46bd-a800-1c7e1149e9b4)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup><sup>[[Sygnia July 17 2024](/references/7d30acb4-9600-46bd-a800-1c7e1149e9b4)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e197d3a0-6536-4ab1-82c6-f1a5da728395","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"64820bda-c4dc-4496-82f1-564b9df257b5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5781d8b1-3cb3-4d92-aa9c-0fef366a52f7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0019d8ff-fb81-58c4-a522-962b49d24639","name":"Dendroid","type":"malware","source":"Mobile","software_attack_id":"S0301","tidal_id":"0019d8ff-fb81-58c4-a522-962b49d24639","created":"2026-01-28T13:08:09.937900Z","modified":"2026-01-28T13:08:09.937902Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"df4002d2-f557-4f95-af7a-9a4582fb7068","name":"Denis","type":"malware","source":"MITRE","software_attack_id":"S0354","tidal_id":"c2f5916e-5b01-5892-99d0-aa52759bb000","created":"2019-01-30T20:01:44.815000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Oceanlotus May 2017](https://app.tidalcyber.com/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)]</sup><sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"33be10a3-3d0f-48bb-9883-81df9a724d2c","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"3c14ea0a-c85f-41b3-acd0-15d2565e3e07","name":"Denonia","type":"malware","source":"Tidal Cyber","software_attack_id":"S3126","tidal_id":"3fd7562c-2884-5d82-85e4-4c2b1c03983b","created":"2024-06-13T20:12:33.067581Z","modified":"2024-06-13T20:12:33.067585Z","platforms":[{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"}],"associated_software":[],"groups":[],"tags":[{"id":"cf5257d3-a3fe-4e48-9851-60f4e30f9ea1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d42bffca-f237-4b13-abcc-258e6197bf0e","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"11e457df-e8c4-4054-9cbb-57d38e1ffe98","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"},{"id":"04e21131-be8a-4502-a788-fa1b2f3dc9a6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cc222001-6a4a-4064-b6d2-658978bb9c53","name":"DEPTHCHARGE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3521","tidal_id":"7a3df5bd-5c7d-5974-969e-0af2a2a8c706","created":"2025-08-28T19:35:47.492792Z","modified":"2025-08-28T19:35:47.492796Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"e5e78b0f-07a1-4f73-9ea1-755c3369db90","name":"SUBMARINE","description":"<sup>[[Mandiant UNC4841 August 29 2023](/references/f990745d-06c1-4b0a-8394-66c7a3cf0818)]</sup>","source":"Tidal Cyber","associated_software_id":"9000819d-a811-4dc5-a86f-9d4140ac0288","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Mandiant UNC4841 August 29 2023](/references/f990745d-06c1-4b0a-8394-66c7a3cf0818)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ee11bef1-09ec-4732-8d48-d1b5976c5ca5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"33713956-2a19-42d6-aa5d-7450848fba0f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2de38efe-cb81-4200-b111-4b4d1f72acdf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9222aa77-922e-43c7-89ad-71067c428fb2","name":"Derusbi","type":"malware","source":"MITRE","software_attack_id":"S0021","tidal_id":"a6eac87b-9ab9-5d67-a033-0168f1296003","created":"2017-05-31T21:32:18.668000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b737bb44-6f18-412c-a84d-a08d66f7a0b2","name":"PHOTO","description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup>","source":"MITRE","associated_software_id":"92b622fe-1002-49f7-87ca-e97046f6ed40","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup><sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup><sup>[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ThreatConnect Anthem](https://app.tidalcyber.com/references/61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0690b69a-51ad-482f-b069-90cd4e30a902","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"280eb710-4133-5489-9020-de8b18baf3ec","name":"Desert Scorpion","type":"malware","source":"Mobile","software_attack_id":"S0505","tidal_id":"280eb710-4133-5489-9020-de8b18baf3ec","created":"2026-01-28T13:08:09.937931Z","modified":"2026-01-28T13:08:09.937933Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1028","group_id":"e3c5164e-49cf-5bb1-955d-6775585abb14","name":"APT-C-23","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"6c925284-5c75-43c9-ab44-91f94cc0aee5","name":"des.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3971","tidal_id":"5910d4ba-8977-5940-84bf-d2c06bcaa266","created":"2026-01-23T20:31:10.222211Z","modified":"2026-01-23T20:31:10.222215Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e30b0a21-a170-4306-8bc9-3216e1d9f18f","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"f1003f9d-6f22-4709-8b08-4fb07f20e396","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f550ec6f-9d2a-4a0f-a5ad-eab11ed3c188","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1863a7e2-6212-48a0-b109-15d0198b93e2","name":"Desk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3309","tidal_id":"48108f87-7ad5-5194-9fd8-9a68bec5a946","created":"2024-01-12T14:48:21.090455Z","modified":"2024-01-12T14:48:21.090459Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"83c48bfd-5c8f-406f-ab7f-63a9bd17dcbd","name":"Desk.cpl","description":"<sup>[[Desk.cpl - LOLBAS Project](/references/487a54d9-9f90-478e-b305-bd041af55e12)]</sup>","source":"Tidal Cyber","associated_software_id":"670ed300-364b-45ad-ad7f-732d13365571","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2f5a1aa-9f65-41da-8390-148ec1802870","tag":"7ad2b1d5-c228-4bf5-bf8e-c80a8fef0079"},{"id":"734f82f7-9eed-4461-aa5e-9ded1e84b5d1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a137c4ea-d18e-4ebe-8eae-5704b196df47","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1b31652d-30bb-4c6e-bfe1-f2921a0aa64e","name":"Desktopimgdownldr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3212","tidal_id":"7b8395fb-238c-5386-8ad7-3585cd50c442","created":"2024-01-12T14:47:47.975240Z","modified":"2024-01-12T14:47:47.975243Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7c4bf9f5-dfaa-46df-8803-83ae323f9f58","name":"Desktopimgdownldr.exe","description":"<sup>[[Desktopimgdownldr.exe - LOLBAS Project](/references/1df3aacf-76c4-472a-92c8-2a85ae9e2860)]</sup>","source":"Tidal Cyber","associated_software_id":"75e0d2df-7f93-4b5a-b085-4d2dfdac1348","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"48f346fb-03a2-4d71-995e-56b5228baea9","tag":"acc0e091-a071-4e83-b0b1-4f3adebeafa3"},{"id":"2bff6801-87cb-4477-9a52-c1b1c6adc53a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d91fcc17-881c-4271-9614-96f942a9d9a1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"13b12ef7-2875-4875-a20d-34ed8a25aec9","name":"devcon.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3927","tidal_id":"ac3ce6d9-6e33-5faf-92f6-101d6b10baeb","created":"2026-01-14T13:31:36.895025Z","modified":"2026-01-14T13:31:36.895029Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4e8dcd9e-577c-43f7-8f55-80b6240bba52","name":"Microsoft Device Console","description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","source":"USER","associated_software_id":"1bcda138-bb76-4678-8f1a-9ddab215d23b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","group_attack_id":"G3200","group_id":"8adc41b2-e496-4e2c-ba1f-6420e7359669","name":"Unattributed Chinese-speaking ESXi Exploit Developer","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"39610025-7d84-4405-9a31-c24d73c95f26","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"555f3eae-66d1-4e5d-9e30-a962529d4d25","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"7eb25064-bad4-48a2-a63f-6c160f6e1b29","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0f75cd1d-00a2-4a27-b6a9-929316dd2127","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c928bdd4-bb7d-4224-8bd6-41da001498b1","name":"DeviceCodePhishing","type":"tool","source":"Tidal Cyber","software_attack_id":"S3730","tidal_id":"5a0cdfeb-3d03-5044-9d36-756cfb35283a","created":"2025-12-10T14:15:03.030319Z","modified":"2025-12-10T14:15:03.030324Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Volexity December 04 2025](/references/766e12b5-5336-49c8-9466-997cce7c47fe)]</sup>","group_attack_id":"G3159","group_id":"f9bf749f-dbd0-4e25-948e-0c9d27e6208c","name":"UTA0355","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"013ff924-af36-4d93-bc74-308d7a9b8e42","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1d06ce80-6931-4af0-a55e-9396682b97ba","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b99bdf39-8dcf-4bae-95af-b029d48cb579","name":"DeviceCredentialDeployment","type":"tool","source":"Tidal Cyber","software_attack_id":"S3213","tidal_id":"61266725-83a5-5530-b38c-c257abd84fca","created":"2024-01-12T14:47:48.370179Z","modified":"2024-01-12T14:47:48.370182Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"28423085-6247-4ae2-94bd-b4a66e148456","name":"DeviceCredentialDeployment.exe","description":"<sup>[[DeviceCredentialDeployment.exe - LOLBAS Project](/references/fef281e8-8138-4420-b11b-66d1e6a19805)]</sup>","source":"Tidal Cyber","associated_software_id":"5a91980c-cdb3-4dde-b38d-175c5af960f3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4732f39b-acee-4efa-acbb-ebdb14dd92e2","tag":"2a08c2eb-e90e-4bdb-a2dd-9da06de7ed25"},{"id":"f17520cc-9153-445f-ba38-754d8d3cdb41","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a7c2551d-1d55-42d7-9f98-01a55b5aa1f0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"102714a0-6b18-4d05-83c2-dd2929ce685a","name":"Devinit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3334","tidal_id":"53fa20b4-c3ae-54ee-904c-5c147e8db328","created":"2024-01-12T14:48:30.328036Z","modified":"2024-01-12T14:48:30.328039Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bb16053d-2311-404e-84e3-64574e4ad3ad","name":"Devinit.exe","description":"<sup>[[Devinit.exe - LOLBAS Project](/references/27343583-c17d-4c11-a7e3-14d725756556)]</sup>","source":"Tidal Cyber","associated_software_id":"34e99ddb-8992-4b3a-acaf-e95bf601777e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"335b0aff-8042-4185-8752-3ca8f125265c","tag":"bb814941-0155-49b1-8f93-39626d4f0ddd"},{"id":"7cf958ab-621f-48c2-a710-d20a740f5abe","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e778ebf6-290b-47ca-8df9-d13967130138","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0f3de387-e3de-440a-9d73-1371a9dfcadf","name":"Devman Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3500","tidal_id":"ef5002ea-b78f-5d27-9f9d-d6383d89579f","created":"2025-06-17T14:41:23.854276Z","modified":"2025-06-17T14:41:23.854281Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cyble Safepay Devman June 3 2025](/references/49840002-47ee-4a77-9ceb-577752798dc0)]</sup>","group_attack_id":"G3110","group_id":"b7b61ba1-7b0c-4568-a5ee-8b6634ed5b60","name":"Devman Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"93cd0157-9dc9-4333-807d-98ffb7152e03","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0fc0b7cf-2bc6-4c81-94bc-5c34afb92a66","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"4024e2d1-e9fe-4e67-8c52-91b574a1862d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"abce4f9b-005c-4bd8-8f01-1272cc1b65b3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6e213e33-c2e5-494f-bc1a-bf672f95dcf8","name":"Devtoolslauncher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3335","tidal_id":"e4911c2f-7c22-5418-91a6-0dc63fd50173","created":"2024-01-12T14:48:30.687424Z","modified":"2024-01-12T14:48:30.687428Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ece06fad-6fc1-4e81-a01d-16983b867a82","name":"Devtoolslauncher.exe","description":"<sup>[[Devtoolslauncher.exe - LOLBAS Project](/references/cb263978-019c-40c6-b6de-61db0e7a8941)]</sup>","source":"Tidal Cyber","associated_software_id":"9fcdac31-4219-4b10-83e6-b1c85f96de60","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"66ec1274-1cf9-4aa4-945b-5633be59f834","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"3a8d8e8f-1135-4329-b4b4-2f2c239eda3a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"672d80fe-656e-4b1b-8234-ebf2c5339166","name":"devtunnel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3373","tidal_id":"62ec8283-7e5b-534b-9a08-896918007ba9","created":"2024-01-12T14:48:44.908505Z","modified":"2024-01-12T14:48:44.908509Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dbe1da7a-4233-4a8e-84a1-daa8e7422edb","name":"devtunnel.exe","description":"<sup>[[devtunnel.exe - LOLBAS Project](/references/657c8b4c-1eee-4997-8461-c7592eaed9e8)]</sup>","source":"Tidal Cyber","associated_software_id":"02bce9ff-2975-4b0a-a8ab-8aaba3660803","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d521a02b-fd15-4b44-969e-9591fec04ef2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c080731c-6750-4656-ad2d-54ef78595c0f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ff0b0792-5dd0-4e10-8b84-8da93a0198aa","name":"DEWMODE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3059","tidal_id":"7c50b75d-e7a4-5409-a7f5-6739710164c3","created":"2023-07-28T16:33:36.867692Z","modified":"2023-07-28T16:33:36.867697Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"fc89a46f-c0a4-42a9-9cf6-aaa82e8251c2","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"5bb7f57b-d920-4c91-911c-bba297759451","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"b396eb52-3b6a-44e9-9534-d8b981a52192","name":"Dfshim","type":"tool","source":"Tidal Cyber","software_attack_id":"S3310","tidal_id":"116b12f1-b442-5e81-8f4a-3818c22d17ab","created":"2024-01-12T14:48:21.444869Z","modified":"2024-01-12T14:48:21.444873Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"26a2d51b-6d8b-45fa-a796-9d0453f3d5a7","name":"Dfshim.dll","description":"<sup>[[Dfshim.dll - LOLBAS Project](/references/30503e42-6047-46a9-8189-e6caa5f4deb0)]</sup>","source":"Tidal Cyber","associated_software_id":"92344064-ad27-4fa5-8d50-fa56ff279213","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"cfc16886-c2bb-4de4-a85d-b99827ef2fc0","tag":"91fd24c3-f371-4c3b-b997-cd85e25c0967"},{"id":"dad4d59b-ba97-45c2-b037-0deee495b1a0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"35014889-f9af-47e6-9792-cb08861b407e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f85966ec-0c4d-4f7e-949f-bb73828bf601","name":"Dfsvc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3214","tidal_id":"e16458c1-8463-51ff-a00e-f40ad4da9a49","created":"2024-01-12T14:47:48.754522Z","modified":"2024-01-12T14:47:48.754527Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6ff08a83-bfb2-44e6-b1da-596c71171e47","name":"Dfsvc.exe","description":"<sup>[[Dfsvc.exe - LOLBAS Project](/references/7f3a78c0-68b2-4a9d-ae6a-6e63e8ddac3f)]</sup>","source":"Tidal Cyber","associated_software_id":"a9e71535-14ff-4715-a9f4-fac62b04753e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"857a630a-691a-4147-b3a4-a5fd6ee10e91","tag":"18d6d91d-7df0-44c8-88fe-986d9ba00b8d"},{"id":"95ea7cbd-c592-47ba-8a87-633ed3066eb3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c205e6d9-4435-409b-bde7-8d9f5a533c73","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"054ddf05-e9f0-4d14-8493-2a1b2ddbefad","name":"Diantz","type":"tool","source":"Tidal Cyber","software_attack_id":"S3215","tidal_id":"a7d4092b-a346-5bff-a0be-2b6d877c0144","created":"2024-01-12T14:47:49.120763Z","modified":"2024-01-12T14:47:49.120767Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"665e5831-6600-470e-a375-ba7fad39d729","name":"Diantz.exe","description":"<sup>[[diantz.exe_lolbas](/references/66652db8-5594-414f-8a6b-83d708a0c1fa)]</sup>","source":"Tidal Cyber","associated_software_id":"6e0bb5fd-f650-4ba0-bd6f-d6b90b1a7777","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"919e46b5-25b2-4158-bf67-7997bd56e9fb","tag":"96f9b39f-0c59-48a0-9702-01920c1293a7"},{"id":"8df3a3cc-9f1d-4e34-969a-01fd53b18d19","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"71849247-f5df-4d32-b9a9-1bb1bdd9e688","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d057b6e7-1de4-4f2f-b374-7e879caecd67","name":"Diavol","type":"malware","source":"MITRE","software_attack_id":"S0659","tidal_id":"892485e5-0d78-5014-9549-4eec86ca6b3d","created":"2021-11-12T19:02:16.381000Z","modified":"2022-04-15T00:59:33.522000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d606b31f-5508-4224-bd2a-f7c2b754a299","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9fa1871e-71d1-4dfa-b4d0-d940bf6347ae","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"226ee563-4d49-48c2-aa91-82999f43ce30","name":"Dipsind","type":"malware","source":"MITRE","software_attack_id":"S0200","tidal_id":"8c77a5c9-71cc-56f4-bab8-dc631a534417","created":"2018-04-18T17:59:24.739000Z","modified":"2020-03-30T15:30:14.126000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft PLATINUM April 2016](https://app.tidalcyber.com/references/d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297)]</sup>","group_attack_id":"G0068","group_id":"f036b992-4c3f-47b7-a458-94ac133bce74","name":"PLATINUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"194314e3-4edc-5346-96b6-d2d7bf5d830a","name":"Disco","type":"malware","source":"MITRE","software_attack_id":"S1088","tidal_id":"11c7a5cf-7fbd-5eaa-9eed-41f1a279d1ce","created":"2023-11-07T00:35:49.618803Z","modified":"2023-11-07T00:35:49.618808Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MoustachedBouncer ESET August 2023](https://app.tidalcyber.com/references/9070f14b-5d5e-5f6d-bcac-628478e01242)]</sup>","group_attack_id":"G1019","group_id":"f31df12e-66ea-5a49-87bc-2bc1756a89fc","name":"MoustachedBouncer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"83e82659-24a6-4ae3-a75e-de1f86edd4d6","name":"diskpart","type":"tool","source":"Tidal Cyber","software_attack_id":"S3976","tidal_id":"b43cf455-19ec-52ba-91c4-f7e3517d1394","created":"2026-01-23T20:31:10.936397Z","modified":"2026-01-23T20:31:10.936401Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","group_attack_id":"G3211","group_id":"41d6d175-2f69-45e6-9663-9ff0cf8649e3","name":"Cloak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7ff402c5-4395-4304-a503-6302e2ebb123","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"9d411cc1-f5e3-4643-b716-cf674c3b770e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b27023e9-f5e7-47f2-9c46-4e5077592f79","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"07c49566-5bea-44dc-b81f-e6c90bda9c39","name":"Diskshadow","type":"tool","source":"Tidal Cyber","software_attack_id":"S3216","tidal_id":"6bcc39ef-6970-55ef-8ccb-84873b40bcca","created":"2024-01-12T14:47:49.497797Z","modified":"2024-01-12T14:47:49.497801Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4bd84850-5a38-448f-8497-402d8f6b500b","name":"Diskshadow.exe","description":"<sup>[[Diskshadow.exe - LOLBAS Project](/references/27a3f0b4-e699-4319-8b52-8eae4581faa2)]</sup>","source":"Tidal Cyber","associated_software_id":"84346cb2-601a-45ff-9d88-f0516cfaa688","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"137b2001-5159-4109-8139-17870486d7f2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a3e848b6-a6ce-404f-a2f8-985f0d7ad138","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"fd8cb3b1-420d-462a-8596-24962b5d049e","name":"Distant Desktop","type":"tool","source":"Tidal Cyber","software_attack_id":"S3617","tidal_id":"39c3685f-63e6-50ee-8b51-969af5ae1656","created":"2025-11-11T13:26:32.500547Z","modified":"2025-11-11T13:26:32.500553Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3e09040b-92b7-4674-a216-72508d894b9b","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"2a35c8b0-6c98-4088-860a-ac0bb2fb6577","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c1497d0b-470b-4392-a5f4-19059158a786","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c7a782de-f700-44fb-870f-f680dc21493b","name":"ditto","type":"tool","source":"Tidal Cyber","software_attack_id":"S3791","tidal_id":"3b03cd07-47df-59a2-b4c7-9916c68cdfb0","created":"2025-12-24T14:57:25.511240Z","modified":"2025-12-24T14:57:25.511244Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b3a103bc-3c9a-4932-a5b6-deb6fd656893","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cc8bc8bf-54d9-4e70-b7c6-7c0d6c0fdfd8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3fd09997-86e0-4dce-935e-421863e9bad0","name":"Dnscmd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3217","tidal_id":"87e55289-ceff-506f-b764-99a62bfafece","created":"2023-07-14T12:56:41.071225Z","modified":"2023-07-14T12:56:41.071229Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3c1aab35-432c-49c8-b71b-0cc21694be8a","name":"Dnscmd.exe","description":"<sup>[[Dnscmd.exe - LOLBAS Project](/references/3571ca9d-3388-4e74-8b30-dd92ef2b5f10)]</sup>","source":"Tidal Cyber","associated_software_id":"16a67a60-df5f-443e-b0f3-07254ce0b923","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b0f2be97-a073-4735-ad90-fc3f3eadc5e2","tag":"a45f9597-09c4-4e70-a7d3-d8235d2451a3"},{"id":"a62ab514-b027-49ad-bc7a-26a894f3f416","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"ab66b36d-e294-410c-9f47-bdae234de882","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3ea75516-f826-472a-afb2-cde6c1e51cde","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a1dfe01c-3da5-4228-aab6-8afc33da5538","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"3adaaa91-913f-4bc0-b5fc-4eda1fc0d53a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a8aad191-ecec-4b1c-a590-96f702a16df2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b4eca068-083c-4490-961f-58698de744e8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e69a913d-4ddc-4d69-9961-25a31cae5899","name":"DnsSystem","type":"malware","source":"MITRE","software_attack_id":"S1021","tidal_id":"256b2f00-a573-5f11-b82d-e74c7fa15698","created":"2022-06-24T14:02:05.144000Z","modified":"2022-09-01T15:52:24.575000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Zscaler Lyceum DnsSystem June 2022](https://app.tidalcyber.com/references/eb78de14-8044-4466-8954-9ca44a17e895)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e2bdda2e-54b4-4d35-b7e5-4e20626a4481","name":"dnx","type":"tool","source":"Tidal Cyber","software_attack_id":"S3336","tidal_id":"08781154-c4ba-5237-98b6-61c71b4749ea","created":"2024-01-12T14:48:31.057150Z","modified":"2024-01-12T14:48:31.057154Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"631a3049-8904-465c-944d-84be82c04bab","name":"dnx.exe","description":"<sup>[[dnx.exe - LOLBAS Project](/references/50652a27-c47b-41d4-a2eb-2ebf74e5bd09)]</sup>","source":"Tidal Cyber","associated_software_id":"2e252d44-c667-4570-950b-255c7f291f24","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"49a443c6-05d6-43bd-9193-cda5298ac309","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d6568b2f-f687-4ca6-9a7f-b8fe44308807","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"81ce23c0-f505-4d75-9928-4fbd627d3bc2","name":"DOGCALL","type":"malware","source":"MITRE","software_attack_id":"S0213","tidal_id":"a481a5ac-873b-5c81-93e7-48d6edd8ba61","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup><sup>[[Unit 42 Nokki Oct 2018](https://app.tidalcyber.com/references/4eea6638-a71b-4d74-acc4-0fac82ef72f6)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1b79e403-f2a4-4948-be27-70fce525c569","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"dfa14314-3c64-4a10-9889-0423b884f7aa","name":"Dok","type":"malware","source":"MITRE","software_attack_id":"S0281","tidal_id":"760e3197-db01-5ee4-87ff-e4d5d98c7ee7","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"2225ca1f-ef5e-4f0b-aa21-b1d48d1570f1","name":"Retefe","description":"<sup>[[objsee mac malware 2017](https://app.tidalcyber.com/references/08227ae5-4086-4c31-83d9-459c3a097754)]</sup>.","source":"MITRE","associated_software_id":"83b39733-9672-4272-922f-7883d91ca94b","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"e6160c55-1868-47bd-bec6-7becbf236bbb","name":"Doki","type":"malware","source":"MITRE","software_attack_id":"S0600","tidal_id":"bac71e41-5ddd-52ac-bfe1-d4d369dbea4f","created":"2021-04-06T15:53:34.722000Z","modified":"2021-04-19T17:45:07.102000Z","platforms":[{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"3a709774-1b11-489f-9db9-2ced73d361df","tag":"efa33611-88a5-40ba-9bc4-3d85c6c8819b"}],"owner_name":null},{"id":"49a5c24f-98f5-47ea-8e29-7ff723883341","name":"DomainPasswordSpray","type":"tool","source":"Tidal Cyber","software_attack_id":"S3404","tidal_id":"f174fca5-7387-5fd2-9783-c738dadb1a52","created":"2024-10-18T13:27:09.619237Z","modified":"2024-10-18T13:27:09.619243Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7469d083-ff22-4ac7-ab10-9b27af7717b7","name":"DomainPasswordSpray.ps1","description":"<sup>[[U.S. CISA Iranian Actors Critical Infrastructure October 16 2024](/references/a70a4487-eaae-43b3-bfe0-0677fd911959)]</sup>","source":"Tidal Cyber","associated_software_id":"e15bb9fe-023f-411d-ba8d-28e3bb0eccda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"afe6fb37-1c1f-40d9-8031-53c839e492b4","name":"SharpDomainSpray","description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","source":"USER","associated_software_id":"75ac82dc-df81-4b7b-90b5-d53c68c0aaff","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9ef6714c-0e68-4113-b758-2f21e705fe8d","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"af41dbfd-e5ad-461f-a7ab-3627fe0bf040","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"083d4d0b-82c1-44c4-8b64-10487e5a45ab","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"c1eb8e19-501e-4f9e-88de-76eeba2d40e1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5202e094-910a-42b7-8fb4-81cceb9360d0","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"797f0720-c43b-4adc-b779-cb37e8fddaa3","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"40d25a38-91f4-4e07-bb97-8866bed8e44f","name":"Donut","type":"tool","source":"MITRE","software_attack_id":"S0695","tidal_id":"9bab2c49-6bbf-535e-b46b-6f4434f9d5ce","created":"2022-03-25T13:35:46.781000Z","modified":"2022-04-18T15:31:34.662000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[NCC Group WastedLocker June 2020](https://app.tidalcyber.com/references/1520f2e5-2689-428f-9ee4-05e153a52381)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6fae6fd9-a6ed-4a3a-84a7-6f270be3405b","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7548b517-500f-455f-bd92-a712cae74c26","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"86363503-95b6-4d04-b9f8-f1b27bd0ccc2","name":"DonutLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3773","tidal_id":"c1aa9e52-16d4-534a-a26c-507800d37282","created":"2025-12-17T14:18:52.836759Z","modified":"2025-12-17T14:18:52.836763Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 26 2025](/references/0d6e9bfe-9c6c-40ba-9d12-30273b559d13)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3173","group_id":"7e4dd0e2-4fa0-4dd5-ad0e-41aa9effe8bf","name":"TAG-160","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d5f80e0a-580b-4ef6-b901-b40cc7dcc513","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"efc0b25d-aee6-49e4-b328-8404bde317c3","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"14af3e2d-696b-4c64-89c2-a4408214c4c7","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"a6b258dd-d6ed-42a7-adf7-995b27f7fc3f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"29a88c93-4c12-488e-964a-c42c334d2b35","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1bcd9c93-0944-4671-ab01-cabc5ffe30bf","name":"Dotnet","type":"tool","source":"Tidal Cyber","software_attack_id":"S3337","tidal_id":"380ddb47-7950-54e6-bb78-4162be628612","created":"2024-01-12T14:48:31.610529Z","modified":"2024-01-12T14:48:31.610533Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed161ce5-f9f8-489f-8c3c-3af96bfbcd6d","name":"Dotnet.exe","description":"<sup>[[Dotnet.exe - LOLBAS Project](/references/8abe21ad-88d1-4a5c-b79e-8216b4b06862)]</sup>","source":"Tidal Cyber","associated_software_id":"d9e30f26-11a6-48f5-bb26-d9b624b6b1d0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"038bf2bf-5ccd-485d-98a6-19e7c7224344","tag":"09c24b93-bf06-4cbb-acb0-d7b9657a41dc"},{"id":"9b04d4c0-6e37-4179-9dbf-91ae749208d5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"febf530e-0ea0-41ee-942c-e3cfbee834b4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8cafe4b8-b8ee-4f82-9c29-ebd800785bf2","name":"dotnet-install.ps1","type":"tool","source":"Tidal Cyber","software_attack_id":"S3698","tidal_id":"2ebad23d-096b-5703-af2e-b3619e54d229","created":"2025-12-10T14:14:55.874200Z","modified":"2025-12-10T14:14:55.874204Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7b2e706e-3943-4f24-a5f4-97055fc82da3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9387e5f2-8f9d-4624-8f17-22c7dbd14211","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2c7f7514-984a-51a2-9f43-8a9d4d462086","name":"DoubleAgent","type":"malware","source":"Mobile","software_attack_id":"S0550","tidal_id":"2c7f7514-984a-51a2-9f43-8a9d4d462086","created":"2026-01-28T13:08:09.938071Z","modified":"2026-01-28T13:08:09.938072Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"bd55fa7c-7747-4d3d-8176-e6c56870b2a3","name":"DOWNBAIT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3177","tidal_id":"278d27cd-1366-5721-b870-da2ff8f60575","created":"2024-09-13T19:21:24.990482Z","modified":"2024-09-13T19:21:24.990485Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"df9f5c98-f0de-41e2-ae51-2acaf11c9e02","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"f2dcbd82-447c-41cb-b5b9-f4b4c91153f4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b69f50a1-f8c3-40a5-abf0-0f561dc880f7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f7b64b81-f9e7-46bf-8f63-6d7520da832c","name":"Downdelph","type":"malware","source":"MITRE","software_attack_id":"S0134","tidal_id":"c1cf7286-55da-5ef1-917d-a1d504fb3bbe","created":"2017-05-31T21:33:16.790000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ad65ca9c-9315-49a6-9c5b-de64bb988b1c","name":"Delphacy","description":"","source":"MITRE","associated_software_id":"48f30a38-0b80-45ad-9f80-d99c96c79cf4","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"aac9c347-8c22-4662-bfec-cc1b32958958","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"20b796cf-6c90-4928-999e-88107078e15e","name":"down_new","type":"malware","source":"MITRE","software_attack_id":"S0472","tidal_id":"6e281677-c85b-5b8b-984c-56791de553d9","created":"2020-06-10T19:37:49.361000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fb7862d3-2e88-41f0-b0f0-baac06d83230","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"fc433c9d-a7fe-4915-8aa0-06b58f288249","name":"DownPaper","type":"malware","source":"MITRE","software_attack_id":"S0186","tidal_id":"eaddcc0e-ae0d-5939-a71d-df1bb7e6fb9e","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ClearSky Charming Kitten Dec 2017](https://app.tidalcyber.com/references/23ab1ad2-e9d4-416a-926f-6220a59044ab)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"55f56475-801d-449c-abfb-f92a01d83d2a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9ab2b15e-aa1a-4091-b8a7-109a6fd5e78c","name":"DownTroy","type":"malware","source":"Tidal Cyber","software_attack_id":"S3783","tidal_id":"e2269e61-a21c-5115-9c16-3a5e7bdd4236","created":"2025-12-24T14:57:24.260224Z","modified":"2025-12-24T14:57:24.260228Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8e750e1f-1507-4833-b3e9-73f7d3c8f49c","name":"DownTroy.Linux","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"92838f35-c952-402f-99f0-9b6b21ace26c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"e2649a10-b560-4b40-b2f8-8246ba2dffc7","name":"DownTroy.macOS","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"68d840cc-77c9-447a-9b77-452da1e68f03","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"3f7848a3-c5f5-4d57-926f-fd9b4662df50","name":"DownTroy.Windows","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"97f33d2f-f6b6-4de8-8a95-10faee108088","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"84399087-63c9-4629-b898-29e96cabcf7a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"94ca415d-afc3-42db-92c5-f3c18b967fb6","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"d006a0fb-5217-41d0-9231-96f84bb57df3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"56779d74-8fd0-4076-943e-0b360322a147","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"33a2afc0-33ff-4032-8fcd-cd5657f816a9","name":"Draculoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3605","tidal_id":"f6fa2bbd-2d18-5c82-babd-1a8da5d76a97","created":"2025-10-24T16:13:48.140442Z","modified":"2025-10-24T16:13:48.140445Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"75f8f589-00ec-46d3-8b9a-d6e8cc0b5e82","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"28a15a53-c0c8-479d-8b02-76183efb084a","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"a2c25a01-7e50-4fce-b229-94e05fdc9d71","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0b9b9c6f-b4a6-4ca5-8c30-5272287394e8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"266a9754-aa50-4fda-a1db-456ddd898c76","name":"DragonForce Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3514","tidal_id":"f673b2a8-477b-5962-9555-36f510dc9b95","created":"2025-08-06T14:57:16.600432Z","modified":"2025-08-06T14:57:16.600436Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Scattered Spider Advisory November 2023](/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3415d0af-6700-4a57-8e26-a2d0ddf56b1f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c5780b5a-bf82-4ea8-ab84-7543caf5f44d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"37e944bd-5240-4df5-9215-1112f0142ccc","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"4254cdcf-ddd8-4342-a37f-6262dfd70d07","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"feb755c9-eef2-47e9-a169-c98b377ec913","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6933e130-6b30-4c20-af58-11b96c4b72d2","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"3247c31b-73e4-48c4-afde-32911969a8b1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f0763a92-a9d4-479b-89e5-daa08f107e1c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"c6c79fc5-e4b1-4f6c-a71d-d22d699d5caf","name":"DRATzarus","type":"malware","source":"MITRE","software_attack_id":"S0694","tidal_id":"fde4f818-6642-521e-8635-da8a76186346","created":"2022-03-24T11:23:51.435000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"07faca84-739d-5792-88bd-bd75e54a55f5","name":"DressCode","type":"malware","source":"Mobile","software_attack_id":"S0300","tidal_id":"07faca84-739d-5792-88bd-bd75e54a55f5","created":"2026-01-28T13:08:09.939449Z","modified":"2026-01-28T13:08:09.939451Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e3cd4405-b698-41d9-88e4-fff29e7a19e2","name":"Dridex","type":"malware","source":"MITRE","software_attack_id":"S0384","tidal_id":"9eaef1fc-b252-5770-9a78-2557be5746a1","created":"2019-05-30T19:47:37.192000Z","modified":"2021-10-01T20:30:30.043000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"350835f6-2aa1-47fa-8575-d07ffaf59c4d","name":"Bugat v5","description":"<sup>[[Dell Dridex Oct 2015](https://app.tidalcyber.com/references/f81ce947-d875-4631-9709-b54c8b5d25bc)]</sup>","source":"MITRE","associated_software_id":"614ca144-20e8-4387-b723-4a5f3cd7164b","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Proofpoint TA505 Sep 2017](https://app.tidalcyber.com/references/c1fff36f-802b-4436-abce-7f2787c148db)]</sup><sup>[[Proofpoint TA505 June 2018](https://app.tidalcyber.com/references/e48dec7b-5635-4ae0-b0db-229660806c06)]</sup><sup>[[IBM TA505 April 2020](https://app.tidalcyber.com/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]</sup><sup>[[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)]</sup><sup>[[Treasury EvilCorp Dec 2019](https://app.tidalcyber.com/references/074a52c4-26d9-4083-9349-c14e2639c1bc)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d019e768-0315-4851-a083-7e77d813af03","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"358f3c20-27f7-48e3-82cd-d26d35996e3d","name":"DRIEDMOAT","type":"malware","source":"Trellix TIG","software_attack_id":"S3438","tidal_id":"a25426bb-79fa-534a-a2bc-4800d98225a5","created":"2025-04-11T15:06:48.159937Z","modified":"2025-04-11T15:06:48.159941Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"77147dcd-10fe-442b-9c5f-68649a458047","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"3201c2da-0878-5b46-a9c7-8dc733d94f35","name":"Drinik","type":"malware","source":"Mobile","software_attack_id":"S1054","tidal_id":"3201c2da-0878-5b46-a9c7-8dc733d94f35","created":"2026-01-28T13:08:09.939004Z","modified":"2026-01-28T13:08:09.939005Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"cd5f2efe-1dc9-4dbf-9356-1d6dc2f1c295","name":"DriveSwitch","type":"malware","source":"Tidal Cyber","software_attack_id":"S3936","tidal_id":"8ef87b34-6bc7-5105-8005-ca8286083cd9","created":"2026-01-14T13:31:38.351241Z","modified":"2026-01-14T13:31:38.351246Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog January 08 2026](/references/74959041-08ca-41fc-8ceb-675f1fefd765)]</sup>","group_attack_id":"G3203","group_id":"6df06da1-6f73-45a9-afb7-9087cd24cbff","name":"UAT-7290","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8d5d4d29-4c4f-4c41-84a5-3252753be35d","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"a157c05c-caf2-4d0f-ac6c-d1a436d3f9e2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"94b6c9ee-f3b8-4d8b-bca2-4ddfb03a9966","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6674c300-4e04-53ed-8424-e165548ed1a6","name":"DroidJack","type":"malware","source":"Mobile","software_attack_id":"S0320","tidal_id":"6674c300-4e04-53ed-8424-e165548ed1a6","created":"2026-01-28T13:08:09.937491Z","modified":"2026-01-28T13:08:09.937493Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9c44d3f9-7a7b-4716-9cfa-640b36548ab0","name":"DropBook","type":"malware","source":"MITRE","software_attack_id":"S0547","tidal_id":"e669723c-99d6-56a4-aae1-f801ac087e9e","created":"2020-12-22T18:36:12.214000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)]</sup>","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"bb7f7c19-ffb5-4bfe-99b1-ead3525c5e7b","name":"Drovorub","type":"malware","source":"MITRE","software_attack_id":"S0502","tidal_id":"f1f87b83-f0fa-577a-a24d-6fbab43c747c","created":"2020-08-25T18:05:14.953000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[NSA/FBI Drovorub August 2020](https://app.tidalcyber.com/references/d697a342-4100-4e6b-95b9-4ae3ba80924b)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"367c5e33-cca6-4756-8989-5da4d8ce0a10","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"35c5fa9f-748a-4966-9cff-20232614ef2f","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"c504496f-e56b-4ab3-a243-de1f25bc9f93","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"71033d89-2bd7-41e7-8a7b-3c82c390205c","name":"D_Safe_Manage","type":"tool","source":"Tidal Cyber","software_attack_id":"S3577","tidal_id":"70a1547c-3804-5900-99b7-11bf6319e818","created":"2025-10-13T17:29:23.005751Z","modified":"2025-10-13T17:29:23.005756Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3eeca566-be9e-452e-9db7-209882672a28","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"6b4f42e2-f334-4b58-a218-52ad996b82b9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb42f7b9-e1ff-42ef-bbb5-72f2d2e2e326","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ff5b22d0-dce9-4766-9f3b-d35507d2fbab","name":"dscl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3817","tidal_id":"b8c2c12d-7e86-531d-823d-269f4e6929aa","created":"2025-12-24T14:57:29.379684Z","modified":"2025-12-24T14:57:29.379688Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"af908559-910c-479b-b0b0-c9ae2b9bba4d","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"ce9177a4-788c-4ce6-873b-c38cc7b16cdd","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2d7d93ba-129a-4950-b113-ec2a732cfdec","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9139c12f-a6d9-4300-8735-9298bc46a0bf","name":"dsdbutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3338","tidal_id":"c1456364-6869-5761-906e-66e1eb073272","created":"2024-01-12T14:48:31.991839Z","modified":"2024-01-12T14:48:31.991842Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ce37a7fa-5501-489f-8a20-c9ace5c9885c","name":"dsdbutil.exe","description":"<sup>[[dsdbutil.exe - LOLBAS Project](/references/fc982faf-a37d-4d0b-949c-f7a27adc3030)]</sup>","source":"Tidal Cyber","associated_software_id":"dc0ffa58-c5d3-4ea4-ab3f-4e9e75bc92b8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b0560917-c736-4bac-b561-7ef739289ff5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ccece1b0-0c74-4be7-b2a2-633f8028e0e2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f77708f2-2a3b-4f16-b3d2-368acbc0a557","name":"DSLog","type":"malware","source":"Trellix TIG","software_attack_id":"S3459","tidal_id":"1ce7f26b-f698-5fd5-8bf8-ca64b4fad9f0","created":"2025-04-11T15:06:52.130339Z","modified":"2025-04-11T15:06:52.130342Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c6f6644f-707a-47ce-a9df-a67ca0e5efa7","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"06402bdc-a4a1-4e4a-bfc4-09f2c159af75","name":"dsquery","type":"tool","source":"MITRE","software_attack_id":"S0105","tidal_id":"16a51790-4fb4-5677-a8d7-517b785fbc6d","created":"2017-05-31T21:33:04.937000Z","modified":"2022-10-13T13:34:53.355000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6f9d2012-0617-4e81-8213-98e6e6998260","name":"dsquery.exe","description":"","source":"MITRE","associated_software_id":"8e9c7640-e49f-42ea-b28f-a00e4019fb4c","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye Know Your Enemy FIN8 Aug 2016](https://app.tidalcyber.com/references/0119687c-b46b-4b5f-a6d8-affa14258392)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9e83b79f-5036-48e3-af92-1162b4da90c0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"92b11fad-7a81-42a2-b589-494386bba013","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c1829d53-b6e9-4079-a9bb-f8468725ef02","tag":"cb3d30b3-8cfc-4202-8615-58a9b8f7f118"},{"id":"3ba1a549-9cbe-40c5-9703-4ee60be90e0b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"aa21462d-9653-48eb-a82e-5c93c9db5f7a","name":"Dtrack","type":"malware","source":"MITRE","software_attack_id":"S0567","tidal_id":"7de05bdd-f1e0-5c8b-9989-ac97a3b2af3b","created":"2021-01-25T13:58:24.977000Z","modified":"2022-10-18T22:01:45.646000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky Dtrack](https://app.tidalcyber.com/references/0122ee35-938d-493f-a3bb-bc75fc808f62)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit42 Jumpy Pisces October 30 2024](/references/2da2d3c6-cf19-49c8-8a82-2119b14d4e03)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c0695210-da0b-4052-81c1-589e20e3899a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"13eaf685-207b-46f8-81e9-6b4dc24da935","name":"dtutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3480","tidal_id":"6f8b977b-19b9-5962-8aa8-dfe7bdf1f3a0","created":"2025-05-20T16:19:09.196076Z","modified":"2025-05-20T16:19:09.196080Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"46fcada5-74f5-4de4-9565-b3f8216e4d7b","name":"dtutil.exe","description":"<sup>[[dtutil.exe - LOLBAS Project](/references/dc76db65-5a5a-43ab-8e84-6cd38a4524a7)]</sup>","source":"Tidal Cyber","associated_software_id":"99180fe3-cdce-4a51-a7d0-dabb242afb9f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"1681764d-e0c3-4ffe-b0ac-6c512a6251f0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"58d021d4-1c4a-4d7a-a167-72caf87eb075","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"299ac3dc-bbd7-56da-92e0-078f0aa49f48","name":"DualToy","type":"malware","source":"Mobile","software_attack_id":"S0315","tidal_id":"299ac3dc-bbd7-56da-92e0-078f0aa49f48","created":"2026-01-28T13:08:09.938146Z","modified":"2026-01-28T13:08:09.938148Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"13482336-e22b-48e9-bd49-c6e6fc6612ec","name":"Dump64","type":"tool","source":"Tidal Cyber","software_attack_id":"S3339","tidal_id":"7b6e4f39-a457-58a2-9282-fc18f156c359","created":"2024-01-12T14:48:32.390935Z","modified":"2024-01-12T14:48:32.390939Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a8818d86-a623-435b-a046-d2490b057b6c","name":"Dump64.exe","description":"<sup>[[Dump64.exe - LOLBAS Project](/references/b0186447-a6d5-40d7-a11d-ab2e9fb93087)]</sup>","source":"Tidal Cyber","associated_software_id":"cf43ff32-746a-44c9-9fbe-aa50b747f5a8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2733c40-c0b0-470e-8013-6dac8882af55","tag":"0f09c7f5-ba57-4ef0-a196-e85558804496"},{"id":"b6fdd6da-5f0b-4011-91aa-94a8a372200b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ef1731d6-4f00-4e32-b3b3-b4f9c6470714","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0ffc1b99-5ca1-4af4-95c7-7a311a32f911","name":"Dumpert","type":"tool","source":"Tidal Cyber","software_attack_id":"S3166","tidal_id":"358905e5-7d93-590f-8fb1-16ea443a6405","created":"2024-09-06T15:14:34.875409Z","modified":"2024-09-06T15:14:34.875412Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"147ae3c6-1afe-4d88-80d0-cc867a61b150","tag":"bdeef9bf-b9d5-41ec-9d4c-0315709639a2"},{"id":"47de3a2e-6a4d-436b-96f3-d9f55f1a4d1d","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"211e1086-8006-45d8-b753-e4955477c462","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"e74636f4-f114-4509-8d3c-720552b9b6b8","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"8ae4f5ca-f963-4079-8280-21ec5d7d7953","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"1b985d21-ba19-4789-8abb-f7109fb3b482","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"47612ac9-11e3-408a-b50f-8795621b79b2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d64db39f-9570-4671-92e3-d4041c13cb8b","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"60383eab-b1e7-43a9-9fdc-1673c17682ed","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"7f3bf76a-4e6a-45f1-a4bf-400d5a914e52","name":"DumpMinitool","type":"tool","source":"Tidal Cyber","software_attack_id":"S3340","tidal_id":"69cffc98-d63e-5fe7-8be6-c1698f035c05","created":"2024-01-12T14:48:32.743777Z","modified":"2024-01-12T14:48:32.743781Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"85c476ba-baf2-4777-ad2d-ebe673c5ec9b","name":"DumpMinitool.exe","description":"<sup>[[DumpMinitool.exe - LOLBAS Project](/references/4634e025-c005-46fe-b97c-5d7dda455ba0)]</sup>","source":"Tidal Cyber","associated_software_id":"2aeee11b-2b25-4b93-ad2f-1bb60ac491a4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6a9ef1e6-b0e4-416f-88ed-19cb37e607cb","tag":"3b6ad94f-83ce-47bf-b82d-b98358d23434"},{"id":"90e73759-78da-4161-a92c-3166f2789c41","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"53a8fbf8-d10d-43f4-9f3a-4f588e6dd686","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d4a664e5-9819-4f33-8b2b-e6f8e6a64999","name":"Duqu","type":"malware","source":"MITRE","software_attack_id":"S0038","tidal_id":"de790ec5-56eb-5b3a-9403-58b9936eb04f","created":"2017-05-31T21:32:31.188000Z","modified":"2022-05-24T14:00:00.188000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c685143b-8f55-475f-9fa8-decc37945984","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"78454d3f-fa12-5b6f-9390-6412064d7c8d","name":"DUSTPAN","type":"malware","source":"MITRE","software_attack_id":"S1158","tidal_id":"78454d3f-fa12-5b6f-9390-6412064d7c8d","created":"2024-10-31T16:28:03.035729Z","modified":"2024-10-31T16:28:03.035732Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[DUSTPAN](https://app.tidalcyber.com/software/78454d3f-fa12-5b6f-9390-6412064d7c8d) has been used by [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) in various campaigns since at least 2021.<sup>[[Google Cloud APT41 2022](https://app.tidalcyber.com/references/c65cfdde-bc7f-5cd2-b1ee-066b7cc2eb6a)]</sup><sup>[[Google Cloud APT41 2024](https://app.tidalcyber.com/references/33bb9f8a-db9d-5dda-b4ae-2ba7fee0a0ae)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"76322fd6-8cb2-4d4c-bb11-4bf2184a52c1","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"ed72d5bb-2cf7-51a4-9d76-97fbd11c54d0","name":"DUSTTRAP","type":"malware","source":"MITRE","software_attack_id":"S1159","tidal_id":"ed72d5bb-2cf7-51a4-9d76-97fbd11c54d0","created":"2024-10-31T16:28:02.964080Z","modified":"2024-10-31T16:28:02.964083Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[DUSTTRAP](https://app.tidalcyber.com/software/ed72d5bb-2cf7-51a4-9d76-97fbd11c54d0) is used by [APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9).<sup>[[Google Cloud APT41 2024](https://app.tidalcyber.com/references/33bb9f8a-db9d-5dda-b4ae-2ba7fee0a0ae)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"38a54dec-eb93-4863-8f97-901897ac2718","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"77506f02-104f-4aac-a4e0-9649bd7efe2e","name":"DustySky","type":"malware","source":"MITRE","software_attack_id":"S0062","tidal_id":"a3a853b7-8d09-54b1-b985-3f4bd8981065","created":"2017-05-31T21:32:41.750000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d1c03706-295a-4266-aaff-8383523be9c9","name":"NeD Worm","description":"","source":"MITRE","associated_software_id":"f41beff8-0ae1-48d6-bb13-b47c4763f4d1","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[DustySky](https://app.tidalcyber.com/references/b9e0770d-f54a-4ada-abd1-65c45eee00fa)]</sup><sup>[[DustySky2](https://app.tidalcyber.com/references/4a3ecdec-254c-4eb4-9126-f540bb21dffe)]</sup><sup>[[Kaspersky MoleRATs April 2019](https://app.tidalcyber.com/references/38216a34-5ffd-4e79-80b1-7270743b728e)]</sup>","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"497e8d8d-ecce-44c8-93a9-120faab55fb3","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"f93ba84a-28d1-56bd-aedb-abc6a58dad66","name":"Dvmap","type":"malware","source":"Mobile","software_attack_id":"S0420","tidal_id":"f93ba84a-28d1-56bd-aedb-abc6a58dad66","created":"2026-01-28T13:08:09.937727Z","modified":"2026-01-28T13:08:09.937728Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9b5039b9-c5f1-4516-88ef-f63966ec2b36","name":"Dxcap","type":"tool","source":"Tidal Cyber","software_attack_id":"S3341","tidal_id":"abe7d8a5-61a8-53f5-9c01-671af8e02d84","created":"2024-01-12T14:48:33.136482Z","modified":"2024-01-12T14:48:33.136486Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3695b720-e485-41d3-b135-d3025c199cc6","name":"Dxcap.exe","description":"<sup>[[Dxcap.exe - LOLBAS Project](/references/7611eb7a-46b7-4c76-9728-67c1fbf20e17)]</sup>","source":"Tidal Cyber","associated_software_id":"71444288-becb-435f-b1f9-b4abce44d092","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2910d09-b92b-42a5-934d-103ec3571f08","tag":"6d065f28-e32d-4e87-b315-c43ebc45532a"},{"id":"7b753cb5-704d-49a9-ad18-2e55225b98ae","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f823db11-5ee5-4469-a337-40dda1dc0dcb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5de3c919-7601-48ff-94f5-97514075a1f9","name":"dxgi.dll backdoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3564","tidal_id":"9d50e074-7d03-5ec9-9424-3019e765259e","created":"2025-10-07T14:07:34.518702Z","modified":"2025-10-07T14:07:34.518704Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research 09 22 2025](/references/e813f0cf-b9de-429a-8699-aadd90b5de4f)]</sup>","group_attack_id":"G3128","group_id":"562cc30a-b238-477b-9cce-592afe68ec66","name":"Subtle Snail","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Check Point Research 09 22 2025](/references/e813f0cf-b9de-429a-8699-aadd90b5de4f)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1a284046-b2c7-4ef0-bf13-6c03c4743f64","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"856e95ad-8ac6-41a3-9c4b-9c70f8d251c2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0b5868fe-a220-403a-82b1-543e983611a1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"015070d5-9a8f-4e19-96f6-e5accaa8b0d8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"38e012f7-fb3a-4250-a129-92da3a488724","name":"Dyre","type":"malware","source":"MITRE","software_attack_id":"S0024","tidal_id":"e3ed8203-0121-5d3c-8b33-44ed71c2fb67","created":"2017-05-31T21:32:19.746000Z","modified":"2020-06-22T17:59:13.241000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1eb50200-1a51-4829-ac96-6f74430bbe3a","name":"Dyzap","description":"<sup>[[Sophos Dyreza April 2015](https://app.tidalcyber.com/references/50f9aa49-dde5-42c9-ba5c-f42281a71b7e)]</sup>","source":"MITRE","associated_software_id":"5cad75f1-7395-4eb1-9370-c36857b4fcb4","owner_id":null,"owner_name":null},{"id":"5df5b306-56dc-41d2-8a8f-91947d1d6e66","name":"Dyreza","description":"<sup>[[Sophos Dyreza April 2015](https://app.tidalcyber.com/references/50f9aa49-dde5-42c9-ba5c-f42281a71b7e)]</sup>","source":"MITRE","associated_software_id":"ee1346ac-a3e0-45dd-963c-497fca47c3e8","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Forbes Dyre May 2017](https://app.tidalcyber.com/references/8fb3ef2f-3652-4563-8921-2c601d1b9bc9)]</sup><sup>[[CrowdStrike Wizard Spider March 2019](https://app.tidalcyber.com/references/d7001d6f-97a1-4155-8f74-3d878d4cbb27)]</sup><sup>[[Malwarebytes TrickBot Sep 2019](https://app.tidalcyber.com/references/4d6d258f-a57f-4cfd-880a-1ecd98e26d9f)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ee14e483-b5ef-4931-9c2a-72046b6555cc","name":"Earthworm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3053","tidal_id":"7adc85a6-67a3-5cfa-9b5b-2305728e4f63","created":"2023-07-14T12:56:40.259697Z","modified":"2023-07-14T12:56:40.259701Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"52d65cd4-42ae-4350-9dfe-68e9f8d9a229","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"37a87408-46fc-432a-b3eb-d440e4ad0369","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f3e6a980-8705-4fee-94f5-600e2ff958d3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"642a4167-03cb-4608-8f1e-ca523d121844","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"77c3d21c-4480-4a99-80c6-ba065daf2d6d","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"da398264-fb88-4d06-a693-2a5f404a0db9","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"920a805f-ac92-4ea5-b3c6-12efbcf4346f","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f5485ec9-0447-4969-b8cb-755de21f49f7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a66498c9-ad69-48a0-b419-780ad9a12137","name":"EasyTier","type":"tool","source":"Tidal Cyber","software_attack_id":"S3578","tidal_id":"a0e33f3b-143f-5dfc-9d5f-fcce5d5fe7bb","created":"2025-10-13T17:29:23.149228Z","modified":"2025-10-13T17:29:23.149231Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5047866c-8ca6-4976-a00a-0476f4e659ea","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"35e0dc49-f9d2-4bcb-b3b2-a497bc64649b","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"9b06780e-8263-42c1-b864-695d622b3a7b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4ce40cca-22a6-404b-a6f4-920816817141","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f6769fbe-b150-4cc9-8479-5c50433dbfa5","name":"Eazfuscator.NET","type":"tool","source":"Tidal Cyber","software_attack_id":"S3629","tidal_id":"3f9c51c6-2adb-59ed-8356-b2e34090a0cb","created":"2025-11-19T17:45:38.800875Z","modified":"2025-11-19T17:45:38.800880Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog November 03 2025](/references/4fc98ad2-fabe-46a7-8546-db22dd737177)]</sup>","group_attack_id":"G3148","group_id":"83996f9f-7f96-479b-9295-6582b13905c2","name":"SesameOp threat actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"15b51805-2203-4a3a-bc15-8cb59de45787","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3488fdc7-6353-45e2-9c45-d3ba0cdacbe9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2375465a-e6a9-40ab-b631-a5b04cf5c689","name":"Ebury","type":"malware","source":"MITRE","software_attack_id":"S0377","tidal_id":"30b5cd32-01a8-5cbe-93b0-eaf273df7fdd","created":"2019-04-19T16:40:24.922000Z","modified":"2021-04-23T22:56:14.591000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Ebury Oct 2017](https://app.tidalcyber.com/references/5257a8ed-1cc8-42f8-86a7-8c0fd0e553a7)]</sup>","group_attack_id":"G0124","group_id":"eeb69751-8c22-4a5f-8da2-239cc7d7746c","name":"Windigo","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"70f703b3-0e24-4ffe-9772-f0e386ec607f","name":"ECCENTRICBANDWAGON","type":"malware","source":"MITRE","software_attack_id":"S0593","tidal_id":"60c87400-2efe-5bea-9e32-e99e4a268c05","created":"2021-03-18T16:15:53.977000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA AA20-239A BeagleBoyz August 2020](https://app.tidalcyber.com/references/a8a2e3f2-3967-4e82-a36a-2436c654fb3f)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA EB Aug 2020](https://app.tidalcyber.com/references/a1b143f9-ca85-4c11-8909-49423c9ffeab)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ef28eb75-a127-471f-a0a2-dfccfef9ee2e","name":"echo","type":"tool","source":"Trellix TIG","software_attack_id":"S3464","tidal_id":"a8914859-4080-5baf-a547-74e81a03ad2f","created":"2025-04-11T15:06:53.018663Z","modified":"2025-04-11T15:06:53.018666Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f67b1628-5dc8-4cdb-8b85-9c3007bb21e1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6cc9a566-842b-460e-888b-fd23da75b59f","name":"EchoGather","type":"malware","source":"Tidal Cyber","software_attack_id":"S3834","tidal_id":"290ab67e-9e99-5be7-8817-0e9328d4b9e1","created":"2025-12-29T17:41:06.244300Z","modified":"2025-12-29T17:41:06.244304Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Intezer December 19 2025](/references/53d1f9b0-855f-4478-9e13-a15f2dcdec9f)]</sup>","group_attack_id":"G3186","group_id":"86a9fd02-00d4-40da-acb5-15c953cb126c","name":"Paper Werewolf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f8ae911e-8d33-447c-b97a-8ef82c9cb6f5","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"f49536c8-7889-4fe4-bb15-b2536858bdcf","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"142f2af1-f3ec-4542-83f9-32632965f57d","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"d7bfac35-12ff-45b9-b377-6b9aadb8e3c2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c03d8dc1-7cbd-4058-85be-a763f334c9be","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6508d3dc-eb22-468c-9122-dcf541caa69c","name":"Ecipekac","type":"malware","source":"MITRE","software_attack_id":"S0624","tidal_id":"f9e3fe9a-be04-545b-97f6-d5ecdc714a34","created":"2021-06-18T18:56:41.244000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"01b34b53-64bf-4504-b18f-44f05a504a57","name":"DESLoader","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"a24219ab-2f4a-4922-864c-ea07e354bab2","owner_id":null,"owner_name":null},{"id":"078fc151-e008-4984-a3bc-a6678e279e66","name":"SigLoader","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"8c68d850-b73d-40d8-9499-26ec1c1dbbb2","owner_id":null,"owner_name":null},{"id":"7a48fb2f-6237-412d-bc9e-cc7dc2658800","name":"HEAVYHAND","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"3c935fc9-aedf-4800-b6a1-f52612702600","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"44ce2a4b-e7a9-4248-b7c4-f72ed33ee6a1","name":"ECMangen","type":"tool","source":"Tidal Cyber","software_attack_id":"S3865","tidal_id":"dcfd02d0-8acc-51d4-96f2-631d5353ff24","created":"2026-01-06T18:05:04.833401Z","modified":"2026-01-06T18:05:04.833405Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bb72291a-cf6e-4104-93c1-d2d58722ce91","name":"ECMangen.exe","description":"<sup>[[ECMangen.exe - LOLBAS Project](/references/9fb37080-6703-4882-bf7c-8226c724dcd9)]</sup>","source":"USER","associated_software_id":"f90f2787-9363-4a80-8325-1022243b5f15","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ac5bdcb7-bffb-4394-8248-43c7bc643adb","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"83fac81e-3286-42a2-a5e9-b6aa6e3571c2","name":"EdgeStepper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3675","tidal_id":"c3f50cbe-b5d8-50db-8f2c-2c4e842ae3f6","created":"2025-12-10T14:14:52.292374Z","modified":"2025-12-10T14:14:52.292379Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"99fc291b-0cdb-40cd-88ff-2b74037bc308","name":"bioset","description":"<sup>[[ESET PlushDaemon November 19 2025](/references/fd6d089e-4549-4442-91bf-3cf1e85db012)]</sup>","source":"USER","associated_software_id":"b0f7acb1-68ba-4c7c-9796-8b27ec3c5f58","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"53540233-b2e3-46e2-9318-2bd5f0a48f15","name":"dns_cheat_v2","description":"<sup>[[ESET PlushDaemon November 19 2025](/references/fd6d089e-4549-4442-91bf-3cf1e85db012)]</sup>","source":"USER","associated_software_id":"490bc1e0-9c88-42aa-baea-336a4be70aa3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ESET PlushDaemon November 19 2025](/references/fd6d089e-4549-4442-91bf-3cf1e85db012)]</sup>","group_attack_id":"G3069","group_id":"3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6","name":"PlushDaemon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c2df9fa9-ed7a-4ad7-bbc5-67576e5104d2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"33182519-4f33-4cf5-90d8-c7ad7e5de52d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1233436f-2a00-4557-89a4-8cbc45e6f9f7","name":"EDRKillShifter","type":"malware","source":"Tidal Cyber","software_attack_id":"S3147","tidal_id":"64f5ce4c-e698-5c74-a0ca-09e5d2401b75","created":"2024-08-23T18:43:17.237784Z","modified":"2024-08-23T18:43:17.237788Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News August 14 2024](/references/d0811fd4-e89d-4337-9bc1-a9a8774d44b1)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]</sup>","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"11401aed-3863-4da3-8d26-a80c2e0ff3ed","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"233c16d9-c11c-4c8b-8370-699443e8f556","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1f5d11ad-d9ed-421c-a580-9823e1e2b475","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fbd2d7b0-0aa8-459f-8bfa-16daae769282","name":"EDRSandBlast","type":"tool","source":"Tidal Cyber","software_attack_id":"S3165","tidal_id":"1e16ad39-0b60-58dd-bc90-bf99e7a59eaa","created":"2024-09-06T15:14:34.677966Z","modified":"2024-09-06T15:14:34.677970Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Morphisec September 3 2024](/references/90549699-8815-45e8-820c-4f5a7fc584b8)]</sup>","group_attack_id":"G3051","group_id":"7a28cff6-80df-49e1-8457-a0305e736897","name":"Cicada3301 Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"452134e8-5b2a-4c7b-9c26-f028eed33040","tag":"835c9c79-3824-41ec-8d5a-1e2526e89e0b"},{"id":"d6a3acd6-5106-4999-abde-8c487c10b9fb","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"350b09b1-8ef3-4ea4-bbb8-f8d216b24096","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"dd5d4f0b-5d7b-4c49-a059-a9a3e72b94ec","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"6c54a849-13cc-44eb-ac60-d161fe919c6d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a2e277d6-8f75-4caa-b098-04b2336d6eac","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"9c62329b-d02e-457a-9add-4df749eb7f54","name":"EDRSilencer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3405","tidal_id":"c5960f79-af3f-512d-b16e-6c4f0f3b4922","created":"2024-10-18T13:27:09.832087Z","modified":"2024-10-18T13:27:09.832093Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"dce14f61-23b5-4997-83ea-a1ad6e6bb12e","tag":"3eb94192-3889-4cde-8c5f-460afa2fccce"},{"id":"cd2c7e9d-29c5-4a03-9320-f7d9d6ee0e1d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c97bff4f-3c27-4be8-860b-5e1b3826e6c1","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"d1279b84-11f4-4804-9e5e-05c650960aac","name":"Edumper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3157","tidal_id":"6fdd28a2-5313-5ad3-9bf6-a60efe79efc9","created":"2024-09-04T12:51:11.615351Z","modified":"2024-09-04T12:51:11.615354Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3a3cdf81-056d-45c4-bafc-365ede9ec1fd","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"0038fc6b-7f24-43fc-96e7-5998c253c10b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"46cb770c-8792-4023-8ead-55c22020dd89","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9f157da2-75af-45fe-b2a6-b47db2fe2cfd","name":"EfsPotato","type":"tool","source":"Tidal Cyber","software_attack_id":"S3542","tidal_id":"e2edf763-8a0e-5400-a93b-085a08d5620f","created":"2025-09-10T16:39:29.490275Z","modified":"2025-09-10T16:39:29.490279Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9b0c4f61-023b-423d-a254-7c4e4acf1b0d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1a84e11a-763d-4ade-adff-ad11ab49bfff","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"d8918413-89c4-4472-b5f2-578cfc05cb54","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9ffc59ef-6eaf-4b73-9f12-359166f09787","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0e36b62f-a6e2-4406-b3d9-e05204e14a66","name":"Egregor","type":"malware","source":"MITRE","software_attack_id":"S0554","tidal_id":"f33ab5b9-6bbb-5ba7-8ace-b9357b14b2e6","created":"2020-12-29T21:32:27.939000Z","modified":"2021-10-14T21:39:11.008000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]</sup>","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e7e43967-f066-4bd1-8afe-ce1931b0ccd8","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"85fc156c-0a29-48ed-97cd-8adefb32ae04","tag":"3c3f9078-5d1e-4c29-a5eb-28f237bbd1ad"},{"id":"c1add7f5-b554-4986-b30e-f67868c60e33","tag":"0ed7d10c-c65b-4174-9edb-446bf301d250"},{"id":"f685d33b-7f7e-49cb-8dbc-2ab83d144362","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"13e8adc8-fa71-4090-a589-1fc97f8da455","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"0e29c361-cbe4-4916-8140-2530a8859823","name":"egrep","type":"tool","source":"Tidal Cyber","software_attack_id":"S3813","tidal_id":"a9d5ef8d-0542-5042-ab81-74cf138e126b","created":"2025-12-24T14:57:28.795928Z","modified":"2025-12-24T14:57:28.795931Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"0d0c78c4-de4f-4f9c-bf19-98da6c29cbfc","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"95477a8c-29de-428d-bc50-cce1394670cc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ccf05e66-58a3-4816-9a9e-a32c4df97e48","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"19c2bf07-dac0-43c3-a8ca-5bfa34410ce2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b07485b6-77d8-4b28-a272-4ead1ea2fcc2","name":"eHorus","type":"tool","source":"Tidal Cyber","software_attack_id":"S3445","tidal_id":"c991a318-a5f5-50d7-9369-286570843915","created":"2025-03-17T18:33:47.780513Z","modified":"2025-03-17T18:33:47.780517Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e04d10f5-0364-43b6-8544-d9de53a5bc6a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"1fa1227a-e0ee-49dd-b222-0aa827a0aae9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c8f123b3-bacb-45e2-9835-1851ae746b4e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a16f30f3-d339-4d6e-8f16-c73bafd801c5","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"06eb15d3-34c5-48bd-ba41-0b91cdb93b35","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cd7821cb-32f3-4d81-a5d1-0cdee94a15c4","name":"EKANS","type":"malware","source":"MITRE","software_attack_id":"S0605","tidal_id":"ce440376-8780-5505-8fec-e339d8a4f3c9","created":"2021-02-12T20:07:42.883000Z","modified":"2022-05-24T14:00:00.188000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aed277d2-05df-443f-9ed8-e7cc031a0128","name":"SNAKEHOSE","description":"<sup>[[FireEye Ransomware Feb 2020](https://app.tidalcyber.com/references/44856547-2de5-45ff-898f-a523095bd593)]</sup>","source":"ICS","associated_software_id":"de4852b9-1f8b-4ef2-b3da-29be62458ea5","owner_id":null,"owner_name":null},{"id":"7eed201b-5296-4e1d-aef8-09020912ee1e","name":"SNAKEHOSE","description":"<sup>[[FireEye Ransomware Feb 2020](https://app.tidalcyber.com/references/44856547-2de5-45ff-898f-a523095bd593)]</sup>","source":"MITRE","associated_software_id":"de4852b9-1f8b-4ef2-b3da-29be62458ea5","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"00016447-d88f-431f-866b-31651928eb2f","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"319f01b7-9cf2-487c-9c53-44ad4074cf15","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3e3a084c-154a-468d-a9d4-6673c60f9e82","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a2ad5253-e31b-432c-804d-971be8652344","name":"Eldorado Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3145","tidal_id":"639be676-6c19-5fb0-a69a-15f1bd102f85","created":"2024-07-19T15:48:23.393461Z","modified":"2024-07-19T15:48:23.393467Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Group-IB July 3 2024](/references/50148a85-314c-4b29-bdfc-913ab647dadf)]</sup>","group_attack_id":"G3045","group_id":"26e1c52e-0c48-4cd0-bdc5-9cf981a6e714","name":"Eldorado Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2e03f8f5-9a8e-473e-89e6-802c7e718e6b","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"d119f3f9-240a-42c2-bdc1-1c3fd6ea0c7f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3236bee0-18a6-4935-9a09-75bb0e08d2a6","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"d31fbf69-fa89-45b6-b6a5-1e6c37cc6378","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"115e696b-55d1-42f0-a592-cd0c7c85e72e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bb548f6c-b76a-43ec-a988-2f7c180b135e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd5efee9-8710-4536-861f-c88d882f4d24","name":"Elise","type":"malware","source":"MITRE","software_attack_id":"S0081","tidal_id":"01a4daca-ee23-5c93-bcae-43703610415c","created":"2017-05-31T21:32:54.416000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7bcca200-50e1-4a9d-8132-cecee4ba978e","name":"Page","description":"<sup>[[Lotus Blossom Jun 2015](https://app.tidalcyber.com/references/46fdb8ca-b14d-43bd-a20f-cae7b26e56c6)]</sup>","source":"MITRE","associated_software_id":"87856d15-2fdc-42fd-b8c0-d48505ec5691","owner_id":null,"owner_name":null},{"id":"c77bf151-07c8-43e2-9939-80d41fb72305","name":"BKDR_ESILE","description":"<sup>[[Lotus Blossom Jun 2015](https://app.tidalcyber.com/references/46fdb8ca-b14d-43bd-a20f-cae7b26e56c6)]</sup>","source":"MITRE","associated_software_id":"12b94df0-6a70-4946-8672-72e770bc12a1","owner_id":null,"owner_name":null}],"groups":[{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Elise](https://app.tidalcyber.com/software/fd5efee9-8710-4536-861f-c88d882f4d24).<sup>[[Spring Dragon Jun 2015](https://app.tidalcyber.com/references/2cc38587-a18e-47e9-a8bb-e3498e4737f5)]</sup><sup>[[Accenture Dragonfish Jan 2018](https://app.tidalcyber.com/references/f692c6fa-7b3a-4d1d-9002-b1a59f7116f4)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"58edd693-6296-4918-9894-e5cf2b2534c1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6a3ca97e-6dd6-44e5-a5f0-7225099ab474","name":"ELMER","type":"malware","source":"MITRE","software_attack_id":"S0064","tidal_id":"96fbce83-3d5a-50b6-81ef-036bf0d9d1e2","created":"2017-05-31T21:32:43.237000Z","modified":"2022-07-26T23:33:26.355000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye EPS Awakens Part 2](https://app.tidalcyber.com/references/7fd58ef5-a0b7-40b6-8771-ca5e87740965)]</sup>","group_attack_id":"G0023","group_id":"06a05175-0812-44f5-a529-30eba07d1762","name":"APT16","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"27363f64-dbe6-5802-8c04-1dbf96e8eacc","name":"Embargo","type":"malware","source":"MITRE","software_attack_id":"S1247","tidal_id":"27363f64-dbe6-5802-8c04-1dbf96e8eacc","created":"2025-10-29T21:08:48.110715Z","modified":"2025-10-29T21:08:48.110715Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a66c9d30-697c-42f5-9f6d-50f6d88f6a79","name":"Embargo ransomware","description":"<sup>[[CrowdStrike.com November 18 2025](/references/64ae5734-c8cc-41e0-ba24-79e1d6ebc475)]</sup>","source":"USER","associated_software_id":"a6a58e15-5247-4cf1-a30e-115cb47bb155","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) has used [Embargo](https://app.tidalcyber.com/software/27363f64-dbe6-5802-8c04-1dbf96e8eacc) for ransomware activities.<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup><sup>[[Microsoft Storm-0501 Embargo Ransomware August 2025](https://app.tidalcyber.com/references/a3b3ad77-6119-59da-899a-d9cfa840f18c)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4c3ac1f2-6f91-4fa2-ae40-8fb84cec2563","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"5165f7af-9212-4175-8f82-e31e7db5de64","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a0245953-0ae1-4559-a025-e30793ecb6a5","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"2470a398-4507-4e82-bcc4-1a70ee6efb4c","name":"Embargo Ransomware (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3389","tidal_id":"3560ac81-c9cb-5201-ab11-6290d3e9a92c","created":"2024-10-04T20:33:21.883352Z","modified":"2024-10-04T20:33:21.883357Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0810802b-f476-4177-9645-affd9ca417ad","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"f7426bd5-1d7c-4aac-b7f4-6810b16c0b78","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"1e568907-0b43-46fb-b2d8-703182270c02","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"6c87b4b9-14c8-410d-8e4e-559b857418df","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9eb072eb-2169-476e-a63c-f68abb0f2c27","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd95d38d-83f9-4b31-8292-ba2b04275b36","name":"Emissary","type":"malware","source":"MITRE","software_attack_id":"S0082","tidal_id":"7298d327-e33e-556b-8505-576b06d39c94","created":"2017-05-31T21:32:54.772000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Emissary](https://app.tidalcyber.com/software/fd95d38d-83f9-4b31-8292-ba2b04275b36).<sup>[[Lotus Blossom Dec 2015](https://app.tidalcyber.com/references/dcbe51a0-6d63-4401-b19e-46cd3c42204c)]</sup><sup>[[Emissary Trojan Feb 2016](https://app.tidalcyber.com/references/580ce22f-b76b-4a92-9fab-26ce8f449ab6)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c987d255-a351-4736-913f-91e2f28d0654","name":"Emotet","type":"malware","source":"MITRE","software_attack_id":"S0367","tidal_id":"10d70186-7aff-5aa1-b093-faa7ff945fa8","created":"2019-03-25T18:35:14.353000Z","modified":"2020-11-24T20:15:54.954000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fb223f10-20b0-4647-9383-3041ad7001b6","name":"Geodo","description":"<sup>[[Trend Micro Emotet Jan 2019](https://app.tidalcyber.com/references/a81f1dad-5841-4142-80c1-483b240fd67d)]</sup>","source":"MITRE","associated_software_id":"ee981808-fa0c-462c-b767-e48f1ca7122a","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c14d4cfa-806f-411a-85ba-7357a2954985","tag":"71dfe8d1-666f-4e71-8761-d2876078fb3e"},{"id":"9b2dd542-98ea-4713-ac08-47513240ab49","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"d59c3c98-0623-4522-bc3d-a2967d4b5ed6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fea655ac-558f-4dd0-867f-9a5553626207","name":"Empire","type":"tool","source":"MITRE","software_attack_id":"S0363","tidal_id":"670cfd82-17d8-5033-bc39-f37760664c0f","created":"2019-03-11T14:13:40.648000Z","modified":"2022-06-03T17:55:43.889000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c313912e-cd3c-4ae8-ab5a-c3ab40585762","name":"PowerShell Empire","description":"<sup>[[Github PowerShell Empire](https://app.tidalcyber.com/references/017ec673-454c-492a-a65b-10d3a20dfdab)]</sup>","source":"MITRE","associated_software_id":"8745d0f6-8771-4588-bd2f-b80d418908ee","owner_id":null,"owner_name":null},{"id":"170fe9fa-1386-490d-97d4-b4a099fbd686","name":"EmPyre","description":"<sup>[[Github PowerShell Empire](https://app.tidalcyber.com/references/017ec673-454c-492a-a65b-10d3a20dfdab)]</sup>","source":"MITRE","associated_software_id":"55859df1-5c3b-4b9b-b0d0-39c5c82c59f9","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)]</sup><sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup><sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCSC Joint Report Public Tools](https://app.tidalcyber.com/references/601d88c5-4789-4fa8-a9ab-abc8137f061c)]</sup>","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET Turla August 2018](https://app.tidalcyber.com/references/e725fb9d-65b9-4e3f-9930-13c2c74b7fa4)]</sup><sup>[[ESET Crutch December 2020](https://app.tidalcyber.com/references/8b2f40f5-7dca-4edf-8314-a8f5bc4831b8)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]</sup><sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used multiple publicly available tools during operations, such as Empire.<sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]</sup>","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Lab52 WIRTE Apr 2019](https://app.tidalcyber.com/references/884b675e-390c-4f6d-8cb7-5d97d84115e5)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Sygnia Elephant Beetle Jan 2022](https://app.tidalcyber.com/references/932897a6-0fa4-5be3-bf0b-20d6ddad238e)]</sup>","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Group IB Silence Aug 2019](https://app.tidalcyber.com/references/2c314eb6-767f-45b9-8a60-dba11e06afd8)]</sup>","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[SecureWorks August 2019](https://app.tidalcyber.com/references/573edbb6-687b-4bc2-bc4a-764a548633b5)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye FIN10 June 2017](https://app.tidalcyber.com/references/9d5c3956-7169-48d5-b4d0-f7a56a742adf)]</sup>","group_attack_id":"G0051","group_id":"345e553a-164d-4c9d-8bf9-19fcf8a51533","name":"FIN10","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"50d1b583-83b6-4542-94cd-3f6bd6297c04","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"29307cd8-f174-42ad-a5cf-378112e16a24","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"46029e18-ef8f-4a6c-a29d-d19481d5766d","tag":"4f05a12d-f497-4081-acb9-9a257ab87886"},{"id":"49d76363-9809-4b9b-ab2c-a3e85ba0ec38","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7651417b-3d9e-40c4-88ae-123f79d0fcbd","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"91c9dcf0-466e-443b-b6c3-f654e86e86ca","name":"EncryptHub Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3713","tidal_id":"0c61d950-81a2-5672-89ed-b2d4fcc339a3","created":"2025-12-10T14:14:58.448385Z","modified":"2025-12-10T14:14:58.448390Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"be46f308-2464-4bd2-b733-7adf74a5bedf","name":"EncryptHub Stealer Variant C","description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","source":"USER","associated_software_id":"bca5ef57-ec73-4004-a675-ba0628b1fcc1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"95c9d000-d063-43de-979d-b37722298985","name":"EncryptHub Stealer Variant B","description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","source":"USER","associated_software_id":"95163142-79e6-479c-8777-a05cc2d25017","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8c9108ce-d81a-4f89-b1de-42076688170c","name":"EncryptHub Stealer Variant A","description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","source":"USER","associated_software_id":"787315b5-e82a-42cb-9094-3f483b6a0420","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","group_attack_id":"G3157","group_id":"271cfdb6-e918-4a86-9289-c6a4d6b99ce4","name":"Water Gamayun","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"662f9c80-886d-48cc-8cc1-bd2e5e3f02b5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cd7b7642-58cd-495e-a589-05f74020b248","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8c80743b-f776-40a1-b93d-09f7a0153227","name":"enum4linux","type":"tool","source":"Trellix TIG","software_attack_id":"S3433","tidal_id":"5fe40d9c-1637-52da-9bf7-a4cfb8834087","created":"2025-04-11T15:06:47.210505Z","modified":"2025-04-11T15:06:47.210509Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"8da6fbf0-a18d-49a0-9235-101300d49d5e","name":"EnvyScout","type":"malware","source":"MITRE","software_attack_id":"S0634","tidal_id":"78f56307-3409-5eb5-a49f-812cc5ead69e","created":"2021-08-02T15:31:32.397000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5edf88cf-2d38-49d1-9434-7ac5211ca154","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"a7e71387-b276-413c-a0de-4cf07e39b158","name":"Epic","type":"malware","source":"MITRE","software_attack_id":"S0091","tidal_id":"d5e1b32e-fba6-53ee-a1f1-75267ea642c1","created":"2017-05-31T21:32:58.738000Z","modified":"2020-10-26T14:33:46.159000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"456cbe78-3e2c-4310-95f7-029e2dac553e","name":"Tavdig","description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","source":"MITRE","associated_software_id":"c9f72733-1557-4a9c-9a07-b87e80d84b01","owner_id":null,"owner_name":null},{"id":"0755050c-dc93-49dc-977a-d28f7ce51fac","name":"WorldCupSec","description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","source":"MITRE","associated_software_id":"40bd7e6b-f282-4fac-a707-e21b256e0c52","owner_id":null,"owner_name":null},{"id":"e3abe367-cba2-4d67-ace9-10a4c74418a7","name":"Wipbot","description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","source":"MITRE","associated_software_id":"b0614725-7a40-4a46-9d57-79dfd157af91","owner_id":null,"owner_name":null},{"id":"e009a3b2-5a6f-44cb-84ea-9da186d101a5","name":"TadjMakhal","description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","source":"MITRE","associated_software_id":"eafca858-2534-4dea-b50c-ddf9a9a490f8","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup><sup>[[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e916383d-dff0-49cb-8115-23088b12df97","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"7e08ada4-3cad-5f08-8895-9adaf4d10aef","name":"Escobar","type":"malware","source":"Mobile","software_attack_id":"S1092","tidal_id":"7e08ada4-3cad-5f08-8895-9adaf4d10aef","created":"2026-01-28T13:08:09.939125Z","modified":"2026-01-28T13:08:09.939127Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a7589733-6b04-4215-a4e7-4b62cd4610fa","name":"esentutl","type":"tool","source":"MITRE","software_attack_id":"S0404","tidal_id":"d5249964-bbaa-5d7d-92c9-d662dea06052","created":"2019-09-03T18:25:36.963000Z","modified":"2021-10-01T17:48:10.492000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e68d12cb-d521-4b56-ac52-dbc881ff6198","name":"esentutl.exe","description":"","source":"MITRE","associated_software_id":"285440ba-037a-4b5c-a089-e0af02a62236","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[SOCRadar INC Ransom January 2024](https://app.tidalcyber.com/references/6c78b422-7d46-58a4-a403-421db0531147)]</sup><sup>[[SentinelOne INC Ransomware](https://app.tidalcyber.com/references/5f82878b-2258-5663-8694-efc3179c1849)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3a6b4006-2ce5-4f1e-b44b-846f793cc24e","tag":"ee88899a-2bf0-4b96-bf69-5b686fa463c3"},{"id":"5c5a9065-0560-42a0-a628-f72979870421","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a3009a9d-7aa2-46ca-bf7e-08f2903b79f9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"e2a1c542-82c0-5bbd-8b40-254e72f3a619","name":"eSurv","type":"malware","source":"Mobile","software_attack_id":"S0507","tidal_id":"e2a1c542-82c0-5bbd-8b40-254e72f3a619","created":"2026-01-28T13:08:09.938304Z","modified":"2026-01-28T13:08:09.938306Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"},{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"4aa89bae-3c3b-45c2-a29e-f3b695e87a7a","name":"esxcli","type":"tool","source":"Trellix TIG","software_attack_id":"S3458","tidal_id":"d8c9e059-fd8e-588f-9cb0-065a779f0b4b","created":"2025-04-11T15:06:51.950372Z","modified":"2025-04-11T15:06:51.950376Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"c3e304c8-6e63-4041-9bac-66aafcb37454","name":"EtherRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3744","tidal_id":"c6f54c57-1a92-50b1-8103-b7e37401a668","created":"2025-12-17T14:18:48.409897Z","modified":"2025-12-17T14:18:48.409900Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 December 12 2025](/references/02aae606-da8f-4c9b-86e0-5b960579c8d7)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"809f3f78-8781-47f7-80f1-b7c83fb13e99","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"795a4102-f7a3-4eea-b6a6-a49056d5748e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"68147e5a-023f-45d5-ae02-76bef92830be","name":"Eudcedit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3858","tidal_id":"8cf92789-2f6c-59aa-904e-c7490fd23531","created":"2026-01-06T18:05:03.639367Z","modified":"2026-01-06T18:05:03.639370Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c6475928-9246-4ade-8509-839a8e97745f","name":"Eudcedit.exe","description":"<sup>[[Eudcedit.exe - LOLBAS Project](/references/c2c5be3c-1883-4b35-9dd5-706ecebe041e)]</sup>","source":"USER","associated_software_id":"cfcc8588-1ee8-4eaa-85ad-4a72877cc4d9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5ee0762d-b741-4a04-aef8-00cfe2f3789e","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"670ab76d-7e82-530a-92f3-a13cb57052ad","name":"EventBot","type":"malware","source":"Mobile","software_attack_id":"S0478","tidal_id":"670ab76d-7e82-530a-92f3-a13cb57052ad","created":"2026-01-28T13:08:09.938720Z","modified":"2026-01-28T13:08:09.938721Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"4c371bd9-c97c-42ab-b913-1e19cd409382","name":"Eventvwr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3219","tidal_id":"fbc6e598-b274-5df2-a957-7b9e21f3eb2c","created":"2024-01-12T14:47:49.872941Z","modified":"2024-01-12T14:47:49.872945Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"799734c8-b95b-4d68-9781-3fc4b09178a0","name":"Eventvwr.exe","description":"<sup>[[Eventvwr.exe - LOLBAS Project](/references/0c09812a-a936-4282-b574-35a00f631857)]</sup>","source":"Tidal Cyber","associated_software_id":"51125aee-d1af-4414-90fa-84b6c977c100","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"267eecdf-69bb-4089-b106-d4ca10d26168","tag":"59d03fb8-0620-468a-951c-069473cb86bc"},{"id":"e60936b8-8f9e-4117-89bf-4e7b9067a5b5","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1c09afa1-1106-456d-968f-2767bc378c79","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f7980d81-acd0-4e3e-b224-3d8424b72397","name":"Everything","type":"tool","source":"Tidal Cyber","software_attack_id":"S3473","tidal_id":"ca1679c3-6d33-5bb1-ba30-c87149260fa3","created":"2025-05-20T16:17:58.884526Z","modified":"2025-05-20T16:17:58.884531Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eaa1f64c-9bb9-4bfd-9cf7-2184beaec6aa","name":"Everything.exe","description":"<sup>[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]</sup>","source":"Tidal Cyber","associated_software_id":"a5a9546f-ab91-4a82-91a2-234ca5a0f73a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]</sup>","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2754a728-333e-4c18-89b7-728eb96a7570","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5442b7f3-03d9-48bc-890a-7dbad6c34517","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"e1b83fb1-e7f6-4191-8497-9bfb71bfaa93","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"35d7b8fe-4ef1-4bbc-af6a-60e2f5b5dd4a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c5418c3e-64cf-4ac9-806f-0e1bbc248e63","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a432bf28-41e5-409b-b858-fd98a55db94f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"300e8176-e7ee-44ef-8d10-dff96502f6c6","name":"EvilBunny","type":"malware","source":"MITRE","software_attack_id":"S0396","tidal_id":"1b7f07bb-a934-5178-a74c-7a528dbc1e32","created":"2019-06-28T17:40:32.217000Z","modified":"2021-04-02T00:14:13.954000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"4892c22d-6fd4-4876-8e8a-af968cf61ecc","name":"EvilGinx","type":"malware","source":"Tidal Cyber","software_attack_id":"S3103","tidal_id":"351de5b2-cbcc-5623-bcc5-ad500c5e9446","created":"2023-12-14T19:26:31.981627Z","modified":"2023-12-14T19:26:31.981631Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Star Blizzard December 2023](/references/3d53c154-8ced-4dbe-ab4e-db3bc15bfe4b)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog May 27 2025](/references/e7ea6602-f448-46f2-9ce8-9afbc226807d)]</sup>","group_attack_id":"G3104","group_id":"42219d16-7ed7-4716-b88f-b29a456f0f8d","name":"Void Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a4dddfb4-cc9e-440f-b5a9-889a7ba67fe7","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"71c7fb70-4712-45fc-a906-f458872883a0","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"dd051a24-dab6-426c-8db7-5dc124166c9a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"647f2c66-bc8a-46d9-93dd-7794099326a4","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"6aa640fe-226c-4aae-a680-11bade7b13a3","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8c9e7af3-71d2-4b76-90b9-8f7ae5f8cf68","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8b6b3a65-3b90-41cc-940e-dda763e501c8","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"15824b79-34dd-4d47-b4bc-25d94204f01d","tag":"fe28cf32-a15c-44cf-892c-faa0360d6109"},{"id":"dafbe4f6-54b7-45af-a4c8-c4597d133847","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0f5c23e3-1383-4890-8b13-f41a7060ecd2","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"30b91118-629d-4496-a940-48335a4332e1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"e862419c-d6b6-4433-a02a-c1cc98ea6f9e","name":"EvilGrab","type":"malware","source":"MITRE","software_attack_id":"S0152","tidal_id":"cf608591-a997-5a74-93c9-a08b52077562","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b5628f25-4ca6-452c-90a2-7ccb39eaa107","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e0eaae6d-5137-4053-bf37-ff90bf5767a9","name":"EVILNUM","type":"malware","source":"MITRE","software_attack_id":"S0568","tidal_id":"7e49be92-f0fd-59c2-b49f-51643c92e0e9","created":"2021-01-28T17:24:48.322000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Prevailion EvilNum May 2020](https://app.tidalcyber.com/references/533b8ae2-2fc3-4cf4-bcaa-5d8bfcba91c0)]</sup>","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f2e8cb0d-dd10-4767-bec9-e91e8b2b45d1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e6fec8d3-ad28-44dc-ba5f-33e8b587bc4e","name":"Evil-WinRM","type":"tool","source":"Tidal Cyber","software_attack_id":"S3536","tidal_id":"18f14027-e7ba-57e9-bb7c-1fba5f39e914","created":"2025-09-04T13:58:22.019403Z","modified":"2025-09-04T13:58:22.019406Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"24f51869-e642-4cd1-98e4-9207a460254c","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"636023fc-1125-4400-810d-107ecbee8558","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"14cfde01-7867-42e9-b6c5-33567a6a109d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f96b702b-b7d5-424d-ac5c-32f904fb7651","name":"evteng.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3854","tidal_id":"1fdd6b33-05ba-5a3c-b3b8-ef83b046d6f8","created":"2025-12-29T17:41:09.396957Z","modified":"2025-12-29T17:41:09.396961Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"63122c23-e8a0-444b-9696-915fac6dcc0e","name":"python.exe (older version)","description":"<sup>[[Securelist December 24 2025](/references/f7f6c441-7b98-43fc-b173-2be753d6bf97)]</sup>","source":"USER","associated_software_id":"d785073d-7517-405d-92f6-a381f98853ca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist December 24 2025](/references/f7f6c441-7b98-43fc-b173-2be753d6bf97)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"eab968a9-2530-4efb-83ab-84ed4d891094","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"2692973c-84ef-431e-b1df-4dcac0194bb7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6e6a8423-e777-4a0a-86fa-a16542c4c292","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c773f709-b5fe-4514-9d88-24ceb0dd8063","name":"Exaramel for Linux","type":"malware","source":"MITRE","software_attack_id":"S0401","tidal_id":"bf5ce6cd-0dc6-5fa6-8eb5-8882575564b1","created":"2019-08-26T13:02:46.378000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET TeleBots Oct 2018](https://app.tidalcyber.com/references/56372448-03f5-49b5-a2a9-384fbd49fefc)]</sup><sup>[[ANSSI Sandworm January 2021](https://app.tidalcyber.com/references/5e619fef-180a-46d4-8bf5-998860b5ad7e)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"21569dfb-c9f1-468e-903e-348f19dbae1f","name":"Exaramel for Windows","type":"malware","source":"MITRE","software_attack_id":"S0343","tidal_id":"59604c54-c644-52e5-8446-28cdfc4a4f09","created":"2019-01-30T15:10:03.894000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET TeleBots Oct 2018](https://app.tidalcyber.com/references/56372448-03f5-49b5-a2a9-384fbd49fefc)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"581ce8df-78fd-5e0c-9b62-6fc5deda3167","name":"Exbyte","type":"malware","source":"MITRE","software_attack_id":"S1179","tidal_id":"581ce8df-78fd-5e0c-9b62-6fc5deda3167","created":"2025-04-22T20:46:58.421584Z","modified":"2025-04-22T20:46:58.421587Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) used [Exbyte](https://app.tidalcyber.com/software/581ce8df-78fd-5e0c-9b62-6fc5deda3167) for automated file collection and exfiltration.<sup>[[Symantec BlackByte 2022](https://app.tidalcyber.com/references/965503f6-e5f9-5c98-b0c4-1211e44346d9)]</sup><sup>[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"97eb6856-bcda-406e-bd8e-162a2a6ead8a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"46efd94e-afd2-4536-8525-0619fc56966f","name":"Excel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3342","tidal_id":"b14b68d0-92ce-54c4-ab04-bc370791a341","created":"2024-01-12T14:48:33.532031Z","modified":"2024-01-12T14:48:33.532035Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"55ea10d2-76b8-40ff-928c-2c4f15737702","name":"Excel.exe","description":"<sup>[[Excel.exe - LOLBAS Project](/references/9a2458f7-63ca-4eca-8c61-b6098ec0798f)]</sup>","source":"Tidal Cyber","associated_software_id":"a878dcfe-76d9-435d-8b14-b0490db7e1a8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f26d0816-06d8-46dd-a510-d83d48b3e371","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"eeec6518-e574-4c38-bf14-7270786db264","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"068b26ae-39b5-4b4e-8faa-eb304a17687d","name":"ExMatter","type":"malware","source":"Tidal Cyber","software_attack_id":"S3077","tidal_id":"844d357d-3a2c-528f-8b3e-885c280121f4","created":"2023-09-14T20:18:04.956166Z","modified":"2023-09-14T20:18:04.956172Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[BlackBerry BlackCat Threat Overview](/references/59f98ae1-c62d-460f-8d2a-9ae287b59953)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bfdbba5c-a55e-4f66-a2a6-ff292ee76356","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":"TidalCyberIan"},{"id":"7d8c4ecb-48a2-5973-bdab-a86de4ec2a0b","name":"Exobot","type":"malware","source":"Mobile","software_attack_id":"S0522","tidal_id":"7d8c4ecb-48a2-5973-bdab-a86de4ec2a0b","created":"2026-01-28T13:08:09.938906Z","modified":"2026-01-28T13:08:09.938907Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2f264bf1-749e-58e9-b92c-f5e4c0a48acb","name":"Exodus","type":"malware","source":"Mobile","software_attack_id":"S0405","tidal_id":"2f264bf1-749e-58e9-b92c-f5e4c0a48acb","created":"2026-01-28T13:08:09.937884Z","modified":"2026-01-28T13:08:09.937886Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"0f89c9b1-5e17-4ebc-85d1-c678d9c39b54","name":"Exodus One","description":"<sup>[[SWB Exodus March 2019](https://app.tidalcyber.com/references/006c1d73-342d-5966-8996-8a690a194c64)]</sup>","source":"Mobile","associated_software_id":"3b9ccbbf-8655-56a1-a629-b9d27359ecab","owner_id":null,"owner_name":null},{"id":"a4caed64-07f6-488e-ba82-93b641e61e11","name":"Exodus Two","description":"<sup>[[SWB Exodus March 2019](https://app.tidalcyber.com/references/006c1d73-342d-5966-8996-8a690a194c64)]</sup>","source":"Mobile","associated_software_id":"c2c81e21-c79c-5eee-b414-ea213790b03d","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"5d7a39e3-c667-45b3-987e-3b0ca49cff61","name":"Expand","type":"tool","source":"MITRE","software_attack_id":"S0361","tidal_id":"473fc423-79ce-580e-9189-51ee59b022ea","created":"2019-02-19T19:17:14.971000Z","modified":"2020-03-20T18:43:16.989000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"393f6896-278c-47b8-9ee0-e1c546bf1087","name":"Expand.exe","description":"","source":"Tidal Cyber","associated_software_id":"7ffda0fe-4375-443e-a8c7-df5dabc104f9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"7ee02bf8-33d0-4cac-843b-cf5fa410bdbf","tag":"182dd4be-bbda-404f-aad1-156a22bbe7a4"},{"id":"c4dc0eb4-a3e5-4862-b0b5-a1901efa00e8","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"32a047cc-5a0e-494c-b64d-28e906ee44ee","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"b792d713-fbb4-46e6-94ae-8b9a1f4e794d","name":"Explorer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3221","tidal_id":"58273d3a-4cd8-53ba-8d33-264e0a4fa9fd","created":"2024-01-12T14:47:50.451164Z","modified":"2024-01-12T14:47:50.451169Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"99210c23-bd09-4df1-8545-da1d37a9c2df","name":"Explorer.exe","description":"<sup>[[Explorer.exe - LOLBAS Project](/references/9ba3d54c-02d1-45bd-bfe8-939e84d9d44b)]</sup>","source":"Tidal Cyber","associated_software_id":"f6b34f5e-3bec-4098-98b8-2ea74f184ecc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Www.cloudsek.com January 09 2026](/references/1f12b457-540c-4e11-bd9b-df360a318aa6)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Www.cloudsek.com December 26 2025](/references/0d6e9bfe-9c6c-40ba-9d12-30273b559d13)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Securelist Kimsuky Sept 2013](/references/f26771b0-2101-4fed-ac82-1bd9683dd7da)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 Playbook Dec 2017](/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d583c893-f290-4fa6-baf0-ae00e8dba820","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"afa3dac7-d714-4d89-8027-b56b25b5addd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"572eec55-2855-49ac-a82e-2c21e9aca27e","name":"Explosive","type":"malware","source":"MITRE","software_attack_id":"S0569","tidal_id":"f81d493c-3673-5cfb-aa99-9a3180cb7de8","created":"2021-02-08T21:41:25.501000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CheckPoint Volatile Cedar March 2015](https://app.tidalcyber.com/references/a26344a2-63ca-422e-8cf9-0cf22a5bee72)]</sup><sup>[[ClearSky Lebanese Cedar Jan 2021](https://app.tidalcyber.com/references/53944d48-caa9-4912-b42d-94a3789ed15b)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2e6f1aed-a983-44fb-aed1-b4a3d9cb9488","name":"Extexport","type":"tool","source":"Tidal Cyber","software_attack_id":"S3222","tidal_id":"6c9b55da-0b1a-5e82-a74d-8b939802f687","created":"2024-01-12T14:47:50.820392Z","modified":"2024-01-12T14:47:50.820395Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a864c2cc-2ff2-4c45-a6dd-fef6ad7c7fc1","name":"Extexport.exe","description":"<sup>[[Extexport.exe - LOLBAS Project](/references/2aa09a10-a492-4753-bbd8-aacd31e4fee3)]</sup>","source":"Tidal Cyber","associated_software_id":"ef321c97-a66d-4dbc-8ed6-c002e141ffdc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"11cb7400-8b79-4fc6-ab80-bf01bb90a663","tag":"5b81675a-742a-4ffd-b410-44ce3f1b0831"},{"id":"3b334fbf-2c52-4e6c-b5da-2374104b465c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"3b1d466e-475d-4d41-aa3a-781f5b34380a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"363c38fc-8676-4a63-b3f4-f0237565a951","name":"ExtPassword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3032","tidal_id":"1d0a7ea8-6dbb-534c-9949-9d48957eb806","created":"2023-08-18T18:56:20.259884Z","modified":"2023-08-18T18:56:20.259892Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b269ba00-50c3-4d79-b7f0-15c11ba39b28","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7227fdcd-a05c-432f-9f47-71b3c86abad9","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"ef0cf61b-9049-49b4-ad07-324427dfa4f1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"05660d7c-04ce-4847-88d8-71df4a750be7","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"b32fe3cc-c95d-4e5f-b3d1-67e4d1c2fc4b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cf73ab71-8b32-4183-bdef-22122d6e51ec","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"c3a27c87-6ab4-40ef-9896-8c9b76650e86","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"dbdd0ea2-b05d-441a-b1ce-cfeb61ed26ef","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"01e18e0d-4418-4e34-828b-4f51b1296d3e","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"c8e27205-ae5b-48b2-98ea-a1aa6e70a086","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0a128e43-8b83-4abf-aac4-3905e760f8f4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"53dc0180-0309-4489-af75-9c76b2887359","name":"Extrac32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3223","tidal_id":"203fd233-8eb3-5d4e-9da9-42a849c160f7","created":"2024-01-12T14:47:51.202061Z","modified":"2024-01-12T14:47:51.202065Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"776f532a-3bd6-44eb-870f-a726cc951ba0","name":"Extrac32.exe","description":"<sup>[[Extrac32.exe - LOLBAS Project](/references/ae632afc-336c-488e-81f6-91ffe1829595)]</sup>","source":"Tidal Cyber","associated_software_id":"84483c62-922d-49c5-b688-c106c2496545","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6ed27db2-59dc-4ef8-a792-a97ff2971785","tag":"92092803-19a9-4288-b7fb-08e92e8ea693"},{"id":"957519de-12cf-452d-b09f-6abaafbbc80d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c8a9eaf1-9805-46ee-96c6-757c33383e36","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"cbbba380-bf9d-4c3d-bda6-a808c4ad0113","name":"FaceXInjector","type":"malware","source":"Tidal Cyber","software_attack_id":"S3463","tidal_id":"dd36b20c-6fb1-5a49-8d90-54cf477d821e","created":"2025-04-11T15:33:56.685314Z","modified":"2025-04-11T15:33:56.685318Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8106551d-6deb-4376-8bff-cebfd15cb1cd","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"0e738ead-5245-4b33-af98-000fbc4ef950","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c1b48738-aabe-41bd-8d06-7ba897ce46e8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"42d3deef-36bd-5dd2-918f-0defaff284d1","name":"Fakecalls","type":"malware","source":"Mobile","software_attack_id":"S1080","tidal_id":"42d3deef-36bd-5dd2-918f-0defaff284d1","created":"2026-01-28T13:08:09.938101Z","modified":"2026-01-28T13:08:09.938103Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8c64a330-1457-4c32-ab2f-12b6eb37d607","name":"FakeM","type":"malware","source":"MITRE","software_attack_id":"S0076","tidal_id":"0de410e0-8135-5455-a857-c8bd68b3f292","created":"2017-05-31T21:32:52.470000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]</sup>","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"acbff463-ba1c-4d26-ab99-b9aa47b81c68","name":"FakePenny","type":"malware","source":"Tidal Cyber","software_attack_id":"S3136","tidal_id":"e9a0f927-1397-566e-809d-83e015970f27","created":"2024-06-13T20:12:34.805240Z","modified":"2024-06-13T20:12:34.805247Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog 5 28 2024](/references/faf315ed-71f7-4e29-8334-701da35a69ad)]</sup>","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5802fa23-cbbf-4db7-a563-ca4ff0625f93","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"85015a0a-1da1-4c55-bd44-e02f118e585a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"36d6a808-4613-424e-bfb8-0d21c6f5e9e6","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"83a1e2b6-3beb-4cba-aa61-c488615dfe1b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5f6db68d-dc92-5027-b2ea-5b7762364923","name":"FakeSpy","type":"malware","source":"Mobile","software_attack_id":"S0509","tidal_id":"5f6db68d-dc92-5027-b2ea-5b7762364923","created":"2026-01-28T13:08:09.938428Z","modified":"2026-01-28T13:08:09.938429Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ea47f1fd-0171-4254-8c92-92b7a5eec5e1","name":"FALLCHILL","type":"malware","source":"MITRE","software_attack_id":"S0181","tidal_id":"388b82c6-9b6b-5a57-bd55-9f54e054099f","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT FALLCHILL Nov 2017](https://app.tidalcyber.com/references/045e03f9-af83-4442-b69e-b80f68e570ac)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"997ff740-1b00-40b6-887a-ef4101e93295","name":"FatDuke","type":"malware","source":"MITRE","software_attack_id":"S0512","tidal_id":"eeaa2886-2141-58d4-8446-8279f0f31adc","created":"2020-09-24T13:23:45.162000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2882e00d-816c-4231-8db9-6c9f503253d1","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"8e623e62-524f-43de-934c-3792bfd69d3f","name":"FDMTP","type":"malware","source":"Tidal Cyber","software_attack_id":"S3173","tidal_id":"809f656d-c242-51cc-990d-0f6b833306d4","created":"2024-09-13T19:21:24.153469Z","modified":"2024-09-13T19:21:24.153474Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"34a88b42-da3b-48b8-b5c1-58fa6ed8603a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"62bfa4c5-642e-4ef1-aec2-769ad559a127","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5ad43d06-882d-417e-b86c-3ab09a8c12a3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c66ed8ab-4692-4948-820e-5ce87cc78db5","name":"Felismus","type":"malware","source":"MITRE","software_attack_id":"S0171","tidal_id":"93965e75-70f6-5591-9314-8a011fe8f0a8","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Sowbug Nov 2017](https://app.tidalcyber.com/references/14f49074-fc46-45d3-bf7e-30c896c39c07)]</sup>","group_attack_id":"G0054","group_id":"6632f07f-7c6b-4d12-8544-82edc6a7a577","name":"Sowbug","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4b1a07cd-4c1f-4d93-a454-07fd59b3039a","name":"FELIXROOT","type":"malware","source":"MITRE","software_attack_id":"S0267","tidal_id":"0a32f4ab-983b-54ad-a328-dcd57c526533","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"84b19011-a651-47b7-9d5e-24c8cf54c2ae","name":"GreyEnergy mini","description":"<sup>[[ESET GreyEnergy Oct 2018](https://app.tidalcyber.com/references/f3e70f41-6c22-465c-b872-a7ec5e6a3e67)]</sup>","source":"MITRE","associated_software_id":"78026ff0-63f0-42d8-81de-e02ad8223d68","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"3e54ba7a-fd4c-477f-9c2d-34b4f69fc091","name":"Ferocious","type":"malware","source":"MITRE","software_attack_id":"S0679","tidal_id":"33a8c2be-315c-5771-980e-a9845c8b8a4a","created":"2022-02-01T19:19:26.408000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky WIRTE November 2021](https://app.tidalcyber.com/references/143b4694-024d-49a5-be3c-d9ceca7295b2)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"dae65867-40e9-4b55-846c-2d7e1a649754","name":"FFmpeg","type":"tool","source":"Tidal Cyber","software_attack_id":"S3824","tidal_id":"3d263744-799b-5874-a5f3-be7106be8d9b","created":"2025-12-24T14:57:30.416827Z","modified":"2025-12-24T14:57:30.416830Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7dc9edfd-38b4-4381-80e4-683f68a97e17","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"8829c2b9-2528-47a9-a59c-a037b01ed03f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3a5a61aa-de6d-48f3-8bc1-0f3d7de54eb4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1bbf04bb-d869-48c5-a538-70a25503de1d","name":"Fgdump","type":"tool","source":"MITRE","software_attack_id":"S0120","tidal_id":"f1dc93be-43a0-5c12-af7a-dbb96ad34798","created":"2017-05-31T21:33:10.569000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"014a01de-a091-4263-9352-48bb4920f908","name":"file.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3897","tidal_id":"fc11cb7f-bae7-5b1d-a4fa-8e3a1606dc2f","created":"2026-01-14T13:31:31.747865Z","modified":"2026-01-14T13:31:31.747869Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f84bf897-bc99-459b-972c-b9b98b59cf96","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"2519e4e0-8e11-4577-ba49-49d76bdbff07","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"89fd8ab6-e259-4fb0-9131-06077379bd08","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"042d964b-28c4-4001-957d-30554e5ede6f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8a47227e-f904-4186-bb58-31b9f7c88cb1","name":"FileUtils.java","type":"tool","source":"Tidal Cyber","software_attack_id":"S3568","tidal_id":"293e411c-eb71-5b8a-b8f1-026bbdfd893a","created":"2025-10-07T14:07:35.213177Z","modified":"2025-10-07T14:07:35.213180Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"2f008bb2-de81-4f1f-bd80-e25af3691ad4","name":"SAGEGIFT","description":"<sup>[[Google Cloud Blog 10 09 2025](/references/ec72f924-4cc8-4709-9b07-f343bff55895)]</sup>","source":"USER","associated_software_id":"5f995b1c-77ef-4225-a782-96b865187efa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog 10 09 2025](/references/ec72f924-4cc8-4709-9b07-f343bff55895)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CrowdStrike.com 10 06 2025](/references/b5630f1e-ea9c-4b8a-b31a-08e977f0c8ab)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e7a15b53-c83c-4d88-9522-4bac17624ad2","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"fb4701a6-1a8f-4f97-b98a-037f092e8f53","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"3c18cbdc-d4d1-4e93-9e2b-a74446f805a7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"57a0fe10-9558-477e-8538-ad2f9ac0c88f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f2a6f899-15a8-4d77-bebd-14bc03958764","name":"FileZilla","type":"tool","source":"Tidal Cyber","software_attack_id":"S3033","tidal_id":"b0f662bd-5ce4-51ac-b7d2-6bc5f76e6558","created":"2023-08-18T18:56:20.497491Z","modified":"2023-08-18T18:56:20.497498Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0be78b87-d7fc-4bc0-8437-1e5d9d32dd96","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"3bb5da1d-48a3-4438-918d-c63866a2f2c9","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"b0f0914d-0cdc-4094-8dbd-bbf40ed290e7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"728a766d-cc5e-40ff-bd4a-7d5aa4ff0d06","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"94af4c69-a4b9-4899-a494-1331cc04469e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"5b4964fb-cdf8-4e92-b39d-e47cfd9b7448","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"8aa84ace-eb11-4813-9833-b72bfee2dff2","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c73fbd8d-e4e2-4c38-b6d5-5c5f1deaba78","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"56d14750-6ae9-474a-b845-599439db12ca","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"ceff3564-2676-425e-ac20-39b2d05a2cb8","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"6914eba8-7ddd-4084-8c48-3f6b2fef5408","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"924f93b5-edff-489b-9843-706febb659f0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"065d31da-710e-4b53-b352-f812d6d02f25","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"93cc54bd-fd02-439c-887c-d5b78b4e5541","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"eb4dc358-e353-47fc-8207-b7cb10d580f7","name":"Final1stspy","type":"malware","source":"MITRE","software_attack_id":"S0355","tidal_id":"210da6b3-7f71-554b-9bf8-315362e2c7a8","created":"2019-01-31T00:23:06.022000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 Nokki Oct 2018](https://app.tidalcyber.com/references/4eea6638-a71b-4d74-acc4-0fac82ef72f6)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3b00412d-7146-4b4d-8347-46985e2d9109","name":"FINALDRAFT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3432","tidal_id":"e8b2eea6-907b-5acb-a48f-0c9bbd0fa924","created":"2025-02-18T15:18:33.174084Z","modified":"2025-02-18T15:18:33.174089Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3179","group_id":"66b0f5f6-3377-4f5d-ac79-605dad9221f1","name":"Ink Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4f03abf8-6fc8-429a-a8aa-305765fbd470","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"42be4f40-1189-4e30-8aab-788b3a9b6f9c","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"7d9f7c1b-95cd-41c0-8d6a-3e3f6a01c66f","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"e96f848c-021a-488a-bbd5-0876e8a2c7cb","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"54f56a16-e492-4d32-b6c0-7c26a53e0a59","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"615ef942-441f-4f86-a95d-ab27f6841925","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"654ae996-efeb-4666-8145-a7cb672991c3","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"30083a3b-b022-4cc5-ad75-26f963fddc33","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d0cc9378-bb4d-45c4-8c87-1a0e51e5ae0c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a62634f8-8f42-4874-9669-bea2e053dfea","name":"Findstr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3224","tidal_id":"4a379014-800b-5a35-8314-f41dff3c88e3","created":"2024-01-12T14:47:51.577813Z","modified":"2024-01-12T14:47:51.577818Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"21ce9ebe-477f-449f-ba2b-093f8c440aa7","name":"Findstr.exe","description":"<sup>[[Findstr.exe - LOLBAS Project](/references/fc4b7b28-ac74-4a8f-a39d-ce55df5fca08)]</sup>","source":"Tidal Cyber","associated_software_id":"8c3183d9-da91-449e-94e5-1814bec72c1b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ReliaQuest December 09 2025](/references/d01a6573-49f4-415b-a778-778d08255afd)]</sup>","group_attack_id":"G3175","group_id":"2a834c03-7339-481f-8fcb-787e13f990c6","name":"Storm-0249","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dbbbfec7-a87a-491b-9655-c75a931bea1e","tag":"6ca537bb-94b6-4b12-8978-6250baa6a5cb"},{"id":"c2652b5a-7037-411d-b410-ad4adb5191fa","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c5929a68-431d-43ce-809f-ea75266cfa54","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"55e1f5a4-e2ef-4903-8d30-8e7b9a8aca1e","name":"FINETIDE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3429","tidal_id":"afcbec44-b19a-55b1-8307-e5ca520e8544","created":"2025-02-18T15:18:32.464262Z","modified":"2025-02-18T15:18:32.464266Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cff19b89-77fd-4d7e-92a0-1fedeb0208f4","name":"WhisperPack","description":"<sup>[[Mandiant UNC2589 March 2022](/references/63d89139-9dd4-4ed6-bf6e-8cd872c5d034)]</sup>","source":"Tidal Cyber","associated_software_id":"38d3552e-9342-419f-881e-62cb6ec82bb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d5ec7d15-b061-4756-bc11-72b10071d7ca","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"4d4814a0-4e0f-4397-a687-1f70be4ae8b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4bec1bee-718b-4a52-bbcd-70e1a55d4453","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"41f54ce1-842c-428a-977f-518a5b63b4d7","name":"FinFisher","type":"malware","source":"MITRE","software_attack_id":"S0182","tidal_id":"aff79ed5-b2bf-5bb2-aa60-2d458ffd00d5","created":"2018-01-16T16:13:52.465000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6fcf39ed-347a-48d3-a687-da5bc5484adb","name":"FinSpy","description":"<sup>[[FireEye FinSpy Sept 2017](https://app.tidalcyber.com/references/142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce)]</sup> <sup>[[Securelist BlackOasis Oct 2017](https://app.tidalcyber.com/references/66121c37-6b66-4ab2-9f63-1adb80dcec62)]</sup>","source":"MITRE","associated_software_id":"132b2577-e54e-49d4-8579-963dea48bd6a","owner_id":null,"owner_name":null},{"id":"71018917-9562-40df-9f34-83652a4162e8","name":"FinSpy","description":"<sup>[[FireEye FinSpy Sept 2017](https://app.tidalcyber.com/references/142cf7a3-2ca2-4cf3-b95a-9f4b3bc1cdce)]</sup> <sup>[[Securelist BlackOasis Oct 2017](https://app.tidalcyber.com/references/66121c37-6b66-4ab2-9f63-1adb80dcec62)]</sup>","source":"Mobile","associated_software_id":"132b2577-e54e-49d4-8579-963dea48bd6a","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)]</sup>","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)]</sup>","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"a9ce311d-dd8c-497d-b38f-b535d7318ed4","name":"Finger","type":"tool","source":"Tidal Cyber","software_attack_id":"S3225","tidal_id":"c04a2d4c-25c9-5b25-8675-f2ecae430209","created":"2024-01-12T14:47:51.944586Z","modified":"2024-01-12T14:47:51.944590Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"19edc7d0-ca92-4935-b7ed-483fcc36457c","name":"Finger.exe","description":"<sup>[[Finger.exe - LOLBAS Project](/references/e32d01eb-d904-43dc-a7e2-bdcf42f3ebb2)]</sup>","source":"Tidal Cyber","associated_software_id":"44e3833b-bf22-4adb-9986-95f4e8898f21","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","group_attack_id":"G3213","group_id":"a0202bc8-abe6-42c1-ac84-1dc27b9e322f","name":"KongTuke","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fe1045dd-23a0-4350-ba4d-cfac47147207","tag":"1da4f610-4c54-46a3-b9b3-c38a002b623e"},{"id":"607c36a6-66c6-4c72-b8aa-803662e14428","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"486c81ff-320a-4ba1-a617-f142b38c606d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8a555a47-aff0-4da9-bc1c-d5efbe98c726","name":"FingerprintJS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3701","tidal_id":"5dba255a-5b2a-5ec6-abec-f32744b36931","created":"2025-12-10T14:14:56.368019Z","modified":"2025-12-10T14:14:56.368023Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"26a7e8c9-98e0-49ef-a482-2d26a0163535","name":"FingerprintJS2","description":"<sup>[[Google Cloud Blog November 20 2025](/references/a99c8dce-a85b-404f-8b91-65135de27537)]</sup>","source":"USER","associated_software_id":"1afaf92a-c1c3-455f-9f01-110110b77838","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog November 20 2025](/references/a99c8dce-a85b-404f-8b91-65135de27537)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"090ba58d-67c6-4525-a228-668b7740badd","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5f165aef-e115-4f74-8c30-b61392338ea2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"84187393-2fe9-4136-8720-a6893734ee8c","name":"FIVEHANDS","type":"malware","source":"MITRE","software_attack_id":"S0618","tidal_id":"590f4515-96bd-57e4-ba31-24cfdb66639f","created":"2021-06-04T15:34:01.097000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fb9a65f4-e288-475e-a0a8-3a3ee6fc9c13","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"1301b905-e9db-4c2b-9900-0ce3a2a1d784","tag":"f1ad9eba-f4fd-4aec-92c0-833ac14d741b"},{"id":"9a40a015-db51-4389-b48f-a2b8282c4fde","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"b7b85c31-7fc1-4d5a-ac0d-ae4183fbd445","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0389480a-991c-4ce6-9812-defcf813921f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"0ca34cca-e2c1-5ebc-8814-8e1fb5a5ae8c","name":"FjordPhantom","type":"malware","source":"Mobile","software_attack_id":"S1208","tidal_id":"0ca34cca-e2c1-5ebc-8814-8e1fb5a5ae8c","created":"2026-01-28T13:08:09.938953Z","modified":"2026-01-28T13:08:09.938956Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"977aaf8a-2216-40f0-8682-61dd91638147","name":"Flagpro","type":"malware","source":"MITRE","software_attack_id":"S0696","tidal_id":"2195b745-6cc6-5536-9f22-8d89f734ef0f","created":"2022-03-25T14:58:24.832000Z","modified":"2022-04-01T14:41:47.579000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[NTT Security Flagpro new December 2021](https://app.tidalcyber.com/references/c0f523fa-7f3b-4c85-b48f-19ae770e9f3b)]</sup>","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2b97fbb2-d7f5-4a0a-87b6-1748bfa04207","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"87604333-638f-4f4a-94e0-16aa825dd5b8","name":"Flame","type":"malware","source":"MITRE","software_attack_id":"S0143","tidal_id":"fe519bc1-a0aa-5d7b-968a-bf12911806c5","created":"2017-05-31T21:33:21.973000Z","modified":"2022-10-12T17:51:18.408000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fe1b46e0-98d1-4cf3-a52c-78f3e9e77303","name":"sKyWIper","description":"<sup>[[Kaspersky Flame](https://app.tidalcyber.com/references/6db8f76d-fe38-43b1-ad85-ad372da9c09d)]</sup> <sup>[[Crysys Skywiper](https://app.tidalcyber.com/references/ea35f530-b0fd-4e27-a7a9-6ba41566154c)]</sup>","source":"MITRE","associated_software_id":"9a1c376d-6ef8-4d18-a4ff-e28751d30ae1","owner_id":null,"owner_name":null},{"id":"56020633-950a-4cfb-8399-30ef35250c86","name":"Flamer","description":"<sup>[[Kaspersky Flame](https://app.tidalcyber.com/references/6db8f76d-fe38-43b1-ad85-ad372da9c09d)]</sup> <sup>[[Symantec Beetlejuice](https://app.tidalcyber.com/references/691ada65-fe64-4917-b379-1db2573eea32)]</sup>","source":"ICS","associated_software_id":"4a135c64-23dd-4850-8484-d9805d3663b5","owner_id":null,"owner_name":null},{"id":"76fec1af-907b-4272-add4-5b936222be04","name":"sKyWIper","description":"<sup>[[Kaspersky Flame](https://app.tidalcyber.com/references/6db8f76d-fe38-43b1-ad85-ad372da9c09d)]</sup> <sup>[[Crysys Skywiper](https://app.tidalcyber.com/references/ea35f530-b0fd-4e27-a7a9-6ba41566154c)]</sup>","source":"ICS","associated_software_id":"9a1c376d-6ef8-4d18-a4ff-e28751d30ae1","owner_id":null,"owner_name":null},{"id":"976f7c49-80d1-4d65-8068-884f69ac0ea2","name":"Flamer","description":"<sup>[[Kaspersky Flame](https://app.tidalcyber.com/references/6db8f76d-fe38-43b1-ad85-ad372da9c09d)]</sup> <sup>[[Symantec Beetlejuice](https://app.tidalcyber.com/references/691ada65-fe64-4917-b379-1db2573eea32)]</sup>","source":"MITRE","associated_software_id":"4a135c64-23dd-4850-8484-d9805d3663b5","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"8207f7b8-8c90-4720-9b8f-b5b138e3f272","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"}],"owner_name":null},{"id":"44a5e62a-6de4-49d2-8f1b-e68ecdf9f332","name":"FLASHFLOOD","type":"malware","source":"MITRE","software_attack_id":"S0036","tidal_id":"b600fe6e-b6c9-5039-a53e-f3502aa7c68a","created":"2017-05-31T21:32:28.754000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]</sup>","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"308dbe77-3d58-40bb-b0a5-cd00f152dc60","name":"FlawedAmmyy","type":"malware","source":"MITRE","software_attack_id":"S0381","tidal_id":"2af5e667-e347-57c2-9c64-2c6efe9d084b","created":"2019-05-28T19:07:29.816000Z","modified":"2022-07-18T15:59:26.387000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA505 Mar 2018](https://app.tidalcyber.com/references/44e48c77-59dd-4851-8455-893513b7cf45)]</sup><sup>[[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)]</sup><sup>[[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"738bdc4c-29e6-47ae-9bd6-33d18c729b95","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c558e948-c817-4494-a95d-ad3207f10e26","name":"FlawedGrace","type":"malware","source":"MITRE","software_attack_id":"S0383","tidal_id":"05735762-5e93-58ce-b680-0e7b454c64f7","created":"2019-05-29T14:33:04.253000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8ce0e708-8f28-4c66-be99-cfa7c8e6567a","name":"BARBWIRE","description":"<sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","source":"Tidal Cyber","associated_software_id":"c6731561-3f22-451d-adf8-4b80ef07ce65","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"2a2b141c-7a11-4e3b-9bcc-ba4b20bcab98","name":"GraceWire","description":"<sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","source":"Tidal Cyber","associated_software_id":"70bf0820-6ce7-4877-a668-6583aef5a4c2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Proofpoint TA505 Jan 2019](https://app.tidalcyber.com/references/b744f739-8810-4fb9-96e3-6488f9ed6305)]</sup><sup>[[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)]</sup><sup>[[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Tweet June 17 2020](/references/98fc7485-9424-412f-8162-a69d6c10c243)]</sup>","group_attack_id":"G3012","group_id":"eb10ed9e-ea8d-4b61-bfc3-5994d30970df","name":"Spandex Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"95575a8e-a000-4260-82a7-c8c1ccf53cf1","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"34c4c48f-4367-4786-8e2b-0d8d4a7061f2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"8b4ffcd4-9efe-4a65-a841-c4778f7e7865","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a9675dcd-d47f-492e-a2d3-5222c68cf644","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"68758d3a-ec4b-4c19-933d-b4c3000281b2","name":"FleetDeck","type":"tool","source":"Tidal Cyber","software_attack_id":"S3079","tidal_id":"8b312064-1e69-59d4-b09f-06e95fbe022b","created":"2023-09-14T20:18:05.374768Z","modified":"2023-09-14T20:18:05.374774Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"22473be6-5a16-4341-8af1-1d15d3f7990e","name":"Commander","description":"","source":"Tidal Cyber","associated_software_id":"6f5b39e8-5c52-478c-b9f6-89822c43d859","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CrowdStrike Scattered Spider SIM Swapping December 22 2022](/references/e48760ba-2752-4d30-8f99-152c81f63017)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cyber Centre ALPHV/BlackCat July 25 2023](/references/610c8f22-1a96-42d2-934d-8467d136eed2)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"68893ea2-5f1a-4272-a8c9-8aa4ecf27596","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"29b1b519-b31f-4f1d-855f-c887c614c202","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"2613f7b2-6732-4399-b272-4c7418546d80","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"095da22e-b1bd-4d77-9753-7971bb64879f","name":"FlexibleFerret","type":"malware","source":"Tidal Cyber","software_attack_id":"S3707","tidal_id":"a0ef7318-0870-5253-aae4-93514db469b2","created":"2025-12-10T14:14:57.423756Z","modified":"2025-12-10T14:14:57.423760Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[jamf FlexibleFerret November 25 2025](/references/9e21c538-cfd1-41c4-a188-443900b4fa19)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[jamf FlexibleFerret November 25 2025](/references/9e21c538-cfd1-41c4-a188-443900b4fa19)]</sup>","group_attack_id":"G1052","group_id":"b436d32f-2667-5e00-a3d8-f58d2d5666d4","name":"Contagious Interview","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f00ef145-a10b-42eb-b598-2c27fe4e26e0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"51956453-2031-4c6e-a9a2-563ee9c16266","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1239e4d0-e436-574f-8777-98e0e626a5e3","name":"FlexiSpy","type":"tool","source":"Mobile","software_attack_id":"S0408","tidal_id":"1239e4d0-e436-574f-8777-98e0e626a5e3","created":"2026-01-28T13:08:09.939483Z","modified":"2026-01-28T13:08:09.939485Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"18002747-ddcc-42c1-b0ca-1e598a9f1919","name":"FLIPSIDE","type":"malware","source":"MITRE","software_attack_id":"S0173","tidal_id":"c439ddf9-6551-58ba-8ee8-daa6e64939dc","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup>","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c485b883-b03a-566e-88a8-e96a0467e98d","name":"FlixOnline","type":"malware","source":"Mobile","software_attack_id":"S1103","tidal_id":"c485b883-b03a-566e-88a8-e96a0467e98d","created":"2026-01-28T13:08:09.937569Z","modified":"2026-01-28T13:08:09.937571Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"43d57826-cd15-4154-8f04-38351c96986e","name":"fltMC","type":"tool","source":"Tidal Cyber","software_attack_id":"S3226","tidal_id":"b417f45f-c4ff-5dd8-a953-14e0a51caca1","created":"2024-01-12T14:47:52.323956Z","modified":"2024-01-12T14:47:52.323960Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2b283bd4-c8d1-4899-94b2-dab6b258138d","name":"fltMC.exe","description":"<sup>[[fltMC.exe - LOLBAS Project](/references/cf9b4bd3-92f0-405b-85e7-95e65d548b79)]</sup>","source":"Tidal Cyber","associated_software_id":"91939985-db0a-4ba9-9fd7-9785615cc0f4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"61aed4c2-0e1e-47d7-ae97-2a8330f2ecd7","tag":"49bbb074-2406-4f27-ad77-d2e433ba1ccb"},{"id":"c1beb55a-3fc8-420f-aaea-4471ef90e353","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a55e4d41-abfb-40e8-b75c-d3184f67d791","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"29682460-a6d8-5ff1-aba7-cba68aae1841","name":"FluBot","type":"malware","source":"Mobile","software_attack_id":"S1067","tidal_id":"29682460-a6d8-5ff1-aba7-cba68aae1841","created":"2026-01-28T13:08:09.939191Z","modified":"2026-01-28T13:08:09.939192Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b1a2cf29-2444-55ab-8f85-0ed22776b88e","name":"FlyTrap","type":"malware","source":"Mobile","software_attack_id":"S1093","tidal_id":"b1a2cf29-2444-55ab-8f85-0ed22776b88e","created":"2026-01-28T13:08:09.938412Z","modified":"2026-01-28T13:08:09.938414Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d9bfc4ee-16be-43d5-befd-ea66642ecc92","name":"fm.js (React File Manager web shell)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3748","tidal_id":"ee041e94-4be7-51ad-8737-ec7c7f26e718","created":"2025-12-17T14:18:49.023241Z","modified":"2025-12-17T14:18:49.023245Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"c1d64838-2c86-47ac-852d-8c735ea15342","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8879c4b5-e61a-4c7a-b214-586be836ed59","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"bc11844e-0348-4eed-a48a-0554d68db38c","name":"FoggyWeb","type":"malware","source":"MITRE","software_attack_id":"S0661","tidal_id":"8569b7d2-ae38-5fea-8682-675e73bd7dd1","created":"2021-11-16T14:33:46.321000Z","modified":"2022-04-15T16:34:44.709000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC FoggyWeb September 2021](https://app.tidalcyber.com/references/1ef61100-c5e7-4725-8456-e508c5f6d68a)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d7869357-3480-4445-9f66-0ecbf0305111","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"3480069a-13eb-4f1e-9967-57ecac415c52","name":"Fog Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3146","tidal_id":"a2c07726-168d-5e9f-8b73-73f01b538951","created":"2024-08-02T14:59:33.575149Z","modified":"2024-08-02T14:59:33.575153Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"97438dc9-3c5e-45fe-896d-da50613ed908","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"7f98862a-9fc3-4829-b7bf-91f459121637","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"b4f5dffa-4a1e-4c1c-a9aa-00f449395344","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"a53acb5c-db20-4f07-9527-f11e54a446f6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"be89739c-d4e8-40cf-800b-9a7ba453ac79","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2bd5918a-cc05-45ed-a105-40069f00ced5","name":"Fooder","type":"malware","source":"Tidal Cyber","software_attack_id":"S3726","tidal_id":"da9b87c7-cd49-5c91-8acf-017efa1cf7b8","created":"2025-12-10T14:15:00.939927Z","modified":"2025-12-10T14:15:00.939930Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"34a48228-c8b6-4a65-a155-9e200a59a968","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"aacb5efd-c413-494f-a493-4b77f4d8f4cf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a4242c31-4bf4-4852-aaf3-92d695203e39","name":"ForestTiger","type":"malware","source":"Tidal Cyber","software_attack_id":"S3503","tidal_id":"d8238525-bd01-5b28-9cfc-2bb38e5d2b10","created":"2025-07-01T19:42:15.694572Z","modified":"2025-07-01T19:42:15.694590Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft TeamCity Exploit Campaign October 18 2023](/references/d6dc556c-dbf2-4272-a550-14f5292c4fd4)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"82f5dc65-01c0-40a0-8b2a-ae5fc8753b96","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0c4c01be-9eb2-49eb-801c-de312cdadd03","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"dfce07aa-4046-4040-8e41-21754719daeb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c6dc67a6-587d-4700-a7de-bee043a0031a","name":"Forfiles","type":"tool","source":"MITRE","software_attack_id":"S0193","tidal_id":"acb31a67-45db-5556-b199-d7d4ee005f19","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[{"id":"22141301-25e2-43de-a956-99b453421dec","name":"Forfiles.exe","description":"","source":"Tidal Cyber","associated_software_id":"f283d74b-b2fe-4974-8dc2-d33c93575b2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Überwachung APT28 Forfiles June 2015](https://app.tidalcyber.com/references/3b85fff0-88d8-4df6-af0b-66e57492732e)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e6287952-3c66-46c8-9f54-f75ce682f137","tag":"91804406-e20a-4455-8dbc-5528c35f8e20"},{"id":"dd0901bf-218d-4ccf-8e88-efea7438dbf6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"599aee63-0607-4a81-826f-ff93478f6c2a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"376d1383-17a7-48b0-8a8b-d6142b2f3003","name":"Formbook (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3003","tidal_id":"681d1389-448b-5a51-b76c-efd9800f3d6e","created":"2024-06-13T20:12:25.453670Z","modified":"2024-06-13T20:12:25.453674Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"47b76191-02d0-4a9f-a4ea-b1f798a84c7a","name":"Xloader","description":"<sup>[[Cyble July 01 2022](/references/1b0e143a-3c5d-4445-9a99-8e42815130ac)]</sup>","source":"Tidal Cyber","associated_software_id":"c5fbcaee-0ab6-4d61-829b-5a3fb4846fc3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c2a83e1c-21d8-43df-b0ef-57eb7ef1ac31","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"254864df-c2ec-4fe0-9b60-5d68b4e61c24","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"467bcb35-433e-4547-960b-461c18733e67","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"add2d48d-b105-4b90-9a0d-354099da1360","name":"Foxit PDF Reader","type":"tool","source":"Tidal Cyber","software_attack_id":"S3733","tidal_id":"ed89c325-ad41-59a1-95eb-fe4a7c948fee","created":"2025-12-10T14:15:03.559972Z","modified":"2025-12-10T14:15:03.559977Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5dc87afa-ce17-41f6-a7cc-65a727fdb1bc","name":"FoxitPDFReader.exe","description":"<sup>[[Trend Micro December 03 2025](/references/9ef527df-db8d-421e-82b4-2f50c8ab50f8)]</sup>","source":"USER","associated_software_id":"c85036b7-fecb-4ae7-800e-fafe6865b93a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2970631e-e9b4-40f7-bbba-dec590bdceb1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a505fb57-1580-461e-accb-79a467ede1b5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"79fc1187-8d61-4cee-80b0-4ef92bb03453","name":"FOXTROT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3522","tidal_id":"4333b935-d1e6-5951-a946-08f908fbc02e","created":"2025-08-28T19:35:47.651501Z","modified":"2025-08-28T19:35:47.651504Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"5c94af49-3750-4da7-b814-6fadafcdba7d","name":"FOXGLOVE","description":"<sup>[[Mandiant UNC4841 August 29 2023](/references/f990745d-06c1-4b0a-8394-66c7a3cf0818)]</sup>","source":"Tidal Cyber","associated_software_id":"d5f99fed-893d-43cf-8f18-8e10188bec88","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Mandiant UNC4841 August 29 2023](/references/f990745d-06c1-4b0a-8394-66c7a3cf0818)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a3000b42-4ae0-473b-a70b-b902be30c741","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8be169e8-ed9d-49f4-9762-878b055ce268","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f8f6480e-0ecd-4c72-81ba-2e2d94281549","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"83721b89-df58-50bf-be2a-0b696fb0da78","name":"FRAMESTING","type":"malware","source":"MITRE","software_attack_id":"S1120","tidal_id":"7ea8be5b-5b1c-5295-9026-a03f812fdbe8","created":"2024-04-25T13:28:21.188411Z","modified":"2024-04-25T13:28:21.188415Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"aef7cbbc-5163-419c-8e4b-3f73bed50474","name":"FrameworkPOS","type":"malware","source":"MITRE","software_attack_id":"S0503","tidal_id":"544639a0-2a8b-5e02-9494-943d3fb11b84","created":"2020-09-08T14:55:46.094000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[{"id":"0a491f01-4378-4cec-838e-a67d63820a95","name":"Trinity","description":"<sup>[[SentinelOne FrameworkPOS September 2019](https://app.tidalcyber.com/references/054d7827-3d0c-40a7-b2a0-1428ad7729ea)]</sup>","source":"MITRE","associated_software_id":"ebc42f24-1194-4e44-baa2-50dfa222162e","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[SentinelOne FrameworkPOS September 2019](https://app.tidalcyber.com/references/054d7827-3d0c-40a7-b2a0-1428ad7729ea)]</sup><sup>[[Crowdstrike Global Threat Report Feb 2018](https://app.tidalcyber.com/references/6c1ace5b-66b2-4c56-9301-822aad2c3c16)]</sup><sup>[[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1d5c5822-3cb4-455a-9976-f6bc17e2820d","name":"FreeFileSync","type":"tool","source":"Tidal Cyber","software_attack_id":"S3034","tidal_id":"2ff0dc30-cb3f-5322-a9f1-bd648f9e0ad5","created":"2023-08-18T18:56:20.760292Z","modified":"2023-08-18T18:56:20.760300Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"045a43cb-c125-4156-b9eb-5080ab8ec8a0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"93d13afc-d2b3-4a89-a4e8-c855ec1ef775","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"8994083f-8b74-4f62-95bd-bad01f64172f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6d740b6a-d67e-4083-99ed-55ef3f9a784f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"51b87720-6b0c-46f1-a902-5854c7e461a1","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"c0eeba93-a910-4d48-b028-13f6491c738a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"2afffddf-951a-4463-8020-aee512531619","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"11672701-f017-4295-8629-ba3deafa3534","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"35a49f93-69ea-4960-ac44-0c81bcbde581","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"1601cdcb-dc0d-4f9b-83b5-ec4f0efc2706","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b39272aa-050d-4223-907e-a6fc3bfe3f12","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"84b657f9-42b9-400c-a6a1-4433319a506f","name":"FrostyFerret","type":"malware","source":"Tidal Cyber","software_attack_id":"S3671","tidal_id":"bc03f7f4-bc4d-5428-b935-843c3110c2ae","created":"2025-12-10T14:14:51.594860Z","modified":"2025-12-10T14:14:51.594864Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"1fd0775e-e8d3-403d-ba89-b50af66ba293","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b7d247e9-57c2-4f6a-8c9c-3ed035a4e57a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c7873892-0a29-59fe-aafc-0bbc8246a07f","name":"FrostyGoop","type":"malware","source":"ICS","software_attack_id":"S1165","tidal_id":"c7873892-0a29-59fe-aafc-0bbc8246a07f","created":"2026-01-28T13:08:18.118980Z","modified":"2026-01-28T13:08:18.118982Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"}],"associated_software":[{"id":"408af5ee-5036-41ff-8450-501e204e78ef","name":"BUSTLEBERM","description":"<sup>[[Nozomi BUSTLEBERM 2024](https://app.tidalcyber.com/references/d8a5e49e-7d1c-54eb-92dc-273adb930c20)]</sup>","source":"ICS","associated_software_id":"acc366fd-0d36-5a9f-abaa-654bb047f7fb","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"09d61edf-9a9b-5ce6-8437-0c6041a41004","name":"FrozenCell","type":"malware","source":"Mobile","software_attack_id":"S0577","tidal_id":"09d61edf-9a9b-5ce6-8437-0c6041a41004","created":"2026-01-28T13:08:09.938523Z","modified":"2026-01-28T13:08:09.938525Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1028","group_id":"e3c5164e-49cf-5bb1-955d-6775585abb14","name":"APT-C-23","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"5d83dd11-3928-5d7e-a50c-5c06594a5229","name":"FRP","type":"tool","source":"MITRE","software_attack_id":"S1144","tidal_id":"5d83dd11-3928-5d7e-a50c-5c06594a5229","created":"2024-10-31T16:28:08.852228Z","modified":"2024-10-31T16:28:08.852231Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd257f4c-d5a8-41f9-8d2f-a4e6ec75ef7a","name":"xfrpc","description":"<sup>[[Huntress December 09 2025](/references/daa411cf-b40b-445a-81f8-7b851ef15e00)]</sup>","source":"USER","associated_software_id":"44089ed6-2497-46ce-a7bd-1d0632e2c0eb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[RedCanary Mockingbird May 2020](https://app.tidalcyber.com/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]</sup>","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)]</sup><sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]</sup>","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"850344d3-1d6c-458c-9639-b0e6b76cf7cd","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"a31fa1e1-d7f9-415f-9d10-7ce06552cdc3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"31325d70-090e-4444-82b6-365d46a7da53","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"3a05085e-5a1f-4a74-b489-d679b80e2c18","name":"FruitFly","type":"malware","source":"MITRE","software_attack_id":"S0277","tidal_id":"57bde159-fa1e-5255-9c6b-2981bf9d0cb1","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ecd42c9a-d046-454b-bc4d-47a2e407812b","name":"fscan","type":"tool","source":"Tidal Cyber","software_attack_id":"S3524","tidal_id":"9ff98aab-3414-5214-9dc7-4e6634b94824","created":"2025-08-28T19:35:47.944705Z","modified":"2025-08-28T19:35:47.944707Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog March 21 2024](/references/efba67c7-a481-44de-84bd-cf74bc946f6e)]</sup>","group_attack_id":"G3078","group_id":"21df749a-1e70-4c11-921c-071a61d9a900","name":"UNC5174","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7215bf05-de36-4a3c-9c97-d2a7dcd7bf0a","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ad07b0ca-fb6a-4713-84b6-aafb75ecf709","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"992f984f-1f9e-48ae-b5b5-57aaf4228b5c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"07c8d9dc-a3e7-4be5-ad8f-f035494a2249","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f2a5e6cb-75fd-4108-9466-80471c7d0422","name":"Fsi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3343","tidal_id":"40989383-485b-505c-b1d0-9db2f31bedf7","created":"2024-01-12T14:48:33.897840Z","modified":"2024-01-12T14:48:33.897844Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"782590b4-0cc8-45bc-8e64-1960e42d68e9","name":"Fsi.exe","description":"<sup>[[Fsi.exe - LOLBAS Project](/references/4e14e87f-2ad9-4959-8cb2-8585b67931c0)]</sup>","source":"Tidal Cyber","associated_software_id":"33c9b15d-da72-49ab-b5a3-918c93ea5208","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET ComRAT May 2020](/references/cd9043b8-4d14-449b-a6b2-2e9b99103bb0)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2e9d0eaa-6667-4ca3-a550-f7cd5b33ecc8","tag":"7a4b56fa-5419-411b-86fe-68c9b0ddd3c5"},{"id":"bad24647-3fe2-41f2-a692-12fe1d9fca20","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d9e2c7f3-c3fe-4a21-802a-2cc73fef1d57","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9e5c41bb-f4cc-4132-8c7a-4a10a006190b","name":"FsiAnyCpu","type":"tool","source":"Tidal Cyber","software_attack_id":"S3344","tidal_id":"c31a8263-b3f8-5b7b-8753-140746c15954","created":"2024-01-12T14:48:34.288004Z","modified":"2024-01-12T14:48:34.288008Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8a4048e4-028a-434b-bb75-edac8aefe948","name":"FsiAnyCpu.exe","description":"<sup>[[FsiAnyCpu.exe - LOLBAS Project](/references/87031d31-b6d7-4860-b11b-5a0dc8774d92)]</sup>","source":"Tidal Cyber","associated_software_id":"0c8284cf-4e6f-4660-9381-76c08e0a6244","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b008aeb6-f43f-4176-9dc1-7c2aa723fbab","tag":"c5d1a687-8a36-4995-b8cb-415f33661821"},{"id":"d70a44c9-6837-4fe8-94fe-9d1c896e4184","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"231cb758-8f3d-4b3f-9d0f-620390dc4aff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7a829dae-00cf-4321-95b4-276f7dfb5368","name":"Fsutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3228","tidal_id":"8d8c1922-2b73-5c82-a399-17e66bdb98b1","created":"2024-01-12T14:47:52.690433Z","modified":"2024-01-12T14:47:52.690436Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0d16f928-f08a-450b-8980-60f0e13abf2a","name":"Fsutil.exe","description":"<sup>[[Fsutil.exe - LOLBAS Project](/references/e2305dac-4245-4fac-8813-69cb210e9cd3)]</sup>","source":"Tidal Cyber","associated_software_id":"142b3451-bb26-4bb2-8d22-58cccd0f52ee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"4fe10d11-4f18-490c-9b52-35cc665ade96","tag":"76bb7541-94da-4d66-9a57-77f788330287"},{"id":"8443643b-0732-4c6a-9c2b-e2cb66f48286","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"433c461d-4027-4e0d-aa47-bc8f35f09b4e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"062deac9-8f05-44e2-b347-96b59ba166ca","name":"ftp","type":"tool","source":"MITRE","software_attack_id":"S0095","tidal_id":"9bb3879f-1ea5-57ab-9a43-73a5ddf709a1","created":"2017-05-31T21:33:00.565000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e512e0ec-ff37-49ef-ac82-3b6892f3ebd2","name":"ftp.exe","description":"","source":"MITRE","associated_software_id":"4cce70d6-bf60-4943-9342-a9f3f306aea0","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FBI FLASH APT39 September 2020](https://app.tidalcyber.com/references/76869199-e9fa-41b4-b045-41015e6daaec)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 March 2020](https://app.tidalcyber.com/references/e4d7c8f6-e202-4aac-b39d-7b2c9c5ea48d)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Palo Alto OilRig Oct 2016](https://app.tidalcyber.com/references/14bbb07b-caeb-4d17-8e54-047322a5930c)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"81468e2a-f77f-4892-8285-4d5d1c10c684","tag":"95d37388-4e95-4d7f-96ba-99d94c842299"},{"id":"1a3922db-0616-4c54-adbc-71d03e1a0a58","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5bdf46a2-e5fb-48e5-9132-0205ded2f189","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"b083b702-3f3f-4deb-b3f2-ce163014f7b5","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"ab6ebd5a-05e3-49b7-93f2-d8cb83a86c28","name":"FudModule","type":"malware","source":"Tidal Cyber","software_attack_id":"S3388","tidal_id":"8bc8fe68-2b01-5bd0-a1d1-17f7b22e23fe","created":"2024-10-04T20:33:21.681540Z","modified":"2024-10-04T20:33:21.681546Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"720a8dfd-0757-45c7-9e52-f6bed0760aaa","tag":"95b66dc5-2f49-4b82-8f03-c3eaa579085b"},{"id":"f2daf22e-1966-4c2a-a840-f18c36b70c4f","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"6432a383-1391-46bf-b9b7-4e7ac4643f4f","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"cb476e0f-189e-4984-ac8c-dea13dd2b076","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"837dc614-b6a0-4cdf-b48b-dfa5d5a01534","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"72ce513a-6b47-437e-95b3-7ce8d44c6f2a","name":"FunkSec Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3417","tidal_id":"a78a386b-48bd-5f3c-af2e-db7284cb2a79","created":"2025-01-16T18:38:07.996918Z","modified":"2025-01-16T18:38:07.996923Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4e1de381-e1dd-4b56-aa6b-8086c3780095","name":"FunkLocker","description":"<sup>[[ANY.RUN's Cybersecurity Blog 10 01 2025](/references/87535fb7-8916-494e-94ff-cf28c125f0b4)]</sup>","source":"USER","associated_software_id":"b2d33963-5a14-4705-a022-5f3ea512935b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Check Point Research January 10 2025](/references/8f64819e-dc3d-48da-a84d-14eaacb0d61e)]</sup>","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f1dfab9e-c7b7-43b8-95ec-765b06f75cdb","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"b8c53063-736d-45c1-9fd0-d3556db15ab7","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0cfbbac2-0100-48ed-a15f-83178d9dfb18","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"c4decc26-ca64-4643-95e6-493f228d3fbb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb3b07a4-64c3-407e-98b5-1d1e0b535a43","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d0490e1d-8287-44d3-8342-944d1203b237","name":"FunnyDream","type":"malware","source":"MITRE","software_attack_id":"S1044","tidal_id":"1e49740e-3255-5866-95e5-e368b16b0bbc","created":"2022-09-23T14:26:54.392000Z","modified":"2022-10-11T12:33:19.525000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"148fa35e-bf01-42a2-af9c-c914bf2f20af","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"7fc59031-d83e-5331-89a4-24eeaf50c302","name":"Fuxnet","type":"malware","source":"ICS","software_attack_id":"S1157","tidal_id":"7fc59031-d83e-5331-89a4-24eeaf50c302","created":"2026-01-28T13:08:18.118947Z","modified":"2026-01-28T13:08:18.118949Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"be9a2ae5-373a-4dee-9c1e-b54235dafed0","name":"FYAnti","type":"malware","source":"MITRE","software_attack_id":"S0628","tidal_id":"62b59da1-b19c-5af0-a676-ac7694aa4cc0","created":"2021-06-22T14:20:30.164000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9b823ac5-5613-4665-a62e-5635e951e8ba","name":"DILLJUICE stage2","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"b9e7470c-e179-4efd-b472-ba146d8cf8fa","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"317a7647-aee7-4ce1-a8f8-33a61190f55d","name":"Fysbis","type":"malware","source":"MITRE","software_attack_id":"S0410","tidal_id":"5f1adc2e-c879-5b08-a63b-42d501a8cff7","created":"2019-09-12T17:40:38.303000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Fysbis Palo Alto Analysis](https://app.tidalcyber.com/references/3e527ad6-6b56-473d-8178-e1c3c14f2311)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"029768d5-814e-4c75-a1a8-2cf7c9810b57","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5c6feb32-adeb-4b00-8947-2793c772c77d","name":"GachiLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3846","tidal_id":"72486c6c-978f-5f7b-b76f-6d57988d2511","created":"2025-12-29T17:41:08.194764Z","modified":"2025-12-29T17:41:08.194767Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"9f46d239-4cea-4261-b30b-5923d500fe60","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"cb622654-edca-4079-b6e1-bb2f1a023308","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"13c094bd-7638-4925-b160-8b5069e18aad","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"ef75c0f1-ccc6-4b82-9202-3f268120cf72","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"2448ca70-4d80-4887-b32a-73bde754be64","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"089cc5e5-c355-4d6b-ac7f-c8b17e4b6aef","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"eea2dc4b-0ec9-4449-842a-6c2a242105ef","name":"Gafgyt","type":"malware","source":"Tidal Cyber","software_attack_id":"S3876","tidal_id":"da2637ad-3c41-519f-a55e-d3616dd8e93d","created":"2026-01-06T18:05:06.774922Z","modified":"2026-01-06T18:05:06.774926Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"909663cf-3f0c-45c1-bf16-59ed3352a949","name":"Bashlite","description":"<sup>[[Securitylabs.datadoghq.com January 10 2024](/references/3187efae-3db0-4a0b-a626-b6e244fc6597)]</sup>","source":"USER","associated_software_id":"e6827569-bc11-4094-94e9-0f523230de6b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e46dbf15-fe38-4ec7-b2bf-caa97a664096","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"7f70b1a4-5f85-4c75-9370-4a06afad9a35","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"a172f0b5-3945-4318-a5db-292e7e0ed55c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8c5064f9-accb-476e-a490-3bad16ead27a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cac54152-17ad-4bb9-a412-53a35af1e95a","name":"Gamarue","type":"malware","source":"Tidal Cyber","software_attack_id":"S3387","tidal_id":"8d3b9416-9602-563e-9163-1924b540e33a","created":"2024-09-27T17:01:39.329740Z","modified":"2024-09-27T17:01:39.329744Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e0477630-ae75-4bc4-bc54-e28830429162","tag":"ca440076-2a36-405a-bf4c-d4529e91b641"},{"id":"fb6bdeb7-89c2-46b7-9c83-5a07edacf86b","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"8b34d33c-c9af-4f57-ac8e-85c78941f856","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"9512517f-1636-45c9-a8c7-ba0b77227d3f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1b137f10-5f0b-485a-9d34-0df9dbe0dea6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8e9b48d2-cce3-40d9-b53c-f17367e5a0a4","name":"Gamshen","type":"malware","source":"Tidal Cyber","software_attack_id":"S3538","tidal_id":"c2fa67bc-fc09-58bc-be81-a9a4d3328b07","created":"2025-09-10T16:39:28.733191Z","modified":"2025-09-10T16:39:28.733195Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2e2f66a4-9be3-4eec-992a-50f1d381e835","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"35da92f6-358a-4eab-a88d-e054e13c5bc6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9e287c72-f9aa-463a-b522-d0706a9509aa","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7f92f342-5cff-491f-961a-62d337a99c2a","name":"GateKeeper .NET Payload","type":"malware","source":"Tidal Cyber","software_attack_id":"S3980","tidal_id":"41237234-1d8d-5276-81a5-f428515088eb","created":"2026-01-23T20:31:11.527924Z","modified":"2026-01-23T20:31:11.527928Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","group_attack_id":"G3213","group_id":"a0202bc8-abe6-42c1-ac84-1dc27b9e322f","name":"KongTuke","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d56744e2-bfae-4e75-ab40-821e733d3b73","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"6b0bba94-12ac-487c-b756-9bcfc9d5a9d1","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"02fd1c90-43f2-41a3-8930-f5b1f7dcb7ee","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"280e266c-ccde-43eb-a72b-6ff993eb0942","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0a18e82f-cb09-469a-b8cc-32822c8178fd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7a60b984-b0c8-4acc-be24-841f4b652872","name":"Gazer","type":"malware","source":"MITRE","software_attack_id":"S0168","tidal_id":"94e50baa-5900-5f96-9d37-4d67e5b71118","created":"2018-01-16T16:13:52.465000Z","modified":"2020-12-04T21:07:22.870000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7305624a-c600-4135-a190-b558e98e1810","name":"WhiteBear","description":"The term WhiteBear is used both for the activity group (a subset of G0010) as well as the malware observed. Based on similarities in behavior and C2, WhiteBear is assessed to be the same as S0168. <sup>[[Securelist WhiteBear Aug 2017](https://app.tidalcyber.com/references/44626060-3d9b-480e-b4ea-7dac27878e5e)]</sup><sup>[[ESET Crutch December 2020](https://app.tidalcyber.com/references/8b2f40f5-7dca-4edf-8314-a8f5bc4831b8)]</sup>","source":"MITRE","associated_software_id":"24e22e4a-0c90-48e6-94ed-f212b21f7212","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[ESET Gazer Aug 2017](https://app.tidalcyber.com/references/9d1c40af-d4bc-4d4a-b667-a17378942685)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"684ab077-afdf-4dd8-aa77-84b4573b6084","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4fcd2c40-b5a6-452b-8052-89e0449ac6ed","name":"gdrive","type":"tool","source":"Trellix TIG","software_attack_id":"S3427","tidal_id":"79a0494d-a85c-57ee-a800-afe354626d85","created":"2025-04-11T15:06:46.208765Z","modified":"2025-04-11T15:06:46.208769Z","platforms":[],"associated_software":[{"id":"153e45cd-7d97-4449-9c05-aae003c2119c","name":"Google Drive CLI Client","description":"","source":"Trellix TIG","associated_software_id":"19536c37-71d2-4ae7-9021-63c981fc011c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"a6f3ae95-b961-410a-b190-8b3542532104","name":"Gedit","type":"malware","source":"Tidal Cyber","software_attack_id":"S3965","tidal_id":"7835e902-d473-5936-91c0-78d82c7ab65b","created":"2026-01-23T20:31:09.291406Z","modified":"2026-01-23T20:31:09.291409Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","group_attack_id":"G3210","group_id":"abc6d74d-e425-4181-93ed-bb16f911871b","name":"Donot Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"83dcf510-d681-425a-b8d9-75e3e77293a1","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"342f43c1-eabe-4989-b634-214efa709ff3","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"642586aa-e9d9-4dd8-ac5e-6e41a8bbd4a6","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"112ad9ea-0739-41d5-8fba-ac33a8215a62","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"bb899ce4-c8fd-416f-9e15-6b257087eacb","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"f3874da9-0813-4b03-856d-894528653e37","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"37874544-388c-409f-b848-6e7e19e5327b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2f3f9094-e869-4a33-81a1-efa06667216c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9a117508-1d22-4fea-aa65-db670c13a5c9","name":"Gelsemium","type":"malware","source":"MITRE","software_attack_id":"S0666","tidal_id":"82b2fea7-f859-5070-9cbb-88074707c9d8","created":"2021-11-30T19:02:16.138000Z","modified":"2022-05-06T19:37:01.617000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8a9e7456-838a-4c38-99f8-385d82e1a549","name":"Gelsemine","description":"<sup>[[ESET Gelsemium June 2021](https://app.tidalcyber.com/references/ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5)]</sup>","source":"MITRE","associated_software_id":"2f00732c-43a7-4253-a5eb-990d8466eb01","owner_id":null,"owner_name":null},{"id":"6add24ca-d391-4416-8283-c7bb5f8209c6","name":"Gelsenicine","description":"<sup>[[ESET Gelsemium June 2021](https://app.tidalcyber.com/references/ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5)]</sup>","source":"MITRE","associated_software_id":"86499f47-083e-47a5-ad8c-032f54f26359","owner_id":null,"owner_name":null},{"id":"0ae9e896-aee3-44bf-b53d-2b4556620f27","name":"Gelsevirine","description":"<sup>[[ESET Gelsemium June 2021](https://app.tidalcyber.com/references/ea28cf8c-8c92-48cb-b499-ffb7ff0e3cf5)]</sup>","source":"MITRE","associated_software_id":"b270fcf2-72ea-41c5-89fe-addb6cefd547","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"97f32f68-dcd2-4f80-9967-cc87305dc342","name":"GeminiDuke","type":"malware","source":"MITRE","software_attack_id":"S0049","tidal_id":"6b12afed-2c16-5368-9611-60253ddb5682","created":"2017-05-31T21:32:36.177000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a997aaaf-edfc-4489-80a9-3f8d64545de1","name":"Get2","type":"malware","source":"MITRE","software_attack_id":"S0460","tidal_id":"4940c036-2228-509f-b4df-9414ddafef3f","created":"2020-05-29T20:32:42.686000Z","modified":"2021-04-29T14:49:39.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c14e9eda-d6a4-44a4-a57f-e6f63dc07217","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"496b3660-6d8f-41f8-97ef-6d80d80aa99e","name":"get_browser_pass.py","type":"malware","source":"Tidal Cyber","software_attack_id":"S3840","tidal_id":"9d45b1bf-5385-5011-98d6-6ae072e27e29","created":"2025-12-29T17:41:07.239893Z","modified":"2025-12-29T17:41:07.239897Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b65a5810-570e-48e3-8a29-42a069f0ddd6","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"96e7843c-ce92-4404-ac7e-5c8993a749f4","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"8af3079b-f288-4a63-b27e-23004753ac00","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"048b9e5e-7395-4871-87b8-adb52b4144e7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0c21d7c0-47fd-4e9f-a170-ba3b82b875e6","name":"GetProcAddress and LoadLibrary","type":"tool","source":"Tidal Cyber","software_attack_id":"S3914","tidal_id":"3e39d3e5-19e2-5634-9199-65fe413110a0","created":"2026-01-14T13:31:34.648135Z","modified":"2026-01-14T13:31:34.648139Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Medium January 11 2026](/references/6cb12d3f-0296-47f7-9131-fc21ea806383)]</sup>","group_attack_id":"G3199","group_id":"ff36ede1-9375-4b1a-83f3-38b12d1ec3f4","name":"ValleyRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"aeb6775f-a7d5-4f29-9b23-4dfd33e339eb","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"58cdd279-74bc-45d5-8726-c065df4cfd1e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a47d86bb-ff25-4543-aaa6-3c6a79cf4013","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e39a7a32-2241-4f42-94c5-a231d8a8c3fa","name":"GetShell Plugin","type":"malware","source":"Tidal Cyber","software_attack_id":"S3923","tidal_id":"9069cee8-4487-550e-8b35-dac8618ba538","created":"2026-01-14T13:31:36.272374Z","modified":"2026-01-14T13:31:36.272378Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0b6f92fb-8848-40bb-bbcb-114271f587ac","name":"client.exe","description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","source":"USER","associated_software_id":"988606c0-b3e3-4e2e-82a9-8fa6a782ba49","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"483bb1ef-6dfc-432f-9560-d72b55761bdc","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"4eb044fd-2d50-4d37-9980-ed94422debfb","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"6078a6f5-a57f-487a-a7e7-66ae79ed723d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"182214fc-15a9-4f81-b68a-9806fe1a3f97","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a83cfdbf-023a-4874-a3d8-9674149ceb53","name":"GfxDownloadWrapper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3307","tidal_id":"9d0c0b06-7bef-511b-9ceb-1435ab0d565c","created":"2024-01-12T14:48:20.335453Z","modified":"2024-01-12T14:48:20.335457Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"068e3fc4-d5e4-436b-acf2-3db65c7a7166","name":"GfxDownloadWrapper.exe","description":"<sup>[[GfxDownloadWrapper.exe - LOLBAS Project](/references/5d97b7d7-428e-4408-a4d3-00f52cf4bf15)]</sup>","source":"Tidal Cyber","associated_software_id":"396335cb-1404-44f1-9d73-387e468bc781","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"915fce25-5dd1-4544-b148-7b16fb357089","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f981df78-26d6-4244-8fb4-ef53089be4bd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"269ef8f5-35c8-44ba-afe4-63f4c6431427","name":"gh0st RAT","type":"malware","source":"MITRE","software_attack_id":"S0032","tidal_id":"f335e7a0-d0b6-5b55-9407-e10a2ccb337a","created":"2017-05-31T21:32:24.937000Z","modified":"2022-09-30T21:03:21.873000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f26ae32b-07d4-4a4c-b63a-0012fc89fec0","name":"Moudoor","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"f1c8627e-d1bb-4a15-997c-08d5c8626718","owner_id":null,"owner_name":null},{"id":"6a9351cf-3ce8-48de-b102-e07697bf7134","name":"Mydoor","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"d468e609-3469-4308-9fb9-b6ca8655a1b6","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Secureworks BRONZEUNION Feb 2019](https://app.tidalcyber.com/references/691df278-fd7d-4b73-a22c-227bc7641dec)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup><sup>[[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[TA459](https://app.tidalcyber.com/groups/e343c1f1-458c-467b-bc4a-c1b97b2127e3) has used a Gh0st variant known as PCrat/Gh0st.<sup>[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]</sup>","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Bizeul 2014](https://app.tidalcyber.com/references/a4617ef4-e6d2-47e7-8f81-68e7380279bf)]</sup><sup>[[Villeneuve 2014](https://app.tidalcyber.com/references/a156e24e-0da5-4ac7-b914-29f2f05e7d6f)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE FLEETWOOD Profile](https://app.tidalcyber.com/references/4fbb113c-94b4-56fd-b292-1ccf84e1c8f3)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[RSA2017 Detect and Respond Adair](https://app.tidalcyber.com/references/005a276c-3369-4d29-bf0e-c7fa4e7d90bb)]</sup>","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Malwarebytes Higaisa 2020](https://app.tidalcyber.com/references/6054e0ab-cf61-49ba-b7f5-58b304477451)]</sup>","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]</sup><sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[AhnLab Andariel Subgroup of Lazarus June 2018](https://app.tidalcyber.com/references/bbc66e9f-98f9-4e34-b568-2833ea536f2e)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"13f7b104-51b2-4275-91cf-0b5c6d243e53","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"24563e81-5350-4c8b-9ef0-3f1b16e3ff35","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"c6e6cca8-a201-4e94-a016-faa4fb4c94a7","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"e5fe5293-a4da-4890-bbde-e8cf11eb1743","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"87d90536-cf9d-49c3-aed8-a781b6297dc3","name":"GHOSTLINE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3641","tidal_id":"4d09feea-f4ab-5b0e-a452-34ba0810c7bb","created":"2025-11-19T17:45:40.558196Z","modified":"2025-11-19T17:45:40.558199Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8023a361-6185-4b47-b1a1-8fc4b030fdc1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ad862849-b6b8-47f3-8b97-9d26e3b3d4b9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e9ccb45e-da58-4c8a-950a-09526dfd49fe","name":"GhostLocker","type":"malware","source":"Trellix TIG","software_attack_id":"S3448","tidal_id":"ce998164-7c4b-5213-b782-d8f4f611839c","created":"2025-04-11T15:06:50.216784Z","modified":"2025-04-11T15:06:50.216788Z","platforms":[],"associated_software":[{"id":"04ef31ba-ce4e-4867-b2a5-15efbb9476cc","name":"GhostLocker 2.0","description":"","source":"Trellix TIG","associated_software_id":"7b557aa8-fbf8-4170-bd22-5023208425e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6a3edce8-2fca-4e73-a73f-27d2f095c771","name":"GhostLocker V2","description":"","source":"Trellix TIG","associated_software_id":"c118a947-e3cd-4573-8c4e-cb2ca5559bf7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f6231f78-ea43-4eaa-aaa9-251d9e7c32e8","name":"GhostLocker V3","description":"","source":"Trellix TIG","associated_software_id":"e7c5eadb-0b36-4e28-a296-6f2a03ad17ed","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"93e05809-4d63-423a-8b9d-531fd624fdcf","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"d4d21463-1d66-40ab-851b-6c2e7242d923","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"4572427d-ec1f-4867-93b5-c072c103bbab","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"9a89bedf-9317-4396-9556-5e9391841adb","name":"GhostPresser","type":"malware","source":"Trellix TIG","software_attack_id":"S3431","tidal_id":"e28426cf-c6ef-5b05-a197-ff5f402289d1","created":"2025-04-11T15:06:46.884280Z","modified":"2025-04-11T15:06:46.884284Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"b3f0a1c5-f09c-498b-9ae3-eb3b65a33cfb","name":"GhostSec Deep Scan Tool","type":"malware","source":"Trellix TIG","software_attack_id":"S3419","tidal_id":"943400f5-1c99-5ade-9b97-0fa03957addf","created":"2025-04-11T15:06:44.546346Z","modified":"2025-04-11T15:06:44.546349Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b821fb92-cea5-4b71-ae9f-bedace07316a","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"dbb72419-5cd0-4336-936d-e6393e20aa5c","name":"GhostSocks","type":"malware","source":"Tidal Cyber","software_attack_id":"S3666","tidal_id":"9a80eae5-2ae5-59c1-b4fb-72737b2f364a","created":"2025-12-10T14:14:50.615521Z","modified":"2025-12-10T14:14:50.615526Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"be889b07-480c-4a07-802c-763f6e51e9d7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c55e9fba-2665-4b52-a305-2a407ce8c8e3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a43b2c7a-3db9-4d4c-af1a-8f3288f92a7c","name":"GHOSTSPIDER","type":"malware","source":"Tidal Cyber","software_attack_id":"S3607","tidal_id":"e9d20ac0-1a0e-5aae-8420-9a945b172442","created":"2025-10-24T16:13:48.423983Z","modified":"2025-10-24T16:13:48.423986Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro November 25 2024](/references/8bf807bc-5103-4962-9a19-c12396cdb767)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5b433a06-03b0-4350-8f85-9fb1269ee1c8","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"933ae004-b719-4eb3-b855-0dc2f2cbec9f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"1cac018d-34af-49cd-b940-f81a778cb46e","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"942228b7-668e-4350-ab05-90e0ef3ef559","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"05de0a77-0141-468e-981b-dc4dd3c33ead","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"16833a73-d656-416c-ba1c-92b39578428a","name":"GHOSTTOWN","type":"malware","source":"Trellix TIG","software_attack_id":"S3395","tidal_id":"a0630c07-4237-5ee6-bd4e-38dfa798b668","created":"2025-04-11T15:06:35.536877Z","modified":"2025-04-11T15:06:35.536881Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"d6073c04-6c1c-444a-b6d8-037f12c67c63","name":"GIFTEDCROOK","type":"malware","source":"Tidal Cyber","software_attack_id":"S3599","tidal_id":"8068547d-b2ae-5d63-9138-fc66a1de5194","created":"2025-10-17T17:09:54.485106Z","modified":"2025-10-17T17:09:54.485109Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERT-UA New cyber threats October 08 2025](/references/35467d53-626d-4c81-9f8e-ff9c24b7666b)]</sup>","group_attack_id":"G3143","group_id":"409d46c4-0e9d-4e6f-9561-6741d7a0f864","name":"UAC-0226","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e87cd3c2-20cc-4cab-82c6-84f5b3998565","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"c51200e6-f508-4945-ab26-9950921110de","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"d7af3ff1-5a89-4a37-b428-e26f27306ac8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0f24a5c2-fe1c-401a-80ea-ece7768de960","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1be8c66c-7402-4d42-9a2a-59d939507414","name":"GillyInjector","type":"malware","source":"Tidal Cyber","software_attack_id":"S3784","tidal_id":"579ea10f-45dc-5852-97ba-d67f0f48f919","created":"2025-12-24T14:57:24.413087Z","modified":"2025-12-24T14:57:24.413090Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6ffe593c-580a-4ca6-bb2d-2a155e01a65b","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"e65c5a04-69ae-4661-9361-51e7719b3e05","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"eabcde26-dba5-48b8-b870-cd73d71aa8e1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c024f19d-1738-43e6-a7b0-39047d9ca287","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ae7c0222-e3f2-541f-94b6-93c2ebf7d2c1","name":"Ginp","type":"malware","source":"Mobile","software_attack_id":"S0423","tidal_id":"ae7c0222-e3f2-541f-94b6-93c2ebf7d2c1","created":"2026-01-28T13:08:09.938273Z","modified":"2026-01-28T13:08:09.938275Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"676b1596-cfab-49d7-bbb0-b32b5bc489dc","name":"GitHub","type":"tool","source":"Tidal Cyber","software_attack_id":"S3690","tidal_id":"3fb06bbb-0c11-50df-9a45-fb3a3bcacc33","created":"2025-12-10T14:14:54.686071Z","modified":"2025-12-10T14:14:54.686075Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[ENKI Kimsuky KimJongRAT November 21 2025](/references/e060d834-1dfa-4451-b921-7aa26a2ffa30)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"027d6288-13f3-4d26-b677-575ddfc92578","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1e3817ae-dba3-43f0-be1d-ae3171fc099a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"014cd273-9d62-4a67-a8bc-cd041e603381","name":"GitHub","type":"tool","source":"Trellix TIG","software_attack_id":"S3401","tidal_id":"dc966e5f-2702-56c5-af87-35d46121ed8e","created":"2025-04-11T15:06:36.607706Z","modified":"2025-04-11T15:06:36.607710Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"4648677b-a5ca-4392-804a-b39bf2072d76","name":"GitHub Actions","type":"tool","source":"Tidal Cyber","software_attack_id":"S3711","tidal_id":"b2a97517-d9c3-51fc-aac8-2d1eab89e5ba","created":"2025-12-10T14:14:58.116695Z","modified":"2025-12-10T14:14:58.116699Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c5227c2d-31c1-4295-82ac-de47d88785fb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6f6f9ba8-ba24-41bc-8bdd-8d42d87c916b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"59dd0fbf-94e4-40f1-b1ab-dd1a208962f2","name":"GitLab","type":"tool","source":"Tidal Cyber","software_attack_id":"S3691","tidal_id":"e45c2274-3f93-5cf1-95d4-84ea553b4d08","created":"2025-12-10T14:14:54.846401Z","modified":"2025-12-10T14:14:54.846405Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"68302355-ed86-4422-bbe5-f4218d965fc5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b2a0ad2d-e048-4711-9a70-33ebfb612e51","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5c1a1ce5-927c-5c79-8a14-2789756d41ee","name":"GLASSTOKEN","type":"malware","source":"MITRE","software_attack_id":"S1117","tidal_id":"702e272c-770c-519a-add0-24e1a72a4526","created":"2024-04-25T13:28:18.794844Z","modified":"2024-04-25T13:28:18.794847Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"09fdec78-5253-433d-8680-294ba6847be9","name":"GLOOXMAIL","type":"malware","source":"MITRE","software_attack_id":"S0026","tidal_id":"20a42b9e-c99e-5207-b611-12abc91fded7","created":"2017-05-31T21:32:20.526000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cc8a6275-00b8-4186-bb7e-e4032e03e845","name":"Trojan.GTALK","description":"","source":"MITRE","associated_software_id":"b7246af4-31b1-42b4-aafd-853a5fd9fbbf","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"83713f85-8b2f-4733-9fea-e6a1494d0bbb","name":"GMER","type":"tool","source":"Tidal Cyber","software_attack_id":"S3035","tidal_id":"b54705cb-62cc-548d-b290-0bb242ca0164","created":"2023-08-18T18:56:21.220741Z","modified":"2023-08-18T18:56:21.220749Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c007aa91-72c3-46a4-bdb0-57ead4db167e","tag":"c87e8e01-f6fb-483b-8343-68ef9440f1bf"},{"id":"f88089ef-a1e1-431f-be11-1ba9de4e400a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"a7ea9865-5a52-43a7-b9fc-771f48645b2f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"b42a2770-02ec-4df8-b13b-1596e489157b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"c454e791-d712-43fe-b72a-33263e3f8ecd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"504933e5-165a-43d5-be11-b17aa21c6f66","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"56ff323e-e6d4-41e2-8cab-702d1b5371f0","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"514de1d2-4ab4-491d-8a25-d0f1dd519507","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"e4c108f9-f0cf-4d23-86f2-16b2e878b6a3","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"d40a841c-1db7-4610-8e55-8b47a7d521df","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"cfb6a510-0585-408a-8968-f08d34274c0f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"4ce46c8d-d0cc-4d68-8798-6037cb39cca0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b4551a30-352f-472d-b107-98db2321ccc8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6daaa612-ba3b-417b-91dd-9b116e02833a","name":"go2.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3899","tidal_id":"22442937-be20-5c83-92fb-0217a37af1ea","created":"2026-01-14T13:31:32.075530Z","modified":"2026-01-14T13:31:32.075534Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"bb1fcc4e-fee1-422c-b50a-7fe59263b55a","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"94968598-5059-419b-8d29-8bf9980a64a9","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f36fdf33-0444-404f-a321-c8ab1fde599f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"87dda895-cecb-4e28-923c-2b082f314ed1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"027539ef-b1c4-480a-a27e-2c83b209c0d0","name":"Go-based Token-Sweep Utilities (TRON/BSC)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3942","tidal_id":"da1a8921-c308-543b-a0aa-e6b2f57f5be4","created":"2026-01-14T13:31:39.325168Z","modified":"2026-01-14T13:31:39.325173Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6fe969ea-46a1-4fa6-8c72-d721623168c4","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"35a8cfae-c3f6-4e9c-b119-4d10af07c897","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"adbfe3cc-b6c6-456e-8cd4-a3bf74451019","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"781f4bee-6800-456d-8a8a-637b1be3864c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"05977922-f2fc-4355-97fa-fe0f3b848151","name":"Go-based TRON Balance Scanner","type":"malware","source":"Tidal Cyber","software_attack_id":"S3941","tidal_id":"b7b0cf7e-c329-544f-a4cb-9e526013e67b","created":"2026-01-14T13:31:39.175681Z","modified":"2026-01-14T13:31:39.175686Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6937298a-cc48-472a-bbff-5042ac2b8b3e","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"8b7a6197-4ce2-40a7-a3ab-b09cade5d179","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a52e6500-4677-4df7-a2d1-6b22e318cb30","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1e08331a-95d6-57f6-8dd2-115e2f5b83d4","name":"GoBear","type":"malware","source":"MITRE","software_attack_id":"S1197","tidal_id":"1e08331a-95d6-57f6-8dd2-115e2f5b83d4","created":"2025-04-22T20:46:59.662467Z","modified":"2025-04-22T20:46:59.662470Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[GoBear](https://app.tidalcyber.com/software/1e08331a-95d6-57f6-8dd2-115e2f5b83d4) is exclusively linked to [Kimsuky](https://app.tidalcyber.com/groups/37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) operations.<sup>[[S2W Troll Stealer 2024](https://app.tidalcyber.com/references/5fbb0dcb-c882-597f-ade8-4b8afb8b55a8)]</sup><sup>[[Symantec Troll Stealer 2024](https://app.tidalcyber.com/references/ebb98b4b-062a-5b48-8318-e5f1244f907c)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"27e8ea0b-f126-40bc-aa44-cccabb7bd104","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"40e6ab78-e08d-453f-83e0-c9eede8f1448","name":"GoBruteforcer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3943","tidal_id":"9c00007f-c1d7-5c36-a341-84755270b85b","created":"2026-01-14T13:31:39.495523Z","modified":"2026-01-14T13:31:39.495529Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"a1ad3620-5111-4890-96e1-167105df892a","name":"GoBrut","description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","source":"USER","associated_software_id":"121f7d14-ca9d-40fc-be41-40bcdf181fe1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"bd7dcc70-cedf-4078-bf4b-17a89a6388d4","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"1bf52b27-5697-4b82-9d5e-a5cbe1bd71ca","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"1e6fc8a5-e8ac-4e2f-a218-f4ac5d96462a","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"51ff3783-f21f-4c1c-952b-0e186c7d2c55","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"ca1dc166-87db-43e1-ba3b-2ef3f0100c92","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"dd9dd926-a9de-4ba0-8cc3-5e3d269d242b","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"0a810e14-e30e-4e08-a751-5b58c9b1f032","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"69fee0aa-0177-4fda-b842-47776c9d4699","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"68ed4697-7a3d-4aab-a3d6-e66b86932a2b","name":"GoBruteforcer Bruteforce Module","type":"malware","source":"Tidal Cyber","software_attack_id":"S3944","tidal_id":"0e9c5cf4-e9fd-5b0d-af6a-8528899e2597","created":"2026-01-14T13:31:39.660628Z","modified":"2026-01-14T13:31:39.660632Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e8e8c0bf-9423-49cb-b303-3e782b6851e2","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"f0d9d829-13bf-4fcf-b93b-8ab35dd4253a","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"673a492c-a553-42a9-bf98-5cc42d4478ce","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f7244504-055a-48e7-b387-74f6f0c6d597","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cd789a53-4f64-460f-bf25-45557a2ab7f9","name":"GoBruteforcer IRC Bot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3945","tidal_id":"14cb48eb-8610-56ce-9406-7a1176e39786","created":"2026-01-14T13:31:39.821515Z","modified":"2026-01-14T13:31:39.821521Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9fa456df-1172-4f48-9274-7695cdfef0c4","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"49245199-4696-4337-84a8-f279683c7850","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"787ffaa5-e389-4be8-ac2f-795fbf9a9524","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"6fde7e26-75a7-43e0-a0aa-5b8797a94757","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cf8c0e04-2a97-4cf7-a4a3-c51edb93698b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b572b2c7-5277-5c0a-b0a6-3f322e7a33a8","name":"GodFather","type":"malware","source":"Mobile","software_attack_id":"S1231","tidal_id":"b572b2c7-5277-5c0a-b0a6-3f322e7a33a8","created":"2026-01-28T13:08:09.938765Z","modified":"2026-01-28T13:08:09.938767Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"911300f1-3391-4044-b597-4886c536db25","name":"GodPotato","type":"tool","source":"Tidal Cyber","software_attack_id":"S3437","tidal_id":"41c45117-5de2-53d1-81b3-2ec5dd377af0","created":"2025-02-24T20:29:02.370260Z","modified":"2025-02-24T20:29:02.370265Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"221c341e-bdd1-4625-bea8-4d28e30f8e65","name":"God.exe","description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","source":"Tidal Cyber","associated_software_id":"241e797c-4993-4480-963f-a17d1bfc418e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d6638161-4906-4c7f-a522-5c50746dda4c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"dd6bf993-f1f2-4c75-a08b-3df1c2cde5fc","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8f4b174b-653b-4498-be44-5e00ed3a8865","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"86231e81-3465-4841-8f98-ac9bdac86225","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"94035960-5ada-4b7c-91f9-2c0c179e030a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"dfb8b4c0-26f4-4ef9-86a1-e73fe70e85ac","tag":"7de7d799-f836-4555-97a4-0db776eb6932"}],"owner_name":"TidalCyberIan"},{"id":"94207fc0-4991-46b5-b0fb-422f8a1bf877","name":"Godzilla-derived webshells","type":"malware","source":"Tidal Cyber","software_attack_id":"S3801","tidal_id":"c9c8df47-29db-5dcb-9e33-428958a3ee30","created":"2025-12-24T14:57:26.983655Z","modified":"2025-12-24T14:57:26.983658Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3180","group_id":"92cbac61-7999-465a-9afc-5476f84b3a2e","name":"RudePanda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8b734d4b-b227-4af0-b961-6bcc56d0a48b","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"18f03981-9599-4c1e-8921-5fc2871afc4d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"ff85df6e-99e4-4d51-a9a6-346cfb43fe8c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c281e81a-2b00-41cb-ab17-f4652ba4aa04","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6eda70ec-a02b-4b08-9aae-568ce1c83de1","name":"go.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3898","tidal_id":"a2f83e20-1329-544f-8480-c43e05356efa","created":"2026-01-14T13:31:31.907808Z","modified":"2026-01-14T13:31:31.907813Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"51580678-d9f3-47d5-b91c-c6c2071361f2","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"d5c040e5-6df5-4ae2-9633-fb044638d7a5","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"68692830-3860-40cd-a74b-8e32087dc80a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1f9c3037-0108-4eb0-bf20-d9bff70d57ff","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"205042d8-ecb1-4a5d-b6d5-60baa9a607ff","name":"GoFrame","type":"tool","source":"Tidal Cyber","software_attack_id":"S3677","tidal_id":"32aef41e-75f4-55ad-b6c2-184ac5b2dd24","created":"2025-12-10T14:14:52.635926Z","modified":"2025-12-10T14:14:52.635930Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET PlushDaemon November 19 2025](/references/fd6d089e-4549-4442-91bf-3cf1e85db012)]</sup>","group_attack_id":"G3069","group_id":"3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6","name":"PlushDaemon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1c0672c9-12f9-4b5f-9e87-9c891515d91c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2c53c63a-7cbc-4cd5-a765-9d56bc62d893","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f899a3f9-57dc-40e7-988d-2e218316a8d9","name":"GOHEAVY","type":"malware","source":"Tidal Cyber","software_attack_id":"S3740","tidal_id":"427aa7d7-c510-5668-8297-484c315b0b56","created":"2025-12-17T14:18:47.779182Z","modified":"2025-12-17T14:18:47.779186Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog March 21 2024](/references/efba67c7-a481-44de-84bd-cf74bc946f6e)]</sup>","group_attack_id":"G3078","group_id":"21df749a-1e70-4c11-921c-071a61d9a900","name":"UNC5174","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"22847ca7-1342-46df-9a1a-72c532e0044f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f1fe1ed4-2109-4e80-8cb4-a345ce694d25","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4e9cfcb6-d891-47ee-97b0-772575a413c6","name":"Go-http-client","type":"tool","source":"Tidal Cyber","software_attack_id":"S3737","tidal_id":"99529d7f-ac8c-5def-ad5b-95393aa01544","created":"2025-12-10T14:15:04.273943Z","modified":"2025-12-10T14:15:04.273948Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"1f578ca6-2328-49b1-9be3-11604d449936","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"836bff19-54ed-4ece-b222-4154e3034c9c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d5a24334-5792-4001-8053-93159012d857","name":"GolangGhost","type":"malware","source":"Tidal Cyber","software_attack_id":"S3672","tidal_id":"21314c5f-f884-56c5-9230-979284caa189","created":"2025-12-10T14:14:51.774152Z","modified":"2025-12-10T14:14:51.774156Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a31bdfe6-f7a1-4d09-9391-c6610a0d6047","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ec3ed556-88e0-4154-b3b0-d2c42be21751","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"348fdeb5-6a74-4803-ac6e-e0133ecd7263","name":"Gold Dragon","type":"malware","source":"MITRE","software_attack_id":"S0249","tidal_id":"d5b86c93-1af8-5309-b9a9-da7d8fc32923","created":"2018-10-17T00:14:20.652000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Talos Kimsuky Nov 2021](https://app.tidalcyber.com/references/17927f0e-297a-45ec-8e1c-8a33892205dc)]</sup><sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ac06d582-6fa0-58aa-bf95-125b19dcaf40","name":"Golden Cup","type":"malware","source":"Mobile","software_attack_id":"S0535","tidal_id":"ac06d582-6fa0-58aa-bf95-125b19dcaf40","created":"2026-01-28T13:08:09.939171Z","modified":"2026-01-28T13:08:09.939172Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b24196b7-21d6-5fee-b9b4-2ac37584d52b","name":"GoldenEagle","type":"malware","source":"Mobile","software_attack_id":"S0551","tidal_id":"b24196b7-21d6-5fee-b9b4-2ac37584d52b","created":"2026-01-28T13:08:09.937554Z","modified":"2026-01-28T13:08:09.937556Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"1b135393-c799-4698-a880-c6a86782adee","name":"GoldenSpy","type":"malware","source":"MITRE","software_attack_id":"S0493","tidal_id":"7e13200b-cad4-59e4-b4ab-1e1e980340e1","created":"2020-07-23T13:50:10.409000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f0abae76-c3f3-4867-8a2a-eaa9ce5c9496","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"}],"owner_name":null},{"id":"4e8c58c5-443e-4f73-91e9-89146f04e307","name":"GoldFinder","type":"malware","source":"MITRE","software_attack_id":"S0597","tidal_id":"ae03d428-633f-586c-9883-356344844799","created":"2021-03-26T16:48:31.793000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC NOBELIUM Mar 2021](https://app.tidalcyber.com/references/8688a0a9-d644-4b96-81bb-031f1f898652)]</sup><sup>[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]</sup><sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup><sup>[[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b05a9763-4288-4656-bf4e-ba02bb8b35d6","name":"GoldMax","type":"malware","source":"MITRE","software_attack_id":"S0588","tidal_id":"b75d655d-247f-54ed-a796-ee3ca5cc0370","created":"2021-03-12T16:10:45.416000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5ba7d15e-06cf-4fd9-8a89-4d4fea6f9b51","name":"SUNSHUTTLE","description":"<sup>[[FireEye SUNSHUTTLE Mar 2021](https://app.tidalcyber.com/references/1cdb8a1e-fbed-4db3-b273-5f8f45356dc1)]</sup>","source":"MITRE","associated_software_id":"c3ca0824-88bf-4489-bd93-7598044d1088","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[MSTIC NOBELIUM Mar 2021](https://app.tidalcyber.com/references/8688a0a9-d644-4b96-81bb-031f1f898652)]</sup><sup>[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]</sup><sup>[[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)]</sup><sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup><sup>[[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5eaa2587-d225-49e9-af95-a2aee168325a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9efcd157-c866-4253-b871-00a414fecb6d","name":"GOLDVEIN.JAVA","type":"malware","source":"Tidal Cyber","software_attack_id":"S3584","tidal_id":"c2c71ce1-1b10-541f-8a80-ddcbacc648ea","created":"2025-10-13T17:29:23.992664Z","modified":"2025-10-13T17:29:23.992667Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog 10 09 2025](/references/ec72f924-4cc8-4709-9b07-f343bff55895)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9bd119a8-2055-42c2-a1ba-d2636d3bdfb8","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"d1b45f10-38f2-4858-bf5b-839cad7ea2a0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"6398724a-b8d0-4904-86d2-65ba42ba28ff","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"59c0f429-f88c-4463-bd4d-57f941b413e3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"130d736a-4c5b-5b83-b89d-9dcba9d52130","name":"GolfSpy","type":"malware","source":"Mobile","software_attack_id":"S0421","tidal_id":"130d736a-4c5b-5b83-b89d-9dcba9d52130","created":"2026-01-28T13:08:09.938796Z","modified":"2026-01-28T13:08:09.938798Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Bouncing Golf 2019](https://app.tidalcyber.com/references/b830fe30-0b53-4fc6-a172-7da930618725)]</sup>","group_attack_id":"G0097","group_id":"72e921d4-4c9f-5893-8d45-aa9d90bf9851","name":"Bouncing Golf","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"bc668ae0-a70e-55ad-9824-765425f6b02a","name":"Gomir","type":"malware","source":"MITRE","software_attack_id":"S1198","tidal_id":"bc668ae0-a70e-55ad-9824-765425f6b02a","created":"2025-04-22T20:46:57.008310Z","modified":"2025-04-22T20:46:57.008313Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[Gomir](https://app.tidalcyber.com/software/bc668ae0-a70e-55ad-9824-765425f6b02a) is uniquely associated with [Kimsuky](https://app.tidalcyber.com/groups/37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) operations.<sup>[[Symantec Troll Stealer 2024](https://app.tidalcyber.com/references/ebb98b4b-062a-5b48-8318-e5f1244f907c)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4a79be02-cfd6-49ea-b73b-12b8236a21e7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1173bbcf-5c8c-4e57-8424-5037922a2499","name":"Google Drive","type":"tool","source":"Trellix TIG","software_attack_id":"S3403","tidal_id":"ae437c4b-a251-56f3-a158-f00249fb0422","created":"2025-04-11T15:06:38.409904Z","modified":"2025-04-11T15:06:38.409908Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"ed8a2138-cdc7-49ae-be34-95bf9801154a","name":"Google Translate (malicious Opera extension)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3889","tidal_id":"b26be2ab-66f2-5ca2-b334-51abd8e0b089","created":"2026-01-06T18:05:08.780667Z","modified":"2026-01-06T18:05:08.780671Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.koi.ai January 05 2026](/references/5da3facd-7bd9-4a02-843a-ad4b3fa273d7)]</sup>","group_attack_id":"G3190","group_id":"d2ed88a2-5514-4336-bda7-770dbe4fd451","name":"DarkSpectre","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"34407385-634c-4092-8377-46308ffd0379","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"f51ee1ec-1a77-45ef-ab90-13bf511ae9d3","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"4058b9ec-d9e8-44b4-bb80-fbf2d6184ffc","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"69374730-5d10-4d03-8663-3523e3fd0e41","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"47d7b305-d096-4bd5-86fc-2681041d1f47","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"28219ac2-2c90-5b64-9792-f618a82dabb4","name":"Gooligan","type":"malware","source":"Mobile","software_attack_id":"S0290","tidal_id":"28219ac2-2c90-5b64-9792-f618a82dabb4","created":"2026-01-28T13:08:09.937665Z","modified":"2026-01-28T13:08:09.937667Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"1b26b4f2-8f2a-4165-8128-a08d6cb37c7d","name":"Ghost Push","description":"Gooligan has been described as being part of the Ghost Push Android malware family. <sup>[[Ludwig-GhostPush](https://app.tidalcyber.com/references/9897baf6-d3aa-50f0-9a5c-26443491881c)]</sup> <sup>[[Lookout-Gooligan](https://app.tidalcyber.com/references/7a9f3b36-d847-5744-8906-21726b1601a8)]</sup>","source":"Mobile","associated_software_id":"0da5c88f-33c1-5ffd-8415-324ad08093b3","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"a75855fd-2b6b-43d8-99a5-2be03b544f34","name":"Goopy","type":"malware","source":"MITRE","software_attack_id":"S0477","tidal_id":"ad32c862-1de3-57bd-b99f-d7540961260b","created":"2020-06-19T20:42:19.258000Z","modified":"2022-07-11T20:35:28.082000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ef74d66c-2fe4-4fcc-89f1-d31bc0cf27e4","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"f9c32a11-964c-4480-968b-e520b8c7b26e","name":"GooseEgg","type":"malware","source":"Tidal Cyber","software_attack_id":"S3131","tidal_id":"32e17fcb-7d1d-5e63-af2b-7c5acaae6b32","created":"2024-06-13T20:12:34.172069Z","modified":"2024-06-13T20:12:34.172072Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog 4 22 2024](/references/050ff793-d81d-499f-a136-905e76bce321)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1832fe22-a571-4993-bc64-b058da578116","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8c81e01c-778c-4b36-ab80-52d617e79bed","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"f49837e5-1cad-453f-b754-516afbcbb8da","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"d7957c52-3b63-4550-8e2f-e48400ef7c1a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b18a505f-16ca-5b51-9bed-ae05b47c7706","name":"Gootloader","type":"malware","source":"MITRE","software_attack_id":"S1138","tidal_id":"b18a505f-16ca-5b51-9bed-ae05b47c7706","created":"2024-10-31T16:28:03.060689Z","modified":"2024-10-31T16:28:03.060692Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3146","group_id":"aa351f3d-b917-45c9-a99e-2fe5ef23a970","name":"Storm-0494","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"43c07131-d43c-44f8-a5bd-06794b21bc94","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"1d8fa132-2246-4174-82c8-b7f6d98d86f2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c85f394f-c2e5-47f7-a9e9-8baa7022f948","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"6cd1ed60-551a-4130-aebf-e82612008958","name":"GOREVERSE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3741","tidal_id":"806bb59a-e1b9-51b2-a03c-5e487913b892","created":"2025-12-17T14:18:47.946125Z","modified":"2025-12-17T14:18:47.946129Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog March 21 2024](/references/efba67c7-a481-44de-84bd-cf74bc946f6e)]</sup>","group_attack_id":"G3078","group_id":"21df749a-1e70-4c11-921c-071a61d9a900","name":"UNC5174","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9fe080a3-4384-4de1-8c0c-8c326edbd8eb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b7b17d1f-a084-4b00-b1a2-2b6201b5b8cf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d61d347f-95d4-476e-84e1-eda48d5e170c","name":"gorilla/mux","type":"tool","source":"Trellix TIG","software_attack_id":"S3405","tidal_id":"a790a177-20ba-59f5-8977-9413827acd8a","created":"2025-04-11T15:06:39.053988Z","modified":"2025-04-11T15:06:39.053992Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"d70ad5b9-0ae5-4491-afd5-74ff13d5a98d","name":"go-socks5","type":"malware","source":"Tidal Cyber","software_attack_id":"S3729","tidal_id":"2a8d130c-8e00-509d-8526-a222f0b3c890","created":"2025-12-10T14:15:02.812015Z","modified":"2025-12-10T14:15:02.812020Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"22f30f28-1788-4d6a-8a70-e92e5223882a","name":"ESETGO","description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","source":"USER","associated_software_id":"75813ad2-c4df-4341-8f07-7bebba702096","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e1cefbf9-9d31-4c1d-bf0d-f788c4b5c753","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"02b14455-e55e-4524-ae5a-169bbbd131a1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9570d4c0-93f3-4af2-9783-f144818a0e48","name":"GoToAssist","type":"tool","source":"Tidal Cyber","software_attack_id":"S3395","tidal_id":"89d3b290-43c8-52bd-aa2f-8c99174be0a8","created":"2024-10-14T19:20:44.729302Z","modified":"2024-10-14T19:20:44.729307Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"412d6531-e871-44fa-b992-7869de700c12","name":"GoTo Resolve","description":"<sup>[[GoTo Resolve](/references/f1a13cad-b77e-4c38-925c-038a4fcec8d3)]</sup>","source":"Tidal Cyber","associated_software_id":"e4064321-95ca-45ca-a9c8-f8a436003299","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CrowdStrike Carbon Spider August 2021](/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bddb08b2-a653-4fe3-a050-eb581a0a5045","tag":"857d10f8-d1d0-4f67-8bf4-d760e3471bbb"},{"id":"1ea5163e-a5e4-461f-8871-f65b5a8b340a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"3ebc9598-7839-4034-beab-83867d3fd0b8","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"15db1f0f-d569-404f-9c46-a3997905f063","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"a39cf07b-1005-4d88-93e8-bfda8c5e16b1","name":"GoToDesk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3618","tidal_id":"52e8cd67-8de5-5b12-adcc-d08c98c4f3fd","created":"2025-11-11T13:26:32.689523Z","modified":"2025-11-11T13:26:32.689526Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"492da8af-3751-41ee-8564-1f8f9517e48e","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"019c4b5f-d13e-4b76-954f-a558515a6e11","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c309572f-364f-491d-b619-dfefb613a323","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5ae40dfb-c559-4983-9c2b-6ff49a309fc8","name":"GoToHTTP","type":"tool","source":"Tidal Cyber","software_attack_id":"S3541","tidal_id":"5d0b4fb7-d840-5211-ae69-fe395a23eda1","created":"2025-09-10T16:39:29.307805Z","modified":"2025-09-10T16:39:29.307809Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6dedbab1-818b-4ad0-8d0e-c232a8511fd2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"20f7932e-a68d-49e6-a3e6-ac406001c8f9","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"e7100d56-4fb4-43f3-b300-e9a5535b901d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3dcb904a-d599-4921-878c-df9f05aeb264","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"765af904-de77-5c2d-9e01-e005cf2f6205","name":"GPlayed","type":"malware","source":"Mobile","software_attack_id":"S0536","tidal_id":"765af904-de77-5c2d-9e01-e005cf2f6205","created":"2026-01-28T13:08:09.938705Z","modified":"2026-01-28T13:08:09.938707Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"acf4a502-2730-4b36-aea3-652420390977","name":"Gpscript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3230","tidal_id":"99c45470-4d78-556d-97fc-0a728ad465a3","created":"2024-01-12T14:47:53.055152Z","modified":"2024-01-12T14:47:53.055156Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4138af40-f244-4eca-8957-3523ef3ae312","name":"Gpscript.exe","description":"<sup>[[Gpscript.exe - LOLBAS Project](/references/619f57d9-d93b-4e9b-aae0-6ce89d91deb6)]</sup>","source":"Tidal Cyber","associated_software_id":"34cc45e9-f8c3-4b2d-b8b5-ace1aec167b2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"26764a7b-9216-469f-824e-e05866a7f7ed","tag":"2ca5c5e4-ee7f-4698-84ec-ce04d2c1e9cc"},{"id":"db1e2454-c98c-4fe7-a857-2b5cd10bfa06","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2fed445b-44ee-4592-924d-722e7fc74824","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"61d277f2-abdc-4f2b-b50a-10d0fe91e588","name":"Grandoreiro","type":"malware","source":"MITRE","software_attack_id":"S0531","tidal_id":"fb5efe94-6ed2-53d0-a200-afdbe6f24b12","created":"2020-11-10T21:13:44.259000Z","modified":"2022-10-19T22:11:10.040000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"9ba50663-15d7-4d83-a127-5e679d856b07","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"f77398ad-e043-4694-ade0-d6ea16a994e7","name":"GraphicalProton","type":"malware","source":"Tidal Cyber","software_attack_id":"S3102","tidal_id":"3f4e0f1e-c468-530c-b06c-378646f394e7","created":"2023-12-14T19:26:31.785239Z","modified":"2023-12-14T19:26:31.785242Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"af35ef10-a722-4474-94b6-7b89fc111dbe","name":"Graphish","type":"tool","source":"Tidal Cyber","software_attack_id":"S3832","tidal_id":"5b67c7cc-2dc0-534b-b633-9addf2c32457","created":"2025-12-29T17:41:05.896479Z","modified":"2025-12-29T17:41:05.896482Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint December 16 2025](/references/1f13a583-dbb1-462e-9a88-31fc8ef184c9)]</sup>","group_attack_id":"G3184","group_id":"e7f14039-1e63-4708-8565-bbd72f7b8d84","name":"TA2723","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Proofpoint December 16 2025](/references/1f13a583-dbb1-462e-9a88-31fc8ef184c9)]</sup>","group_attack_id":"G3185","group_id":"d0d11d5a-30a6-4513-a4c9-cefc97b0caed","name":"UNK_AcademicFlare","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1f5dd610-2c43-4e78-abaa-e6be67424fbe","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"91c52c3a-2a22-4202-b4fd-2c66bde49942","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"03368ed1-23a8-4923-80df-a3419d6efaa9","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"cee966de-74ea-40fe-b897-b531c11c842b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0dba8abe-c961-4617-90ac-fda43d4dd3c4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"08cb425d-7b7a-41dc-a897-9057ce57fea9","name":"GravityRAT","type":"malware","source":"MITRE","software_attack_id":"S0237","tidal_id":"04f7d8cb-686c-5f74-ab62-ac08bb23d874","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f5691425-6690-4e5e-8304-3ede9d2f5a90","name":"Green Lambert","type":"malware","source":"MITRE","software_attack_id":"S0690","tidal_id":"10690f34-9b51-52d2-9032-ff978eb9586a","created":"2022-03-21T20:55:40.638000Z","modified":"2022-04-20T18:12:24.193000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2b649307-21c5-4a77-a908-b23c062cc250","name":"grep","type":"tool","source":"Trellix TIG","software_attack_id":"S3432","tidal_id":"f6209dd5-5fa2-5369-a8b4-85ab0a2e151a","created":"2025-04-11T15:06:47.042895Z","modified":"2025-04-11T15:06:47.042899Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0a402d35-948f-4a92-a7b4-19c8d73bc4fe","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f646e7f9-4d09-46f6-9831-54668fa20483","name":"GreyEnergy","type":"malware","source":"MITRE","software_attack_id":"S0342","tidal_id":"b9897005-6de3-5fec-a112-8a70ce641069","created":"2019-01-30T13:53:14.264000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ad358082-d83a-4c22-81a1-6c34dd67af26","name":"GRIFFON","type":"malware","source":"MITRE","software_attack_id":"S0417","tidal_id":"1ceabd31-8f18-5b44-9bec-e9d7d1788c5a","created":"2019-10-11T17:29:20.165000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SecureList Griffon May 2019](https://app.tidalcyber.com/references/42e196e4-42a7-427d-a69b-d78fa6375f8c)]</sup><sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup><sup>[[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"df250d18-1961-40d0-8874-fcb9d897a84a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"c40a71d4-8592-4f82-8af5-18f763e52caf","name":"GrimAgent","type":"malware","source":"MITRE","software_attack_id":"S0632","tidal_id":"2db144e3-1a60-5b39-8fd7-14eed8c6b149","created":"2021-07-16T18:19:25.986000Z","modified":"2022-07-29T19:44:21.016000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Group IB GrimAgent July 2021](https://app.tidalcyber.com/references/6b0dd676-3ea5-4b56-a27b-b1685787de02)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Group IB GrimAgent July 2021](https://app.tidalcyber.com/references/6b0dd676-3ea5-4b56-a27b-b1685787de02)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ceaa4154-edfd-4101-8ca0-c6c16dc90256","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3ff9e020-8a7a-4c6f-a607-117ce9e436c5","name":"Grixba","type":"malware","source":"Tidal Cyber","software_attack_id":"S3064","tidal_id":"8b552401-deb9-5576-a5b7-c487199dcd3f","created":"2023-12-22T16:36:13.557922Z","modified":"2023-12-22T16:36:13.557927Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Play Ransomware April 19 2023](/references/a78613a5-ce17-4d11-8f2f-3e642cd7673c)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dbfeec3f-a888-4716-b9d0-0f6f5b693acd","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7dd58d3f-838e-4951-a644-e0296e62df32","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"442fe42f-f062-4c67-b53c-64b92bb64f4f","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5fdc8aa3-6cf2-4539-a547-8aadca93b5a7","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"cccb84d5-6888-4d30-85d0-671c6879546d","name":"Group Policy Management Console","type":"tool","source":"Tidal Cyber","software_attack_id":"S3595","tidal_id":"46a35ce4-9c84-5251-b347-b5e1929cb979","created":"2025-10-17T17:09:53.785729Z","modified":"2025-10-17T17:09:53.785731Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b0f878ee-87a2-4f19-bdac-a580f8687658","name":"gpmc.msc","description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","source":"USER","associated_software_id":"f0d6fd24-a886-4c5e-9e2d-79c344a76a06","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"299e0777-f46b-4514-94f7-f721bf49215c","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"c7a798d5-5db6-4708-a628-2edd002fcfcc","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"4d097107-3e38-44fa-9a64-7183585a6984","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"40bfb9f1-7d7a-45a5-ac71-443811839f4d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6d6cd6c3-ba4c-430f-95fb-2817e3e70822","name":"Group Policy Management Editor","type":"tool","source":"Tidal Cyber","software_attack_id":"S3596","tidal_id":"41803c7b-6037-5f8e-942e-b4e9d7b52153","created":"2025-10-17T17:09:53.954440Z","modified":"2025-10-17T17:09:53.954442Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"895a89cd-0a88-4f46-a3af-c550a3f22b81","name":"gpme.msc","description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","source":"USER","associated_software_id":"e14ddf98-4aa8-4526-9403-5d0fbbc4b531","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"400fb0b0-a068-40ff-bd8b-87286077530b","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"97befc72-9dcc-4f4a-a6d3-f1b0042dc1e6","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"f3b75a57-f8ca-4db2-bd7e-1aa68fb5e4a3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b1b2f961-3e97-4f3c-b446-047b604a1599","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5ffe662f-9da1-4b6f-ad3a-f296383e828c","name":"gsecdump","type":"tool","source":"MITRE","software_attack_id":"S0008","tidal_id":"d2152a81-73ba-5d29-ba48-e08b8197f027","created":"2017-05-31T21:32:13.755000Z","modified":"2022-09-22T20:55:32.937000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]</sup><sup>[[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Bizeul 2014](https://app.tidalcyber.com/references/a4617ef4-e6d2-47e7-8f81-68e7380279bf)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro Tonto Team October 2020](https://app.tidalcyber.com/references/140e6b01-6b98-4f82-9455-0c84b3856b86)]</sup>","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4109dd59-8919-4954-bab8-2fa6b732bb3a","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"0ad36ba9-e585-4d8d-910d-3b6442d1c188","name":"GuestConduit","type":"malware","source":"Tidal Cyber","software_attack_id":"S3721","tidal_id":"cedfa456-f538-5825-9278-20a62131761f","created":"2025-12-10T14:14:59.810825Z","modified":"2025-12-10T14:14:59.810828Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike.com December 04 2025](/references/24d4a6ac-2f5a-4155-bb14-7fb68a977fce)]</sup>","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5bbba694-5367-4130-970a-52a0309429f5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ea3a7ca1-cfbd-45e8-b8a6-22ebb370af60","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fecef7bd-6558-4a9f-82b4-45e5109ce450","name":"Guest Shell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3535","tidal_id":"b0c47e1c-16da-55a5-820c-007fb7f5a9b7","created":"2025-09-04T13:58:21.878345Z","modified":"2025-09-04T13:58:21.878347Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA August 27 2025](/references/90d60b4c-7c10-4fb7-ac4b-3c2645f864e4)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"34b5b86c-0435-4449-83f2-a855f5c306e8","tag":"483a33e5-e6fb-49d8-b071-6d6d21706e15"},{"id":"643ae551-a3f2-4963-b8c4-9f1077f163ca","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"0ee9542b-4483-4a3f-8f30-0794f5d19f98","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"4cdb9a08-92b2-47e4-a829-34228969a9ef","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"95ee3925-e99a-4229-8db9-c4a3240e1131","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"2921a25b-6477-4870-baf4-7ae6541621d7","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"dce7f4ee-ad14-48eb-a282-1d9980f260b9","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"43ff2c22-9b92-425b-919e-0f3abb265a2c","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"bca214b3-37fd-4f91-81db-e1caf79a7711","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"ef2034aa-75cf-4779-95e0-4071da0833e3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b86a8bc4-f7bd-49ef-bbbc-0919ddd36493","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"233f17df-d69f-4fb0-9a83-37464b5ab00e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"03e985d6-870b-4533-af13-08b1e0511444","name":"GuLoader","type":"malware","source":"MITRE","software_attack_id":"S0561","tidal_id":"7013c6fd-55fa-5057-b6d1-84b5194d97dd","created":"2021-01-11T20:49:20.832000Z","modified":"2021-10-15T19:14:33.244000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ec7b5d89-1931-41a2-8878-06e61dd8536c","name":"CloudEyE","description":"","source":"Tidal Cyber","associated_software_id":"40ba88ff-8440-45e7-af8a-0fd165f4d4cc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f006ab15-72de-44cf-90bc-cf8a348b9fdc","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"7d906000-fb80-48ce-a1d8-3528df70afa8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"4dbc641c-656e-524b-b7ba-6dc0245cec88","name":"Gustuff","type":"malware","source":"Mobile","software_attack_id":"S0406","tidal_id":"4dbc641c-656e-524b-b7ba-6dc0245cec88","created":"2026-01-28T13:08:09.939467Z","modified":"2026-01-28T13:08:09.939469Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9e41aea6-d4cf-4935-bd13-93d1f2d2a897","name":"gzip","type":"tool","source":"Trellix TIG","software_attack_id":"S3454","tidal_id":"695c3d63-346e-57ac-8a8a-8aae2f76aa4d","created":"2025-04-11T15:06:51.275412Z","modified":"2025-04-11T15:06:51.275416Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"5f1602fe-a4ce-4932-9cf9-ec842f2c58f1","name":"H1N1","type":"malware","source":"MITRE","software_attack_id":"S0132","tidal_id":"ffd79ed1-191a-5325-a6b2-8174d56953ba","created":"2017-05-31T21:33:15.910000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"75db2ac3-901e-4b1f-9a0d-bac6562d57a3","name":"Hacking Team UEFI Rootkit","type":"malware","source":"MITRE","software_attack_id":"S0047","tidal_id":"a0a94c32-b506-5810-846a-07c6be865699","created":"2017-05-31T21:32:35.389000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5edf0ef7-a960-4500-8a89-8c8b4fdf8824","name":"HALFBAKED","type":"malware","source":"MITRE","software_attack_id":"S0151","tidal_id":"62ad56d8-243e-5da0-bfc3-e073436887ea","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye FIN7 April 2017](https://app.tidalcyber.com/references/6ee27fdb-1753-4fdf-af72-3295b072ff10)]</sup><sup>[[FireEye FIN7 Aug 2018](https://app.tidalcyber.com/references/54e5f23a-5ca6-4feb-8046-db2fb71b400a)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"cc07f03f-9919-4856-9b30-f4d88940b0ec","name":"HAMMERTOSS","type":"malware","source":"MITRE","software_attack_id":"S0037","tidal_id":"4d945b6a-abd5-5131-ac8d-61f4c109a4ab","created":"2017-05-31T21:32:29.203000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9b32ba80-6dd9-4e6e-9997-e9ad1ec9ef92","name":"HammerDuke","description":"","source":"MITRE","associated_software_id":"cd5e2212-64ec-4bf0-a533-6143542c8df5","owner_id":null,"owner_name":null},{"id":"d9860d9e-c7dd-440e-ae2e-d8effbc28cf0","name":"NetDuke","description":"","source":"MITRE","associated_software_id":"44c91046-4527-471e-b0d4-a83660594c93","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"87b1fa89-40b6-4b75-9938-9d5c2d5b9299","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4eee3272-07fa-48ee-a7b9-9dfee3e4550a","name":"Hancitor","type":"malware","source":"MITRE","software_attack_id":"S0499","tidal_id":"2614f44e-acf3-54b7-8fec-b6ed4cdad63b","created":"2020-08-12T19:32:56.301000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"16d7bbe3-d369-435d-a696-4a1f1c4e8609","name":"Chanitor","description":"<sup>[[FireEye Hancitor](https://app.tidalcyber.com/references/65a07c8c-5b29-445f-8f01-6e577df4ea62)]</sup>","source":"MITRE","associated_software_id":"0616b745-4181-419f-b723-d60034b7c1b5","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"028c47fe-2fdf-4138-8e9a-85c18a9b99f4","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"7b64dec2-3b3d-42a1-abd3-da0b8d591293","name":"Handala Wiper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3509","tidal_id":"aa88e6b6-9779-5945-ac65-56bc82fc3ce8","created":"2025-07-08T16:59:11.980626Z","modified":"2025-07-08T16:59:11.980631Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Intelligence to Risk Retaliation Window June 23 2025](/references/e7703727-2388-4cf6-ac39-0a2a007019ac)]</sup>","group_attack_id":"G3113","group_id":"9462ee53-0e12-4441-a722-dabf6b3677b9","name":"Handala Hack Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7f4faf11-99ad-479e-90e7-dfe3ee7057c4","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"f454e3a0-a391-443a-a4fd-13eb95b963b8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"63e81f2c-dc40-4441-b2c4-e6eed5a57267","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"057645cd-795f-5f38-9e14-1c0f92615e3e","name":"Hannotog","type":"malware","source":"MITRE","software_attack_id":"S1211","tidal_id":"057645cd-795f-5f38-9e14-1c0f92615e3e","created":"2025-04-22T20:46:56.780038Z","modified":"2025-04-22T20:46:56.780041Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Hannotog](https://app.tidalcyber.com/software/057645cd-795f-5f38-9e14-1c0f92615e3e) is a backdoor associated with [Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) operations.<sup>[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3736e8ba-1d53-4796-948d-9c32874e415f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c2c31b2e-5da6-4feb-80e3-14ea6d0ea7e8","name":"HAPPYWORK","type":"malware","source":"MITRE","software_attack_id":"S0214","tidal_id":"7a14166d-e029-5b66-ac8c-2bcf2191deee","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ad0ae3b7-88aa-48b3-86ca-6a5d8b5309a7","name":"HARDRAIN","type":"malware","source":"MITRE","software_attack_id":"S0246","tidal_id":"b5794589-e18d-594a-ad5a-f530ba889f55","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT HARDRAIN March 2018](https://app.tidalcyber.com/references/ffc17fa5-e7d3-4592-b47b-e12ced0e62a4)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8bd36306-bd4b-4a76-8842-44acb0cedbcc","name":"Havij","type":"tool","source":"MITRE","software_attack_id":"S0224","tidal_id":"3462f273-f03f-5148-88ca-5ba7e3d371e8","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Rocket Kitten](https://app.tidalcyber.com/references/71da7d4c-f1f8-4f5c-a609-78a414851baf)]</sup>","group_attack_id":"G0130","group_id":"e38bcb42-12c1-4202-a794-ec26cd830caa","name":"Ajax Security Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"daafb044-48ec-51a4-a956-42f52745f711","name":"Havoc","type":"malware","source":"MITRE","software_attack_id":"S1229","tidal_id":"daafb044-48ec-51a4-a956-42f52745f711","created":"2025-10-29T21:08:48.110558Z","modified":"2025-10-29T21:08:48.110559Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"1ed1c91d-804a-4704-85ee-b477fa25c540","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7537e629-6864-437a-8c8e-6e28d304fc40","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"76fbe80a-871d-462d-bdcb-1f6b2b1174e0","name":"Havoc (Deprecated)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3452","tidal_id":"eb7b48a6-a118-5ce7-a4cd-f913ada46a7e","created":"2025-03-25T13:16:26.810751Z","modified":"2025-03-25T13:16:26.810754Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c1622ab6-2ae5-45c8-8cf3-e754a69c8192","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ffa13850-1745-410a-9582-d554214edf4d","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"5cf6e862-2af9-4524-9fae-094d5ab25f53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"73c8578b-12c1-421b-8994-d1fe5e3723a0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"392c5a32-53b5-4ce8-a946-226cb533cc4e","name":"HAWKBALL","type":"malware","source":"MITRE","software_attack_id":"S0391","tidal_id":"57bb9959-84d1-58be-a58d-4aada33fcc91","created":"2019-06-20T14:52:45.057000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a7ffe1bd-45ca-4ca4-94da-3b6c583a868d","name":"hcdLoader","type":"malware","source":"MITRE","software_attack_id":"S0071","tidal_id":"66cd4233-b532-5e4f-b661-48a8aeb08802","created":"2017-05-31T21:32:46.890000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Dell Lateral Movement](https://app.tidalcyber.com/references/fcc9b52a-751f-4985-8c32-7aaf411706ad)]</sup><sup>[[ThreatStream Evasion Analysis](https://app.tidalcyber.com/references/de6bc044-6275-4cab-80a1-feefebd3c1f0)]</sup>","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f155b6f9-258d-4446-8867-fe5ee26d8c72","name":"HDoor","type":"malware","source":"MITRE","software_attack_id":"S0061","tidal_id":"b0534c61-d84a-5b58-bf78-15e09d092986","created":"2017-05-31T21:32:40.801000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b347d675-9a6e-4f90-80d5-1574d30a5114","name":"Custom HDoor","description":"","source":"MITRE","associated_software_id":"69aa0c3f-0b9e-44f5-b1fe-0b155cff0a5f","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"26582308-77b8-44e6-9a6d-fe54d6d084c1","name":"HeartCrypt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3633","tidal_id":"e53233f9-6e8e-5471-98ec-1401c614a91d","created":"2025-11-19T17:45:39.373060Z","modified":"2025-11-19T17:45:39.373064Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c3f9cb1f-990b-44a5-ae61-858122420321","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4055c55f-4094-4bc0-828c-75615adc2c51","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"813a4ca1-84fe-42dc-89de-5873d028f98d","name":"HELLOKITTY","type":"malware","source":"MITRE","software_attack_id":"S0617","tidal_id":"c8d0bb9f-c627-5aa3-8062-2af287e5b07a","created":"2021-06-03T20:07:21.788000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8b771d09-fbb9-44c5-9410-4d507722ee12","tag":"4ac8dcde-2665-4066-9ad9-b5572d5f0d28"},{"id":"ad9529d9-c9bc-4dcf-8286-846dc50724d9","tag":"3535caad-a155-4996-b986-70bc3cd5ce1e"},{"id":"363a3fbf-983a-4740-90ca-0c4963692467","tag":"f1ad9eba-f4fd-4aec-92c0-833ac14d741b"},{"id":"c81bf46e-27f0-471f-9055-1e3798ffe466","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"662babe3-d738-4915-a884-1c09716deea7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"345d0305-7953-413f-9ad5-09e0dab8c12d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"d6560c81-1e7e-4d01-9814-4be4fb43e655","name":"Helminth","type":"malware","source":"MITRE","software_attack_id":"S0170","tidal_id":"10b07e4d-d209-5d61-a31e-52ea55676499","created":"2018-01-16T16:13:52.465000Z","modified":"2020-03-28T21:35:13.610000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)]</sup><sup>[[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)]</sup><sup>[[Crowdstrike Helix Kitten Nov 2018](https://app.tidalcyber.com/references/3fc0d7ad-6283-4cfd-b72f-5ce47594531e)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1d4d8ddf-efb1-4527-91ec-8bf891fdae5e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1aba837f-63bc-542e-a89a-af1be59f2a06","name":"HenBox","type":"malware","source":"Mobile","software_attack_id":"S0544","tidal_id":"1aba837f-63bc-542e-a89a-af1be59f2a06","created":"2026-01-28T13:08:09.938735Z","modified":"2026-01-28T13:08:09.938737Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"293d1c9e-27ad-4ea0-a11c-d07960856f0c","name":"Henos","type":"malware","source":"Tidal Cyber","software_attack_id":"S3966","tidal_id":"c795a947-f552-50e4-a1a8-01856aea9181","created":"2026-01-23T20:31:09.435508Z","modified":"2026-01-23T20:31:09.435511Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","group_attack_id":"G3210","group_id":"abc6d74d-e425-4181-93ed-bb16f911871b","name":"Donot Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6e7f3138-913d-4234-a677-1d8df355bbff","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"379b79e1-578b-4b54-89f9-819d4da2fbdf","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"a96c8873-df06-4df7-ba71-2bc0857278cd","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"bc34c94b-bc95-494f-a181-e4baa43efc07","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f43cea23-9a98-4a46-99a0-3fe94c20e00a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"3bc4cf47-289f-489e-9b37-c1fb0cadd7a9","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"c6f672fb-783b-4d61-8cef-9a4b7f964041","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6c747b22-27e7-4e79-bdfb-d2840973fb15","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f0456f14-4913-4861-b4ad-5e7f3960040e","name":"HermeticWiper","type":"malware","source":"MITRE","software_attack_id":"S0697","tidal_id":"8f9b1298-cf2c-5063-b2e4-ad963609633b","created":"2022-03-25T18:30:08.906000Z","modified":"2022-10-18T23:19:38.268000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ca36b443-0ec3-445c-a96e-aadf358d82a0","name":"Trojan.Killdisk","description":"<sup>[[CISA AA22-057A Destructive Malware February 2022](https://app.tidalcyber.com/references/18684085-c156-4610-8b1f-cc9646f2c06e)]</sup><sup>[[Symantec Ukraine Wipers February 2022](https://app.tidalcyber.com/references/3ed4cd00-3387-4b80-bda8-0a190dc6353c)]</sup>","source":"MITRE","associated_software_id":"85c3ad5c-ab5d-47b7-ba05-88daf017f1bd","owner_id":null,"owner_name":null},{"id":"0303659d-225e-4f5e-99e2-b9e0caa62b22","name":"DriveSlayer","description":"<sup>[[Crowdstrike PartyTicket March 2022](https://app.tidalcyber.com/references/8659fea7-7d65-4ee9-8ceb-cf41204b57e0)]</sup><sup>[[Crowdstrike DriveSlayer February 2022](https://app.tidalcyber.com/references/4f01e901-58f8-4fdb-ac8c-ef4b6bfd068e)]</sup>","source":"MITRE","associated_software_id":"5375e2bd-be8e-4c7b-8173-74ff4f3598b4","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"f1e1603d-0335-440a-8c5a-075dd903beb9","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"36ddc8cd-8f80-489e-a702-c682936b5393","name":"HermeticWizard","type":"malware","source":"MITRE","software_attack_id":"S0698","tidal_id":"3bf9a440-6ef7-5ace-8c6b-ca67c2d39ee5","created":"2022-03-25T20:47:06.942000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"438405fa-3353-42d5-882f-31fc720a785a","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"6fe9680e-7f3e-5b99-90a2-0f36b85e16cc","name":"HexEval Loader","type":"malware","source":"MITRE","software_attack_id":"S1249","tidal_id":"6fe9680e-7f3e-5b99-90a2-0f36b85e16cc","created":"2025-10-29T21:08:48.110652Z","modified":"2025-10-29T21:08:48.110653Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Socket Contagious Interview NPM April 2025](https://app.tidalcyber.com/references/487a2a0a-6126-525a-ae04-f7044c2fc970)]</sup><sup>[[Socket BeaverTail XORIndex HexEval Contagious Interview July 2025](https://app.tidalcyber.com/references/e6c60330-0147-5709-8f2a-693aca8ca10c)]</sup><sup>[[Socket HexEval BeaverTail Contagious Interview June 2025](https://app.tidalcyber.com/references/4a1ffc4e-adbc-5347-ae82-3b311c4dcf6a)]</sup>","group_attack_id":"G1052","group_id":"b436d32f-2667-5e00-a3d8-f58d2d5666d4","name":"Contagious Interview","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1841a6e8-6c23-46a1-9c81-783746083764","name":"Heyoka Backdoor","type":"malware","source":"MITRE","software_attack_id":"S1027","tidal_id":"c71d12c6-bbb2-5792-ae28-91940bb8c84b","created":"2022-07-25T18:18:32.811000Z","modified":"2022-10-19T21:54:52.549000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelOne Aoqin Dragon June 2022](https://app.tidalcyber.com/references/b4e792e0-b1fa-4639-98b1-233aaec53594)]</sup>","group_attack_id":"G1007","group_id":"454402a3-0503-45bf-b2e0-177fa2e2d412","name":"Aoqin Dragon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6454b1c6-e2ac-46be-8995-e928d2677c88","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"48d60461-31a8-474b-a171-77ad1f2aaa7f","name":"HFS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3440","tidal_id":"16f3ae46-6bd2-54eb-8a0d-8b207c670c0c","created":"2025-02-24T20:29:03.293631Z","modified":"2025-02-24T20:29:03.293636Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7a7bb53-51cb-4cc8-bdcb-35d2f3663750","name":"HTTP File Server","description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","source":"Tidal Cyber","associated_software_id":"21594ab2-4607-4a2d-89ed-2245ba3442f8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ef65501c-1261-4cc1-b00f-dfbcd41ec97e","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"cb77e3d2-08a9-45b4-9ebb-2cfc86d873be","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4335a1e9-27dc-4ecb-b47d-f3f65aa250d6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9ac0fd5d-612a-4cfc-9b1e-ab7f5118e296","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1f87d3e3-5a11-4183-9ee0-3b8104ef3e30","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"8e083bca-22e0-499f-b645-5e137b29c7e3","tag":"d20efbce-b76a-434b-aab7-5b268ed4b2e6"}],"owner_name":"TidalCyberIan"},{"id":"5a0d0b83-5a10-425c-98f7-6cb8eb76fda4","name":"Hh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3231","tidal_id":"707290f9-9af5-5e90-9b91-e6b408e83f31","created":"2024-01-12T14:47:53.426857Z","modified":"2024-01-12T14:47:53.426861Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"acbf1a21-fa53-4553-8dba-e99b4051b9e0","name":"Hh.exe","description":"<sup>[[Hh.exe - LOLBAS Project](/references/4e09bfcf-f5be-46c5-9ebf-8742ac8d1edc)]</sup>","source":"Tidal Cyber","associated_software_id":"8e6a3da3-bab4-40d8-b501-b6a986cbf2df","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e8ad56e4-db34-4c71-a450-e8da25c5f140","tag":"7d028d1e-7a95-47f0-9367-55517f9ef170"},{"id":"e30d7fc9-bd22-4f5e-bf0f-ecd00b024a74","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c344e3c8-596f-44a6-9bbc-1a1a89e86693","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a2030633-2fcc-4a00-83f4-cf65789e5a63","name":"HiddenFace","type":"malware","source":"Tidal Cyber","software_attack_id":"S3464","tidal_id":"17e72187-b7f2-5cbb-9d21-a7522c62b714","created":"2025-04-11T15:33:56.899111Z","modified":"2025-04-11T15:33:56.899115Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b71b520a-b5fe-4469-8a08-6fd6e9097d74","name":"NOOPDOOR","description":"<sup>[[The Hacker News MirrorFace January 9 2025](/references/38bfe50e-6526-48ee-9797-e403d3a431dd)]</sup>","source":"Tidal Cyber","associated_software_id":"9f7be70e-bc98-4f75-9584-e5fa23be4cb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e71786c6-2058-4219-ada8-d115ca3664d6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"57e72c49-daca-4e46-9268-facd5cc831ae","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"edbaa3cd-b60e-417d-85c4-f9177edd7b0d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ec02fb9c-bf9f-404d-bc54-819f2b3fb040","name":"HiddenWasp","type":"malware","source":"MITRE","software_attack_id":"S0394","tidal_id":"4ca59514-6544-5fa1-b85e-c13fb755fc1f","created":"2019-06-24T12:04:32.323000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ce1af464-0b14-4fe9-8591-a6fe58aa96c7","name":"HIDEDRV","type":"malware","source":"MITRE","software_attack_id":"S0135","tidal_id":"a73958cf-857e-5c08-80b4-4d009da47454","created":"2017-05-31T21:33:17.272000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"beb49db2-121c-49b2-9d1d-2e43d68e7b69","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"3564e4aa-8ffa-4f6f-876a-21f85da71bf0","name":"HijackLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3774","tidal_id":"999256d6-8ba7-5941-bbdc-9e53ba18004e","created":"2025-12-17T14:18:52.987208Z","modified":"2025-12-17T14:18:52.987211Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3172","group_id":"1678d6dc-8e4f-4edc-8360-802985bd7846","name":"GrayBravo","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3173","group_id":"7e4dd0e2-4fa0-4dd5-ad0e-41aa9effe8bf","name":"TAG-160","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"32205908-01b2-4f0b-9046-42e5c365e4ae","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"446c7d7d-2b91-4580-80c6-a9c41f6b5e98","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8046c80c-4339-4cfb-8bfd-464801db2bfe","name":"Hikit","type":"malware","source":"MITRE","software_attack_id":"S0009","tidal_id":"64dfdbb7-00c7-57ad-b42a-19f41e979b5d","created":"2017-05-31T21:32:14.124000Z","modified":"2022-01-12T16:21:44.692000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup><sup>[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4c590ebd-f748-5136-aa0a-38643ede8e60","name":"HilalRAT","type":"malware","source":"Mobile","software_attack_id":"S1128","tidal_id":"4c590ebd-f748-5136-aa0a-38643ede8e60","created":"2026-01-28T13:08:09.938196Z","modified":"2026-01-28T13:08:09.938198Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[Meta Adversarial Threat Report 2022](https://app.tidalcyber.com/references/896f8600-6b56-5fab-8076-2e8e5dccbc18)]</sup>","group_attack_id":"G1029","group_id":"51150c81-01de-50ed-a178-85ff0255c79f","name":"UNC788","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"7ef8cd3a-33cf-43bb-a3b8-a78fc844ce0c","name":"Hildegard","type":"malware","source":"MITRE","software_attack_id":"S0601","tidal_id":"f912215e-3959-5611-a690-fb073c237975","created":"2021-04-07T18:07:47.604000Z","modified":"2021-10-16T01:49:39.189000Z","platforms":[{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"},{"id":"69826802-7b16-5c4e-92f5-72f9354e29e5","name":"GCP"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"996aa968-bd71-5b30-9b76-eaab9a19a1c8","name":"AWS"},{"id":"6724c79a-34f2-51ed-8644-a6c106ccadd2","name":"Azure"},{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 Hildegard Malware](https://app.tidalcyber.com/references/0941cf0e-75d8-4c96-bc42-c99d809e75f9)]</sup>","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"de9f519f-e205-44f9-bf61-d68f9fa55077","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"b29cbce6-5eec-493a-a634-1d0a823f0a0e","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"d45d0c9e-192d-4063-a9d8-66d56ce77245","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"1e8a8e8d-df07-40a2-a4a4-89f188e8ce74","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"},{"id":"af9665fc-b7bd-4c3f-a5a7-4b78fb15ccf8","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"}],"owner_name":null},{"id":"b34f2449-bab5-4422-84e0-ad9ba00f0a96","name":"HISONIC","type":"malware","source":"Tidal Cyber","software_attack_id":"S3758","tidal_id":"1e0fb2c5-eac5-519c-90ad-267689794a97","created":"2025-12-17T14:18:50.533637Z","modified":"2025-12-17T14:18:50.533640Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3160","group_id":"1313da23-bbc5-4724-a278-fd6ca5e561f0","name":"Earth Lamia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3161","group_id":"2b008386-ffdc-433d-9b09-1e2cf4f3a4a4","name":"Jackpot Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3163","group_id":"a80c62db-7e04-44a8-8692-945aa22e09d6","name":"UNC6586","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3164","group_id":"0ca3cd2f-9650-4b70-9a65-6a5b512554ca","name":"UNC6588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3165","group_id":"5f8d373c-6992-4a2b-8a86-a16cbd45165a","name":"UNC6595","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3166","group_id":"d92dff67-9704-4503-ad57-867bea3e6bfa","name":"UNC6600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3167","group_id":"0e6985de-e4c1-494b-8901-9aa491202f6f","name":"UNC6603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"be9527f1-47dc-4935-9fbf-22260e6f66b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d8d90016-3f3b-48fd-9874-86a5a9372269","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8084cb3d-725e-586f-a238-5292bb224d94","name":"HIUPAN","type":"malware","source":"MITRE","software_attack_id":"S1230","tidal_id":"8084cb3d-725e-586f-a238-5292bb224d94","created":"2025-10-29T21:08:48.110767Z","modified":"2025-10-29T21:08:48.110768Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[2025_IBM_PUBLOAD_TONESHELL_HIUPAN_CLAIMLOADER_MUSTANG PANDA](https://app.tidalcyber.com/references/386af393-d4be-5590-9b9e-592d30d431f8)]</sup><sup>[[Trend Micro MUSTANG PANDA PUBLOAD HIUPAN SEPTEMBER 2024](https://app.tidalcyber.com/references/0e593cd3-19fd-597a-9788-2356c31bfa09)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f8148bc6-bed8-47d2-93a2-8c6af74bf8b2","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"d4f74243-0d2d-4095-b66a-6d8291019125","name":"HIUPAN (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3174","tidal_id":"d5349063-4003-59d3-800e-faa54c0db309","created":"2024-09-13T19:21:24.419787Z","modified":"2024-09-13T19:21:24.419790Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e272665e-bd73-46b5-8f94-211a0a805e6d","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"5453e806-3186-4c97-a442-90276342bafe","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4210c4a8-74a7-48ca-ab0b-175b748762d8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ee3315ab-68ab-4e22-9ebe-f0e57ee6db39","name":"Hive Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3390","tidal_id":"3fc9b3fe-54f6-5be0-91b3-0f10cd36ec7d","created":"2024-10-04T20:33:22.079722Z","modified":"2024-10-04T20:33:22.079726Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]</sup>","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2f2ed963-fca4-4368-8630-8be9b8d50070","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"e86bc61d-6155-488e-9a2d-33ba8d484e2c","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"50504e7e-2f6b-47e2-8fc4-bbfce241f002","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"71689c04-0c90-456b-ba4d-165a1a940a2d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"286184d9-f28a-4d5a-a9dd-2216b3c47809","name":"Hi-Zor","type":"malware","source":"MITRE","software_attack_id":"S0087","tidal_id":"7424bbf7-e73b-5334-b1ea-a6de3d4e27fa","created":"2017-05-31T21:32:56.860000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"408f0f00-7376-4a1c-a600-be9477a93813","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d0672414-f683-4777-9ba6-25c83ca44677","name":"Hlpdrv.sys","type":"malware","source":"Tidal Cyber","software_attack_id":"S3816","tidal_id":"e451a1a2-5915-5dbd-8dac-49d8d5a983a8","created":"2025-12-24T14:57:29.242794Z","modified":"2025-12-24T14:57:29.242797Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8a62a9e3-55f7-406d-8a19-675718235908","name":"Malicious Driver","description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","source":"USER","associated_software_id":"5c221a8f-b5ed-4ba9-9fd5-cc54fd85b35a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e3423f25-6c28-4566-9243-8a8901fc9848","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"4b83da4c-bad2-43dc-80d1-d3ea7d5a8081","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"d140e477-ede9-4ab7-b598-352384e64274","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"52044362-7bdd-46b3-8dd6-e9d207e9c0ba","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"16db13f2-f350-4323-96cb-c5f4ac36c3e0","name":"HOMEFRY","type":"malware","source":"MITRE","software_attack_id":"S0232","tidal_id":"59ea2b30-fd34-5543-8d8d-75e82b6d663d","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a45bd597-3953-41b2-ab30-4d42ff4adf4a","name":"HOMESTEEL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3600","tidal_id":"e0f854f2-5f60-50d3-93ee-0676c17e9460","created":"2025-10-17T17:09:54.651941Z","modified":"2025-10-17T17:09:54.651943Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERT-UA New cyber threats October 08 2025](/references/35467d53-626d-4c81-9f8e-ff9c24b7666b)]</sup>","group_attack_id":"G3141","group_id":"facdd29f-0455-4822-8f84-d5ac44c66d32","name":"UAC-0218","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1439ed69-5938-438b-b7bd-7389b04c3b49","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"420d6ff6-959b-47d8-b43e-202e65120dd7","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"27e2fa59-1b3b-4ece-b462-6a3e41161c52","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"ce52cfb7-6dcd-414b-8ba8-c0c5e89c317a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5f6b96df-7376-4d7b-b955-0ff66f497bb7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4d94594c-2224-46ca-8bc3-28b12ed139f9","name":"HOPLIGHT","type":"malware","source":"MITRE","software_attack_id":"S0376","tidal_id":"a2bc2697-d3d1-5954-9f88-bcf0208fc514","created":"2019-04-19T15:30:36.593000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT HOPLIGHT Apr 2019](https://app.tidalcyber.com/references/e722b71b-9042-4143-a156-489783d86e0a)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA20-239A BeagleBoyz August 2020](https://app.tidalcyber.com/references/a8a2e3f2-3967-4e82-a36a-2436c654fb3f)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e0a5265b-7b7b-52e7-809c-412cec9bb5ce","name":"Hornbill","type":"malware","source":"Mobile","software_attack_id":"S1077","tidal_id":"e0a5265b-7b7b-52e7-809c-412cec9bb5ce","created":"2026-01-28T13:08:09.937617Z","modified":"2026-01-28T13:08:09.937619Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[lookout_hornbill_sunbird_0221](https://app.tidalcyber.com/references/50f48f4b-64ee-5ce0-a34b-610985db617d)]</sup>","group_attack_id":"G0142","group_id":"d0f29889-7a9c-44d8-abdc-480b371f7b2b","name":"Confucius","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"a00e7fcc-b4e8-4f64-83d2-f9db64f0f3fe","name":"HotCroissant","type":"malware","source":"MITRE","software_attack_id":"S0431","tidal_id":"7151e53a-1f35-526b-a97c-fa87687def73","created":"2020-05-01T19:10:31.446000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT HOTCROISSANT February 2020](https://app.tidalcyber.com/references/db5c816a-2a23-4966-8f0b-4ec86cae45c9)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"4a5d22a3-91c9-4026-b2aa-48e539cb3ca4","name":"HRSword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3494","tidal_id":"14ba00bf-d6ed-513f-8b64-d9e3d1fb124d","created":"2025-06-10T15:50:59.655959Z","modified":"2025-06-10T15:50:59.655962Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","group_attack_id":"G3134","group_id":"45a5d563-0e93-405a-ae8c-cca71e88f441","name":"J Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f8b9e05e-6518-4c71-bcc4-1c931382d27c","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"25b80ef6-82f1-4cd2-b1c2-0a4a467eb0fc","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"da8b0598-3646-4bfc-8861-7bc71556c6e6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ae5b0d75-ee00-4f47-9efd-a23d0349aa20","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"4f32a29b-92d5-4c48-a4ae-6092b1639e66","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"480f461b-1d62-4743-b303-48afda8eb29e","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"e69192c2-1cb9-4714-b597-30da9ee6ca77","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c5cd43d0-7050-48de-a88b-6f8162fec5f8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b98d9fe7-9aa3-409a-bf5c-eadb01bac948","name":"HTRAN","type":"tool","source":"MITRE","software_attack_id":"S0040","tidal_id":"d95b0333-7642-5496-a5b9-74379e9e41ae","created":"2017-05-31T21:32:32.011000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"12a85307-c7c4-4388-978e-a32b47544c2e","name":"HUC Packet Transmit Tool","description":"<sup>[[Operation Quantum Entanglement](https://app.tidalcyber.com/references/c94f9652-32c3-4975-a9c0-48f93bdfe790)]</sup>","source":"MITRE","associated_software_id":"033ae561-8c4e-4b67-995b-b408c39a5c31","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Trend Micro IXESHE 2012](https://app.tidalcyber.com/references/fcea0121-cd45-4b05-8c3f-f8dad8c790b3)]</sup>","group_attack_id":"G0005","group_id":"225314a7-8f40-48d4-9cff-3ec39b177762","name":"APT12","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup><sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f3578249-26eb-486e-be52-59eb39da799e","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"c4fe23f7-f18c-40f6-b431-0b104b497eaa","name":"HTTPBrowser","type":"malware","source":"MITRE","software_attack_id":"S0070","tidal_id":"11e2bb92-1d49-5fe6-8c42-17da019c2ae7","created":"2017-05-31T21:32:46.445000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1a0c9f6c-1d5e-4246-ab14-99c3f95069a9","name":"Token Control","description":"","source":"MITRE","associated_software_id":"e0a43dd6-f2c2-4468-bbb8-7413097b6cf3","owner_id":null,"owner_name":null},{"id":"c5397b7f-9112-4253-ab17-1af3aa3d22db","name":"HttpDump","description":"<sup>[[ThreatConnect Anthem](https://app.tidalcyber.com/references/61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec)]</sup>","source":"MITRE","associated_software_id":"ae7376fa-b847-4417-bb29-f0316d507a30","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]</sup><sup>[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]</sup><sup>[[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)]</sup><sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[RSA2017 Detect and Respond Adair](https://app.tidalcyber.com/references/005a276c-3369-4d29-bf0e-c7fa4e7d90bb)]</sup>","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"bf19eba4-7ea1-4c24-95c6-6bcfb44f4c49","name":"httpclient","type":"malware","source":"MITRE","software_attack_id":"S0068","tidal_id":"f7f7a690-0678-589f-b893-68718772671d","created":"2017-05-31T21:32:45.315000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]</sup>","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2df88e4e-5a89-5535-ae1a-4c68b19d9078","name":"HUI Loader","type":"malware","source":"MITRE","software_attack_id":"S1097","tidal_id":"0e529349-a10c-54e3-b191-22ac3e3f2e6e","created":"2024-04-25T13:28:18.731943Z","modified":"2024-04-25T13:28:18.731946Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022](https://app.tidalcyber.com/references/0b275cf9-a885-58cc-b859-112090a711e3)]</sup><sup>[[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]</sup>","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022](https://app.tidalcyber.com/references/0b275cf9-a885-58cc-b859-112090a711e3)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3e8da2f6-a2e7-5278-839d-1a7bb1647af3","name":"HummingBad","type":"malware","source":"Mobile","software_attack_id":"S0322","tidal_id":"3e8da2f6-a2e7-5278-839d-1a7bb1647af3","created":"2026-01-28T13:08:09.938891Z","modified":"2026-01-28T13:08:09.938892Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c1fecc4c-7844-50d0-aecc-a0b5ddf75839","name":"HummingWhale","type":"malware","source":"Mobile","software_attack_id":"S0321","tidal_id":"c1fecc4c-7844-50d0-aecc-a0b5ddf75839","created":"2026-01-28T13:08:09.938289Z","modified":"2026-01-28T13:08:09.938290Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f90c6a11-2f2a-4ec1-996b-7a62e425d1d4","name":"Hunters International Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3391","tidal_id":"58086c01-c253-5f1a-ade0-7fb5560c7909","created":"2024-10-04T20:33:22.261240Z","modified":"2024-10-04T20:33:22.261245Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Bitdefender Hunters International November 9 2023](/references/ae0a88d6-bd46-4b22-bfb1-25003bfe83d7)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0e7b12d1-8a2e-4b8d-9495-c954de4ae60c","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"7be4f115-2d5f-499e-8067-ecc3c62b0943","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"7cd06522-5cff-4f2b-a698-5da4f529cfb9","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"460e417a-199e-47b7-8339-135008e5b600","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"d8f8aab7-a26d-4d4d-b8a8-5dde47904f32","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f296fb12-1d5a-4019-b9d5-7e082386abcf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4ffbca79-358a-4ba5-bfbb-dc1694c45646","name":"Hydraq","type":"malware","source":"MITRE","software_attack_id":"S0203","tidal_id":"3754ad8c-1276-555e-af85-b93f60989221","created":"2018-04-18T17:59:24.739000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a68cc5bd-23a2-40a7-9576-c50d26702d81","name":"9002 RAT","description":"<sup>[[MicroFocus 9002 Aug 2016](https://app.tidalcyber.com/references/a4d6bdd1-e70c-491b-a569-72708095c809)]</sup>","source":"MITRE","associated_software_id":"b5319b1f-bc11-4e2b-8018-f5cb021fbc4f","owner_id":null,"owner_name":null},{"id":"dd0bc3f5-c55b-4be5-875d-a240b55a8775","name":"McRat","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"909a0326-a18f-4c92-8f57-f3dc18df4cd5","owner_id":null,"owner_name":null},{"id":"1c724041-1424-4431-b35e-e731a886dfcb","name":"Roarur","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"6289f8d1-0b84-47ff-ba58-cfd3e14776d7","owner_id":null,"owner_name":null},{"id":"c3116a93-2c85-40b3-8c38-b6914bf8e52c","name":"Aurora","description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup><sup>[[Symantec Trojan.Hydraq Jan 2010](https://app.tidalcyber.com/references/10bed842-400f-4276-972d-5fca794ea778)]</sup>","source":"MITRE","associated_software_id":"259df672-c6da-4aa9-9bdb-4bc2031ad5c4","owner_id":null,"owner_name":null},{"id":"95d5fcdf-cc1e-4ebe-bb3e-7e23083f8305","name":"HidraQ","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"bfb0d570-1fd7-406c-bce3-f9185b1049cf","owner_id":null,"owner_name":null},{"id":"b066e03b-37be-4d57-822a-9eed4d5e83ff","name":"MdmBot","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"6c573ae8-c8be-47df-8f2c-37cf44682526","owner_id":null,"owner_name":null},{"id":"2d063ba3-d6c7-4e2c-b224-1894b230a870","name":"Homux","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"18a743ce-f743-41af-8769-af48e3e327b8","owner_id":null,"owner_name":null},{"id":"1c5cde21-0bdc-41db-8090-f4ad65fb5cef","name":"HomeUnix","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"dd780c01-a937-4658-83bd-46a65c054c94","owner_id":null,"owner_name":null},{"id":"19dfc9b6-80c7-4fdc-9899-efa6d85f45bb","name":"HydraQ","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"af34fe17-6c8c-4acb-af9a-e5690b6badf2","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]</sup>","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup><sup>[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"57cec527-26fb-44a1-b1a9-506a3af2c9f2","name":"HyperBro","type":"malware","source":"MITRE","software_attack_id":"S0398","tidal_id":"c2248993-caff-508e-9133-5187db271561","created":"2019-07-09T17:42:44.777000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)]</sup><sup>[[Securelist LuckyMouse June 2018](https://app.tidalcyber.com/references/f974708b-598c-46a9-aac9-c5fbdd116c2a)]</sup><sup>[[Hacker News LuckyMouse June 2018](https://app.tidalcyber.com/references/de78446a-cb46-4422-820b-9ddf07557b1a)]</sup><sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup><sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b6f3848a-b778-4fbd-85f1-16527bd428e4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ba3236e9-c86b-4b5d-89ed-7f71940a0588","name":"HyperStack","type":"malware","source":"MITRE","software_attack_id":"S0537","tidal_id":"afb6251f-abd9-539e-b1bc-8ee667778e7b","created":"2020-12-02T20:48:23.462000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Accenture HyperStack October 2020](https://app.tidalcyber.com/references/680f2a0b-f69d-48bd-93ed-20ee2f79e3f7)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3879272d-741f-4e39-a19d-8ac75c3121e8","name":"ICACLS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3670","tidal_id":"6dcd7986-4169-5b2d-b329-a7f9baecfe06","created":"2025-12-10T14:14:51.418468Z","modified":"2025-12-10T14:14:51.418471Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason The Gentlemen November 18 2025](/references/bc7807fd-020a-42b4-a311-1a1673a8f90a)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9edc58f4-b913-4dce-9c5c-e08651ab7028","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f83d5739-c37f-438e-bd36-e7193849fca0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5a73defd-6a1a-4132-8427-cec649e8267a","name":"IceApple","type":"malware","source":"MITRE","software_attack_id":"S1022","tidal_id":"74638186-f53d-5e2e-aa65-44866705f298","created":"2022-06-27T15:22:22.979000Z","modified":"2022-07-25T16:03:40.451000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"7f59bb7c-5fa9-497d-9d8e-ba9349fd9433","name":"IcedID","type":"malware","source":"MITRE","software_attack_id":"S0483","tidal_id":"37e8ccfe-0a2a-5727-b4f3-8c848d2075de","created":"2020-07-15T17:55:11.252000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]</sup>","group_attack_id":"G1038","group_id":"b47551ba-8036-5527-abba-fed787c854a5","name":"TA578","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Valak May 2020](https://app.tidalcyber.com/references/235d1cf1-2413-4620-96cf-083d348410c2)]</sup><sup>[[Unit 42 Valak July 2020](https://app.tidalcyber.com/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)]</sup><sup>[[Unit 42 TA551 Jan 2021](https://app.tidalcyber.com/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]</sup><sup>[[Secureworks GOLD CABIN](https://app.tidalcyber.com/references/778babec-e7d3-4341-9e33-aab361f2b98a)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Google TAG Ukraine IABs September 7 2022](/references/848da19d-b02d-4b78-b3c1-a72d5034fd45)]</sup>","group_attack_id":"G3077","group_id":"9d665cc1-8ecc-4064-8221-c74bd6ffd97a","name":"UAC-0098","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[EclecticIQ August 16 2024](/references/79e0a74f-799f-445e-a677-cc08e66f3113)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"7890bf24-e793-4e24-8f68-f5c42e229070","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"0f76b182-230a-41b7-828a-f892138beaf6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1c0ab9a0-eb02-4428-a319-83a504e1b22b","name":"Idumper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3159","tidal_id":"91c5bdfd-2696-5599-b23d-4297ff8df62c","created":"2024-09-04T12:51:12.106262Z","modified":"2024-09-04T12:51:12.106266Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"88130923-f148-4d4b-b29f-398e4b484f5f","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"204a0597-c949-4e65-9c1f-4bd2af4ea879","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"86d4b84e-3b5b-4e19-ac7d-1d9603203ee3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"332e37c0-63fe-4e99-85a9-94210d42c21d","name":"Ie4uinit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3233","tidal_id":"2f62bbc9-062a-5e74-a788-8690f5043468","created":"2024-01-12T14:47:54.210316Z","modified":"2024-01-12T14:47:54.210320Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4dfd5be2-3e5d-4519-b431-df051c43fceb","name":"Ie4uinit.exe","description":"<sup>[[Ie4uinit.exe - LOLBAS Project](/references/01f9a368-5933-47a1-85a9-e5883a5ca266)]</sup>","source":"Tidal Cyber","associated_software_id":"a211a6fa-b203-46df-b2d2-244a92bd310c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"cea07724-6a2c-40e5-940c-d02e47da4c2e","tag":"f32f1513-7277-4257-9c35-c8ab3da17c84"},{"id":"5cecc3fa-2052-45da-9937-5093e91f313b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d40f3000-a013-46ad-9eda-02b81c282843","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e1aa3cbd-2337-47d6-b6b0-beb5d1bbfc1e","name":"Ieadvpack","type":"tool","source":"Tidal Cyber","software_attack_id":"S3311","tidal_id":"87458e44-d3e3-51dd-80c0-219c250f3849","created":"2024-01-12T14:48:21.785056Z","modified":"2024-01-12T14:48:21.785060Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d97d63bc-8649-47f0-bc00-f53fd189ea75","name":"Ieadvpack.dll","description":"<sup>[[Ieadvpack.dll - LOLBAS Project](/references/79943a49-23d6-499b-a022-7c2f8bd68aee)]</sup>","source":"Tidal Cyber","associated_software_id":"da3647b2-1431-4292-affb-9e24d647a6fe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"35c58a1d-1e2a-43d4-9d12-2d15fc5bc78c","tag":"e794994d-c38a-44d9-9253-53191ca9e56b"},{"id":"e243d77c-d66b-4346-b929-17c30cd86d5b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d5e8c938-81d4-4178-a25e-adc1c39b2213","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1feba268-9fff-495f-94e9-5b46336bff3b","name":"iediagcmd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3234","tidal_id":"eaee1490-ce5c-5dc8-97c4-a8b1301baa79","created":"2024-01-12T14:47:54.585205Z","modified":"2024-01-12T14:47:54.585209Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ad6c5eef-c940-4c56-ad58-39336d0fcf3e","name":"iediagcmd.exe","description":"<sup>[[iediagcmd.exe - LOLBAS Project](/references/de238a18-2275-497e-adcf-453a016a24c4)]</sup>","source":"Tidal Cyber","associated_software_id":"8d176fe1-a0f6-48a6-a0d8-ac71faddcc0c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"33c5e23b-42b4-428a-9eac-639f6c1bc3bd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"22b970ca-7e2c-41e6-bd3e-2545a074a897","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7ede205-4d50-42c3-92d0-4988aca5c4a1","name":"Ieexec","type":"tool","source":"Tidal Cyber","software_attack_id":"S3235","tidal_id":"5b34b55b-662f-5c43-b09e-0a941b621708","created":"2024-01-12T14:47:54.961405Z","modified":"2024-01-12T14:47:54.961409Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4450e721-4fe6-4e03-88db-d8793ba3df42","name":"Ieexec.exe","description":"<sup>[[Ieexec.exe - LOLBAS Project](/references/91f31525-585d-4b71-83d7-9b7c2feacd34)]</sup>","source":"Tidal Cyber","associated_software_id":"77a7429e-b1bb-4172-9fc5-3a37a4cedddc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ff758969-a41a-467c-b443-6cf2c564b7ef","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a0469d97-3735-451f-9836-97084f053fea","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"57072f02-06c1-4267-b665-fbbf72b96bb4","name":"Ieframe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3312","tidal_id":"a35dc9fa-6b3f-5eeb-9e2f-be4220dc50ee","created":"2024-01-12T14:48:22.143743Z","modified":"2024-01-12T14:48:22.143747Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a21f5def-f93d-4692-b575-5af953594e52","name":"Ieframe.dll","description":"<sup>[[Ieframe.dll - LOLBAS Project](/references/aab9c80d-1f1e-47ba-954d-65e7400054df)]</sup>","source":"Tidal Cyber","associated_software_id":"567ab907-8765-400b-8dd5-61182ddd8db6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dfe5a511-c89b-4f7e-bf8a-931fb4faea34","tag":"fc23fb85-8c48-4f0b-aeb6-b78fd6e25e0a"},{"id":"07c73f07-3458-4cb0-94d0-17e8ed5446c7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a50517be-e451-46f8-a6ed-1f2673463216","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9dbf0edc-2ac3-4dcb-9ba3-13e8e5e145c1","name":"iexplore.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3621","tidal_id":"de44467b-a9ac-5e40-9838-f5b229913ccd","created":"2025-11-11T13:26:33.978955Z","modified":"2025-11-11T13:26:33.978960Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b1acf4d1-e964-4ec8-9d74-86b1b78c6162","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"8216ae2e-83eb-421e-afb8-fcb675bb7636","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0c771237-2fc4-48ac-b2d0-af9cc2b7bec5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"93ab16d1-625e-4b1c-bb28-28974c269c47","name":"ifconfig","type":"tool","source":"MITRE","software_attack_id":"S0101","tidal_id":"c8db3d3e-b49c-5092-9916-bba271331307","created":"2017-05-31T21:33:03.377000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f2a1556a-6e1e-43bd-aeff-109a50a52366","name":"iinneldc.dll","type":"malware","source":"Tidal Cyber","software_attack_id":"S3884","tidal_id":"3d739955-4a70-5363-9557-b95a00d485f1","created":"2026-01-06T18:05:08.020024Z","modified":"2026-01-06T18:05:08.020028Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"686a7507-af6c-4790-bf5e-59db0f2993af","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"d6c31944-2f58-41e5-b3c8-5e8a1d55178a","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"230af532-68e4-41a2-abd3-155d069f14e7","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"19f04e01-8ac3-4670-81b4-5bfe98ddb491","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e9ec1151-fe34-485f-88f8-a1f4df223d1a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2c826a8e-b8e0-4858-acbc-11ae3b7db8ff","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2f70ec08-a924-4321-9c24-c15f1eb09a3c","name":"IIServerCore","type":"malware","source":"Tidal Cyber","software_attack_id":"S3570","tidal_id":"0f4c5750-ef8a-5dfd-9404-8afd7970121f","created":"2025-10-13T17:29:21.983918Z","modified":"2025-10-13T17:29:21.983923Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"cccfbd9c-f75c-4333-9515-77e0501920db","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"2f018fd5-ca65-45d5-91a3-c80ed05686ca","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"60f9b25c-3941-4de3-978f-eb259c6caa44","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"6b85bab5-16f6-409d-9c99-9633812c546d","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"683b602b-2950-4a52-9ff2-8dc1c87bb3ae","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f100da1e-b975-4457-8cbc-82df54209294","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"71098f6e-a2c0-434f-b991-6c079fd3e82d","name":"iKitten","type":"malware","source":"MITRE","software_attack_id":"S0278","tidal_id":"3aa7e310-ba4f-5f31-b001-390ddde21c87","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"480e45eb-deb2-4844-8eab-10649d33a5d2","name":"OSX/MacDownloader","description":"<sup>[[objsee mac malware 2017](https://app.tidalcyber.com/references/08227ae5-4086-4c31-83d9-459c3a097754)]</sup>.","source":"MITRE","associated_software_id":"1ffb9eb7-4c5b-4d88-93a5-79f250715502","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"492104c0-79d6-461e-9dc5-0e4bfd3f2387","name":"Ilasm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3236","tidal_id":"a79197b9-1839-523d-bd22-b0546c65dda1","created":"2024-01-12T14:47:55.338524Z","modified":"2024-01-12T14:47:55.338528Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ecc55905-6b8d-41a5-af76-a9cb6d65ccfc","name":"Ilasm.exe","description":"<sup>[[Ilasm.exe - LOLBAS Project](/references/347a1f01-02ce-488e-9100-862971c1833f)]</sup>","source":"Tidal Cyber","associated_software_id":"49269d59-3a99-4362-83ea-41207ee591b4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"89c7bc11-db94-407a-8944-1153dfb11130","tag":"8bcce456-e1dc-4dd0-99a9-8334fd6f2847"},{"id":"f953062f-1931-47df-8fc6-b80efb040643","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"dba03d6f-a972-4699-97a2-654b9d89a9a2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d43656c3-e1f1-415c-8f40-be05175dde1a","name":"ImageMagick","type":"tool","source":"Trellix TIG","software_attack_id":"S3396","tidal_id":"98b390e7-1848-5909-a2dd-9599262d9820","created":"2025-04-11T15:06:35.714772Z","modified":"2025-04-11T15:06:35.714776Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3004","group_id":"5e12e91a-8a8a-4966-8b56-83a152091094","name":"Automated Libra","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"0e5c0f19-db3d-5061-a0b9-3b55e4f3f50b","name":"IMAPLoader","type":"malware","source":"MITRE","software_attack_id":"S1152","tidal_id":"0e5c0f19-db3d-5061-a0b9-3b55e4f3f50b","created":"2024-10-31T16:28:02.863468Z","modified":"2024-10-31T16:28:02.863472Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[IMAPLoader](https://app.tidalcyber.com/software/0e5c0f19-db3d-5061-a0b9-3b55e4f3f50b) was deployed by [CURIUM](https://app.tidalcyber.com/groups/ab15a328-c41e-5701-993f-3cab29ac4544) as a post-exploitation payload from strategic website compromise.<sup>[[PWC Yellow Liderc 2023](https://app.tidalcyber.com/references/e473a371-2f34-5391-8888-42082b0a1904)]</sup>","group_attack_id":"G1012","group_id":"ab15a328-c41e-5701-993f-3cab29ac4544","name":"CURIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"98315d72-a446-4c98-b4b5-8e49b323d8b2","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"2ef7c673-a0dc-4773-a9fd-337ed68d9b0b","name":"IMEWDBLD","type":"tool","source":"Tidal Cyber","software_attack_id":"S3232","tidal_id":"87b47664-f1f2-5e51-b69e-78b46df94855","created":"2024-01-12T14:47:53.811094Z","modified":"2024-01-12T14:47:53.811098Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3cf117d3-8636-4cdd-bc1a-a9623d950a76","name":"IMEWDBLD.exe","description":"<sup>[[IMEWDBLD.exe - LOLBAS Project](/references/9d1d6bc1-61cf-4465-b3cb-b6af36769027)]</sup>","source":"Tidal Cyber","associated_software_id":"12fa3dba-d84c-490d-bb72-88b54edf663c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b4aaa56d-4561-49ae-96e6-3a4be1a4f82d","tag":"796962fe-56d7-4816-9193-153da0be7c10"},{"id":"665e6a2a-cb19-4c66-9051-f7955e7595e1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d167e37f-b02a-464a-aace-2ab9721c77cf","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"925fc0db-9315-4703-9353-1d0e9ecb1439","name":"Imminent Monitor","type":"tool","source":"MITRE","software_attack_id":"S0434","tidal_id":"f5769364-bb18-5c60-b21a-e00b4a2d4e89","created":"2020-05-05T18:45:36.358000Z","modified":"2020-07-10T13:39:26.417000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[QiAnXin APT-C-36 Feb2019](https://app.tidalcyber.com/references/cae075ea-42cb-4695-ac66-9187241393d1)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"630813ad-0a01-49ce-b0f7-8b80a49f6a52","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c","name":"Impacket","type":"tool","source":"MITRE","software_attack_id":"S0357","tidal_id":"262c459d-b3e5-5972-9c15-af8a8b93ecdb","created":"2019-01-31T01:39:56.283000Z","modified":"2022-09-27T18:20:48.473000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for lateral movement and process execution in victim environments.<sup>[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)]</sup><sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)]</sup><sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Velvet Ant](https://app.tidalcyber.com/groups/f1c80880-e3ed-5223-90f5-840a3b89fe39) used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for lateral tool transfer and remote process execution.<sup>[[Sygnia VelvetAnt 2024A](https://app.tidalcyber.com/references/daa0360d-8a50-5256-8c95-cf68a3e7bb90)]</sup>","group_attack_id":"G1047","group_id":"f1c80880-e3ed-5223-90f5-840a3b89fe39","name":"Velvet Ant","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Tarrask scheduled task](https://app.tidalcyber.com/references/87682623-d1dd-4ee8-ae68-b08be5113e3e)]</sup>","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup><sup>[[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)]</sup>","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) to dump LSA secrets on one of the domain controllers in the victim network.<sup>[[apt41_dcsocytec_dec2022](https://app.tidalcyber.com/references/fad90e96-93fd-59bd-970e-f0b37cac331d)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[WeLiveSecurity Scarab August 22 2023](/references/7cbf97fe-1809-4089-b386-a8bfd083df39)]</sup>","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]</sup><sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Mustang Panda](https://app.tidalcyber.com/groups/4a4641b1-7686-49da-8d83-00d8013f4b47) leveraged [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) to gather information about the network, discover devices, users and query directories on remote machines to identify files to exfiltrate.<sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) has used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for lateral movement activity.<sup>[[rapid7-email-bombing](https://app.tidalcyber.com/references/b57af46b-a26b-5fca-8509-406889261d41)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Bitdefender FIN8 July 2021](https://app.tidalcyber.com/references/aee3179e-1536-40ab-9965-1c10bdaa6dff)]</sup><sup>[[Bitdefender Sardonic Aug 2021](https://app.tidalcyber.com/references/8e9d05c9-6783-5738-ac85-a444810a8074)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Prestige ransomware October 2022](https://app.tidalcyber.com/references/b57e1181-461b-5ada-a739-873ede1ec079)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Sygnia Elephant Beetle Jan 2022](https://app.tidalcyber.com/references/932897a6-0fa4-5be3-bf0b-20d6ddad238e)]</sup>","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) has used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) to extract credentials over the network and from victim devices.<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]</sup><sup>[[Core Security Impacket](https://app.tidalcyber.com/references/9b88d7d6-5cf3-40d5-b624-ddf01508cb95)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT29 Eye Spy Email Nov 22](https://app.tidalcyber.com/references/452ca091-42b1-5bef-8a01-921c1f46bbee)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) during operations.<sup>[[Cisco LotusBlossom 2025](https://app.tidalcyber.com/references/9b7db916-e62f-5d7e-9574-a85198665a5a)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a5b83111-4ff5-44f1-a992-dbc1e2f42449","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"ba62c297-0ba6-4a93-a1de-461124f79082","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"41379cdd-5faf-4929-aaef-fea835a4a397","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fcf0905e-4a70-442b-a54d-ea6163339ab9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ff5f51e6-3c29-414a-b67e-ae11d2b6aa5a","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"ac7065b2-735d-4588-aeed-09ce43554115","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"057ec979-1cc8-4372-844c-4fa40bf4bce1","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"726d4475-7c25-4227-beb1-4a4825d051d3","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"dae5df5e-204b-4f41-8bc5-904dddbefa3b","tag":"6a80006a-ff1c-48e8-bb6f-d109d7b7a2fc"},{"id":"cef18414-859e-4b93-9e58-cf1f16182649","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"cdfaad29-0e92-455c-b649-5d263763f422","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"dde8b5a8-f0cf-4d60-b029-ebe9d54f1d93","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"087cff4e-2aec-4058-90b2-dc7edcdfbccf","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a8bab8a3-cbd2-4983-83de-ff243ba0db92","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"85533a86-dbd2-4aab-a4d2-5655fe6755bd","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"71de49a2-5216-490d-9aa4-8f4cd5f4f2b1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"640a2eda-3ca9-4b9b-9953-2ab6d48c3c50","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"91c16d40-bb3a-40b3-90d0-9ee792c80d78","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"7310ba31-7f19-4a9d-a8e9-11d2c3748e91","name":"Impacket Smbexec","type":"tool","source":"Tidal Cyber","software_attack_id":"S3589","tidal_id":"cb6a9c08-00c5-576e-881f-0e52c809e646","created":"2025-10-13T17:29:24.704806Z","modified":"2025-10-13T17:29:24.704809Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"69bf8307-1a2c-47dd-ae15-1e65a685c7cc","name":"Smbexec","description":"<sup>[[Cisco Talos Blog October 09 2025](/references/06bee483-26fb-4cfc-a6a5-c8282a997946)]</sup>","source":"USER","associated_software_id":"6db2500b-c1e5-4bd3-b55a-7a0f69a0bd4e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Unit42 BlackSuit October 14 2025](/references/5edcf0bf-1cd2-4f22-9d3c-be8eb1befda0)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog October 09 2025](/references/06bee483-26fb-4cfc-a6a5-c8282a997946)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6af850ec-85fe-4679-bfd1-6bf487ce6c10","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"5eef6c0b-7e4c-4d7f-906a-4d6d1df84708","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b7449bdd-87d8-4f80-80bf-b2f5ace8144f","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"78cce540-e0f9-4391-8438-ff3977873195","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"10194252-79e8-4e88-a26b-e2443006b29c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"51c95b3c-1729-40f2-a3b3-3e849355e3e8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"986ec874-63a7-566a-b238-dae5544db08e","name":"INCONTROLLER","type":"malware","source":"ICS","software_attack_id":"S1045","tidal_id":"986ec874-63a7-566a-b238-dae5544db08e","created":"2026-01-28T13:08:18.118996Z","modified":"2026-01-28T13:08:18.118997Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"32b99b33-1cc1-477c-8c00-04fb5cfe6720","name":"PIPEDREAM","description":"<sup>[[Dragos-Pipedream](https://app.tidalcyber.com/references/0e4f8689-084e-5764-a5ff-c3e50e10baee)]</sup><sup>[[Wylie-22](https://app.tidalcyber.com/references/3fefa436-f8b2-50f5-819d-1231b81c587c)]</sup>","source":"ICS","associated_software_id":"0fb840fa-bd8b-5ada-a4bb-16cc1f6cd4c6","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"814df4bb-4f5a-5097-af8b-85622a4803ba","name":"INC Ransomware","type":"malware","source":"MITRE","software_attack_id":"S1139","tidal_id":"814df4bb-4f5a-5097-af8b-85622a4803ba","created":"2024-10-31T16:28:08.285087Z","modified":"2024-10-31T16:28:08.285091Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason INC Ransomware November 2023](https://app.tidalcyber.com/references/ebe119d6-add3-5a1b-8e5f-b6419f246ba9)]</sup><sup>[[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"eb2772dd-a820-420a-810f-618e6bb39c39","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9556d755-05de-4d2e-8b69-1d4cc8d743ec","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"09398a7c-aee5-44af-b99d-f73d3b39c299","name":"Industroyer","type":"malware","source":"MITRE","software_attack_id":"S0604","tidal_id":"101dd3f0-7318-5e22-b8bd-2c9157293f9d","created":"2021-01-04T20:42:21.997000Z","modified":"2022-10-20T20:37:50.556000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2e8fe68a-5bf5-4850-97e8-7be79236812a","name":"Win32/Industroyer","description":"<sup>[[ESET Industroyer](https://app.tidalcyber.com/references/9197f712-3c53-4746-9722-30e248511611)]</sup>","source":"MITRE","associated_software_id":"5e72df38-9dd3-4b0a-a0da-d98cd732e823","owner_id":null,"owner_name":null},{"id":"f0101fc7-be8d-4460-8444-779813c409d5","name":"CRASHOVERRIDE","description":"<sup>[[Dragos Crashoverride 2017](https://app.tidalcyber.com/references/c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce)]</sup>","source":"MITRE","associated_software_id":"4bf0e893-5e72-48aa-898a-7dfeffa7781a","owner_id":null,"owner_name":null},{"id":"0bcd1ce1-1b63-4a75-885f-009340d2fd85","name":"CRASHOVERRIDE","description":"<sup>[[Dragos Crashoverride 2017](https://app.tidalcyber.com/references/c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce)]</sup>","source":"ICS","associated_software_id":"4bf0e893-5e72-48aa-898a-7dfeffa7781a","owner_id":null,"owner_name":null},{"id":"834ea042-e88f-4390-ab0c-36d350b6d4bd","name":"Win32/Industroyer","description":"<sup>[[ESET Industroyer](https://app.tidalcyber.com/references/9197f712-3c53-4746-9722-30e248511611)]</sup>","source":"ICS","associated_software_id":"5e72df38-9dd3-4b0a-a0da-d98cd732e823","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]</sup><sup>[[Dragos Crashoverride 2017](https://app.tidalcyber.com/references/c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce)]</sup><sup>[[ESET Industroyer](https://app.tidalcyber.com/references/9197f712-3c53-4746-9722-30e248511611)]</sup><sup>[[Secureworks IRON VIKING](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]</sup><sup>[[Dragos Crashoverride 2017](https://app.tidalcyber.com/references/c8f624e3-2ba2-4564-bd1c-f06b9a6a8bce)]</sup><sup>[[ESET Industroyer](https://app.tidalcyber.com/references/9197f712-3c53-4746-9722-30e248511611)]</sup><sup>[[Secureworks IRON VIKING](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f470f30b-b74f-4186-89bb-eacda3d4c885","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"43afe30b-be32-467b-a9a0-6fedbbf2e31d","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"17eb91d4-d31b-4eeb-95ea-be6c4687052e","tag":"37dff778-95a6-4e51-a26a-1d399ef713be"}],"owner_name":null},{"id":"53c5fb76-a690-55c3-9e02-39577990da2a","name":"Industroyer2","type":"malware","source":"MITRE","software_attack_id":"S1072","tidal_id":"c8211882-a2b6-51c1-bac2-414e568addbb","created":"2023-05-26T01:20:53.312588Z","modified":"2023-05-26T01:20:53.312592Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"}],"associated_software":[],"groups":[{"description":"<sup>[[Industroyer2 ESET April 2022](https://app.tidalcyber.com/references/3ec01405-3240-5679-924f-f1194bca9a72)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Industroyer2 ESET April 2022](https://app.tidalcyber.com/references/3ec01405-3240-5679-924f-f1194bca9a72)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"ICS"}],"tags":[{"id":"2adc9ee8-f981-4fda-bf8b-3c116c2108a7","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"667368cc-4c84-4f6b-beb0-3350faf06795","tag":"37dff778-95a6-4e51-a26a-1d399ef713be"}],"owner_name":null},{"id":"e35b5513-4370-4f8c-b3a6-1f64c65f1e85","name":"Infdefaultinstall","type":"tool","source":"Tidal Cyber","software_attack_id":"S3237","tidal_id":"07d85c6f-d1f3-52f5-b357-5248e5c56559","created":"2024-01-12T14:47:55.697210Z","modified":"2024-01-12T14:47:55.697214Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c83a5539-de50-46fd-b8e9-d7debdfc92ee","name":"Infdefaultinstall.exe","description":"<sup>[[Infdefaultinstall.exe - LOLBAS Project](/references/5e83d17c-dbdd-4a6c-a395-4f921b68ebec)]</sup>","source":"Tidal Cyber","associated_software_id":"54922044-3d2e-4885-b314-2c0e2628fd75","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"36043430-bdbc-47dd-b921-cde86f81babc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"caffeb58-989c-4341-a1d4-00e0396a79e9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"728a1eb8-ca41-44cb-a4a5-0c487a956902","name":"InfinityFree","type":"tool","source":"Tidal Cyber","software_attack_id":"S3920","tidal_id":"781bf11b-3eca-5688-9b60-2ae4433b3e6c","created":"2026-01-14T13:31:35.706978Z","modified":"2026-01-14T13:31:35.706982Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.recordedfuture.com January 09 2026](/references/fb8ee1dd-bf96-4d28-9d9f-807cc351190b)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6b7cd194-c342-44af-ac04-5f7c57a8e601","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"733ac90d-f5a1-4252-bba1-ca4cf1c416b6","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"f1316ae6-d09c-453f-a101-5f339b62b86b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1c0846c7-9928-4f11-acb2-8f9ba85d37e8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e42bf572-1e70-4467-a4b7-5e22c776c758","name":"InnaputRAT","type":"malware","source":"MITRE","software_attack_id":"S0259","tidal_id":"8242a0ca-9f58-50e9-bfe8-a017088a5880","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e63cdf34-ee7b-554c-b077-44b1061bb7da","name":"INSOMNIA","type":"malware","source":"Mobile","software_attack_id":"S0463","tidal_id":"e63cdf34-ee7b-554c-b077-44b1061bb7da","created":"2026-01-28T13:08:09.937711Z","modified":"2026-01-28T13:08:09.937713Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c983bb77-b96c-44d5-b3f8-2540d7c604db","name":"Installutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3238","tidal_id":"c8a3c093-1739-523b-8f32-800d37f01f86","created":"2024-01-12T14:47:56.076315Z","modified":"2024-01-12T14:47:56.076319Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8584527d-8295-412a-a88b-69339f8878b7","name":"Installutil.exe","description":"<sup>[[LOLBAS Installutil](/references/7dfb2c45-862a-4c25-a65a-55abea4b0e44)]</sup>","source":"Tidal Cyber","associated_software_id":"91100384-d619-4bf1-9f83-7ffc16d777f2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"3a82cc05-4d79-4d79-890f-3fc3bcf4a93a","tag":"a3f84674-3813-4993-9e34-39cdaa19cbd1"},{"id":"35f86979-a5ca-48d5-8859-9448c1514c22","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8b3f8d2e-40d3-49f3-b364-b6ce04fe12a1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ab379c9b-3162-4f4a-9496-fd8288830226","name":"IntelliTrace","type":"tool","source":"Tidal Cyber","software_attack_id":"S3866","tidal_id":"55327c8e-1458-56a4-b12f-e5f29603500b","created":"2026-01-06T18:05:05.007052Z","modified":"2026-01-06T18:05:05.007056Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e6694e3f-3355-4542-a4aa-dfbfeeb12caf","name":"IntelliTrace.exe","description":"<sup>[[IntelliTrace.exe - LOLBAS Project](/references/e6bba7af-1739-4276-9711-455e9d11c27a)]</sup>","source":"USER","associated_software_id":"9483f58d-0518-447b-9139-613d844edc4b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0eefbad2-382a-4076-826b-002803339c68","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"9ec3777d-9a36-4822-a3e2-a7ce5d296309","name":"Interactsh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3073","tidal_id":"b3ce2a71-1dca-51fd-b883-a4059eee4796","created":"2023-09-08T15:49:56.947396Z","modified":"2023-09-08T15:49:56.947400Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd8ad41a-ca57-4fc6-a35f-285ba885ecc6","name":"oast.fun","description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","source":"USER","associated_software_id":"ea38eb3b-3fc7-47ab-a00e-d120689c1f7b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c9f20c45-80cc-45e2-b082-e3036ee66d8b","name":"Interact.sh","description":"","source":"Tidal Cyber","associated_software_id":"0ea31764-5a77-4510-b873-ca1e8bdaf90e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9d4766ba-29a2-48c4-8bbb-ef9710c2da84","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"3fbf3bb6-4358-4957-b669-d980b6b4cd12","tag":"15787198-6c8b-4f79-bf50-258d55072fee"}],"owner_name":"TidalCyberIan"},{"id":"5658f260-8e96-4fa5-9863-189660048e5d","name":"Inveigh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3113","tidal_id":"1d6531ed-bb25-533b-a40e-bf7f7245a170","created":"2024-03-07T21:01:06.926448Z","modified":"2024-03-07T21:01:06.926452Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2adcc6a3-ad60-40fc-bb56-dec4e994c4d2","name":"InveighZero","description":"","source":"Tidal Cyber","associated_software_id":"7385f108-d325-4e77-a179-1c57606bee6f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro BlackCat April 18 2022](/references/a04d89b1-3334-4d96-8c45-bb88f396e036)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f632a1d2-f586-4e4f-8d9a-5c7d1ce256c8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"717499a9-753b-4117-b989-f15fa0f018ba","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"c193f8cf-f958-4bdb-a86d-7d75ccc54ffe","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"8a6211db-f7ca-59ab-a38b-be925e9e9e1f","name":"InvisibleFerret","type":"malware","source":"MITRE","software_attack_id":"S1245","tidal_id":"8a6211db-f7ca-59ab-a38b-be925e9e9e1f","created":"2025-10-29T21:08:48.110569Z","modified":"2025-10-29T21:08:48.110570Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Esentire ContagiousInterview BeaverTail InvisibleFerret November 2024](https://app.tidalcyber.com/references/c4dbb0f9-c562-5bc1-954d-5988525ca0de)]</sup><sup>[[ESET Contagious Interview BeaverTail InvisibleFerret February 2025](https://app.tidalcyber.com/references/c6626322-dce8-5de9-aa92-5b29a09a6203)]</sup><sup>[[Zscaler ContagiousInterview BeaverTail InvisibleFerret November 2024](https://app.tidalcyber.com/references/1c32af8a-a0a0-5431-86d6-9cfd16addc8a)]</sup><sup>[[PaloAlto ContagiousInterview BeaverTail InvisibleFerret November 2023](https://app.tidalcyber.com/references/edd66284-56a0-5eef-b7e5-056b7b8b23b0)]</sup><sup>[[PaloAlto Unit42 ContagiousInterview BeaverTail InvisibileFerret October 2024](https://app.tidalcyber.com/references/b8cd0275-a043-5ea9-9a8a-a3c8f5ea35e7)]</sup><sup>[[Recorded Future Contagious Inteview BeaverTail InvisibleFerret OtterCookie February 2025](https://app.tidalcyber.com/references/7f53d9e4-f460-5d94-bc65-1ee7dacaa251)]</sup>","group_attack_id":"G1052","group_id":"b436d32f-2667-5e00-a3d8-f58d2d5666d4","name":"Contagious Interview","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)]</sup><sup>[[Silent Push Contagious Interview April 24 2025](/references/7062304e-91e9-45bf-84b4-c42bdad99e23)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d58c85f8-013b-4d03-a010-0c6b97837e22","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"77bb5fb6-eb75-471f-a9ea-7fd6b57f13e4","name":"InvisibleFerret (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3472","tidal_id":"ce35db44-c8dd-5863-be29-0af894ecb274","created":"2025-05-06T16:29:13.692912Z","modified":"2025-05-06T16:29:13.692916Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 November 21 2023](/references/930228c3-a93b-4664-ab7d-65af212211fc)]</sup><sup>[[Silent Push Contagious Interview April 24 2025](/references/7062304e-91e9-45bf-84b4-c42bdad99e23)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4fb5eddf-d93c-430b-a655-ec04da80e368","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8271af6a-a28f-4b9c-bcb2-717e38d0f42d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f046c0e5-9f07-4a93-87b9-8271129d9e7d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3ee4c49d-2f2c-4677-b193-69f16f2851a4","name":"InvisiMole","type":"malware","source":"MITRE","software_attack_id":"S0260","tidal_id":"3a3a3861-8961-52b5-b69f-c27e605a48fb","created":"2018-10-17T00:14:20.652000Z","modified":"2021-11-29T12:41:28.009000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9226fb35-bfe7-40ab-880d-f61119315d61","name":"Invoke-Expression","type":"tool","source":"Trellix TIG","software_attack_id":"S3466","tidal_id":"f0cde4c4-34a3-567a-974b-d3847a34479c","created":"2025-04-11T15:06:53.407330Z","modified":"2025-04-11T15:06:53.407334Z","platforms":[],"associated_software":[{"id":"ce2a5f73-4119-4460-ad4b-e8e67d345743","name":"Invoke Expression","description":"","source":"Trellix TIG","associated_software_id":"e757e3a2-cd73-40b1-a39e-1d15892057ec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b51b9a88-9b41-44fa-98c6-f1dde314a7a4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6c15af01-cdde-44fd-b417-db9f1fd5ef1a","name":"Invoke-Kerberoast","type":"tool","source":"Tidal Cyber","software_attack_id":"S3650","tidal_id":"dc264578-9d1f-5753-a01d-1e2765f534fe","created":"2025-11-19T17:45:41.886079Z","modified":"2025-11-19T17:45:41.886082Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"34afaf88-4866-44c5-a95b-a0514c5920a0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"aa2182d4-b625-40c1-8a34-37ff44daa0d4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2200a647-3312-44c0-9691-4a26153febbb","name":"Invoke-PSImage","type":"tool","source":"MITRE","software_attack_id":"S0231","tidal_id":"6649f35b-a470-5dc7-b828-220a05b32e86","created":"2018-04-18T17:59:24.739000Z","modified":"2022-10-18T22:02:48.228000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9c955014-2d83-4b5b-9127-cfc49e86779f","name":"IOBit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3104","tidal_id":"9af4d0a6-b335-58a6-ae9e-cb8b60effd92","created":"2023-12-22T16:36:13.965606Z","modified":"2023-12-22T16:36:13.965610Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4ec3cc5c-0e81-4208-ae7d-3f3372dfae2a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b0f86909-89bb-4ced-a37d-fe66d77e6aff","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"76f8850b-eece-49ef-b6c3-8bb201b71863","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9de6a3bc-ce02-4187-8ae7-7cd392997bfc","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"79544256-6f93-4ffa-990b-c309f1c568e6","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"59e8058e-d259-4623-90d5-e3b34534eff3","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"9ed9f440-9c7c-4bc4-a610-2608716a44ff","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6c752673-e9d5-407c-95a4-5fa170c713d6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"52a61ad0-c259-4738-9fdb-4d45b0b0e839","name":"iodine","type":"tool","source":"Trellix TIG","software_attack_id":"S3409","tidal_id":"6c1a94c0-42f1-5a67-ac2e-184eebd369cc","created":"2025-04-11T15:06:42.726775Z","modified":"2025-04-11T15:06:42.726779Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"f28431cd-1d07-4cf2-bf22-118306dbd8c4","name":"IOX","type":"tool","source":"Tidal Cyber","software_attack_id":"S3439","tidal_id":"b91d569c-949d-561f-89f9-8b04025c5858","created":"2025-02-24T20:29:03.100953Z","modified":"2025-02-24T20:29:03.100957Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b2764e0e-f436-4313-962a-dd9b6c3b9058","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"6372eef5-bee1-40d6-9bf6-5cc115f9c83d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ec2911c4-d171-4f9c-a03b-981aedf8b9c7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"934c3078-6aef-4594-bb87-a62d43603b19","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"08fe1472-bd7b-4765-ae78-bd8d5b6a3089","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fcd35c81-84bc-4894-9e87-ffd3d6afc790","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"}],"owner_name":"TidalCyberIan"},{"id":"4f519002-0576-4f8e-8add-73ebac9a86e6","name":"ipconfig","type":"tool","source":"MITRE","software_attack_id":"S0100","tidal_id":"c80651cd-fe09-5d7a-b984-16542649093a","created":"2017-05-31T21:33:02.863000Z","modified":"2022-10-12T21:28:49.335000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[DFIR Report APT35 ProxyShell March 2022](https://app.tidalcyber.com/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]</sup><sup>[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ClearSky Siamesekitten August 2021](https://app.tidalcyber.com/references/9485efce-8d54-4461-b64e-0d15e31fbf8c)]</sup><sup>[[Zscaler Lyceum DnsSystem June 2022](https://app.tidalcyber.com/references/eb78de14-8044-4466-8954-9ca44a17e895)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)]</sup><sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]</sup>","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2ab9c361-9982-4adb-b6d2-5fe101d6174c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"1fcc6e2d-0940-459b-a942-f5624e31e6ee","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"288a8c0c-7dde-4e30-8597-7488c0ef3135","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fea70c49-5338-4922-a21d-edae6ea07365","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"2874da85-2115-42a8-90f8-bd70e19392b8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"4a8093e7-7458-452f-90dd-ad759254929f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9b680e5f-f19f-4831-acf4-f01c20e8c14a","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"aa520261-82d7-4deb-80a1-29580992a29c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"62b23e79-fae9-49b7-b507-172c3e68e416","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"791315ed-12b6-496a-b80c-83da9db47992","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"e6fa005e-4690-5336-8a03-5f667ea38f3f","name":"IPsec Helper","type":"malware","source":"MITRE","software_attack_id":"S1132","tidal_id":"e6fa005e-4690-5336-8a03-5f667ea38f3f","created":"2024-10-31T16:28:06.950642Z","modified":"2024-10-31T16:28:06.950646Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) uses [IPsec Helper](https://app.tidalcyber.com/software/e6fa005e-4690-5336-8a03-5f667ea38f3f) as a post-exploitation remote access tool framework.<sup>[[SentinelOne Agrius 2021](https://app.tidalcyber.com/references/b5b433a1-5d12-5644-894b-c42d995c9ba5)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4f6873a7-f2e5-455e-b860-20cb437a19ff","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9362f75e-b85c-439c-ad11-b4abbbf4d8cf","name":"iptables","type":"tool","source":"Tidal Cyber","software_attack_id":"S3678","tidal_id":"56351896-f482-58ab-bb16-ddc19e6d414d","created":"2025-12-10T14:14:52.813592Z","modified":"2025-12-10T14:14:52.813596Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET PlushDaemon November 19 2025](/references/fd6d089e-4549-4442-91bf-3cf1e85db012)]</sup>","group_attack_id":"G3069","group_id":"3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6","name":"PlushDaemon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"77e919a3-e65f-4f04-8a1f-e67e9665d06f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1675882b-c70d-405a-bba1-0d054511fd5d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9ca96281-8ff9-4619-a79d-16c5a9594eae","name":"IronNetInjector","type":"tool","source":"MITRE","software_attack_id":"S0581","tidal_id":"c432c81b-1048-5d06-a40a-018fa840e6bc","created":"2021-02-24T21:28:44.175000Z","modified":"2022-05-20T17:02:59.587000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 IronNetInjector February 2021 ](https://app.tidalcyber.com/references/f04c89f7-d951-4ebc-a5e4-2cc69476c43f)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"865c8a96-3f78-4afe-a759-887d885ae333","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"f5fe5a8f-3201-44d5-8939-030540d48b50","name":"iscsicpl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3859","tidal_id":"0f51d340-9c09-57d1-b40d-70b543d909af","created":"2026-01-06T18:05:03.795252Z","modified":"2026-01-06T18:05:03.795256Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"88f88de1-7b84-4efd-9e7d-cf5dd3377c6f","name":"iscsicpl.exe","description":"<sup>[[iscsicpl.exe - LOLBAS Project](/references/93330fc1-2ade-4c4e-8f83-76487428c61e)]</sup>","source":"USER","associated_software_id":"528e8521-929b-487f-8fe3-8275ad53d1b7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"1a86c07d-647c-4c61-92ab-c0f8800c91dd","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"752ab0fc-7fa1-4e54-bd9a-7a280a38ed77","name":"ISMInjector","type":"malware","source":"MITRE","software_attack_id":"S0189","tidal_id":"1df3fa9c-0fd6-5fac-b30a-8762a5f9abef","created":"2018-01-16T16:13:52.465000Z","modified":"2020-03-31T12:38:41.115000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[OilRig New Delivery Oct 2017](https://app.tidalcyber.com/references/f5f3e1e7-1d83-4ddc-a878-134cd0d268ce)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"24dba715-5b5e-4feb-9190-ecdfad0e3935","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0f8c2533-ba24-4fbb-9e59-852eee6a0aa8","name":"ITarian","type":"tool","source":"Tidal Cyber","software_attack_id":"S3843","tidal_id":"e53bb9bc-c434-54a9-ad50-296ec536bd37","created":"2025-12-29T17:41:07.693349Z","modified":"2025-12-29T17:41:07.693354Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"5088f5e0-441b-4687-8b0c-54795baab478","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"6f4116e9-e9b2-4e2b-81c1-1bf6198fdd19","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"14273342-c0c1-4d77-b052-b77abf93236a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5a90ba8f-432f-4261-8a1d-43cd4fce9b7c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6dbf31cf-0ba0-48b4-be82-38889450845c","name":"Ixeshe","type":"malware","source":"MITRE","software_attack_id":"S0015","tidal_id":"24878e4c-ecf9-5abb-ab25-86cb124f2d78","created":"2017-05-31T21:32:16.360000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Moran 2013](https://app.tidalcyber.com/references/d38bdb47-1a8d-43f8-b7ed-dfa5e430ac2f)]</sup><sup>[[Moran 2014](https://app.tidalcyber.com/references/15ef155b-7628-4b18-bc53-1d30be4eac5d)]</sup>","group_attack_id":"G0005","group_id":"225314a7-8f40-48d4-9cff-3ec39b177762","name":"APT12","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6601b744-461d-4171-994d-7ac51883e6c2","name":"JADESNOW","type":"malware","source":"Tidal Cyber","software_attack_id":"S3610","tidal_id":"3caaeaee-e2cc-5661-8bca-27b88dd7ccf1","created":"2025-10-24T16:13:48.862464Z","modified":"2025-10-24T16:13:48.862468Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog October 16 2025](/references/66fc30f1-2ace-4c63-9371-448827fdb719)]</sup>","group_attack_id":"G3145","group_id":"13ef6741-2b07-494f-98a9-35b9031ac020","name":"UNC5142","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog October 16 2025](/references/66fc30f1-2ace-4c63-9371-448827fdb719)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5f336130-3555-43f9-9d81-46e4d51f536d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"9c4a4247-9755-4ae9-a555-4dcf9ae40824","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"c66ba2a5-d7cb-4247-8f03-20d684b512b5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b856cc56-b607-4c52-abfb-3de54f825ff6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0eb47e25-56ec-42ba-9850-e50450b853e0","name":"Jaguar Tooth","type":"malware","source":"Tidal Cyber","software_attack_id":"S3067","tidal_id":"ec280e4d-3595-5833-9606-f917e6f64aa1","created":"2023-09-29T19:48:23.684344Z","modified":"2023-09-29T19:48:23.684351Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA APT28 Cisco Routers April 18 2023](/references/c532a6fc-b27f-4240-a071-3eaa866bce89)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5f472b60-36a4-423d-8d5c-c1e81da013f6","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"685ce7aa-0c57-4211-b38f-f4c42eebb362","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"f7c24d36-6bc0-4024-96b4-f7159a3f88e6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"89fb915e-4e05-42b3-9a68-6167e0cbb64e","tag":"f01290d9-7160-44cb-949f-ee4947d04b6f"},{"id":"9e4f7c74-4fed-4cab-8c3c-405cf7d391cc","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"a4debf1f-8a37-4c89-8ebc-31de71d33f79","name":"Janicab","type":"malware","source":"MITRE","software_attack_id":"S0163","tidal_id":"76905fdf-1928-5f1c-bc8e-fed5452ad5d8","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"853d3d18-d746-4650-a9bd-c36a0e86dd02","name":"Javali","type":"malware","source":"MITRE","software_attack_id":"S0528","tidal_id":"90c09859-e5c3-5779-8282-f69014832122","created":"2020-11-09T18:32:18.369000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c862b68d-585f-4076-8f37-647b98c15232","name":"JavaScript","type":"tool","source":"Trellix TIG","software_attack_id":"S3415","tidal_id":"6021c4bf-b039-5ccf-add2-e3e1e3d6606d","created":"2025-04-11T15:06:43.847104Z","modified":"2025-04-11T15:06:43.847108Z","platforms":[],"associated_software":[{"id":"789b2af3-12a3-4fa9-8c87-d6fae6d5f1e0","name":"JScript","description":"","source":"Trellix TIG","associated_software_id":"cc47f13d-4b35-4935-958e-97d57d5507a7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"46c58762-babb-471e-966d-87568933864d","name":"js","description":"","source":"Trellix TIG","associated_software_id":"ad998bd1-217d-449f-ad1b-24e9614a3209","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c1c80246-6085-4837-af85-073d6348d60a","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"489f6742-3690-4b38-ba2d-b905ad0b0ee8","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"404e448c-a243-4e3a-956d-299792d0f1be","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"87f96413-a1d7-4dd3-8b7d-19d77c06905f","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"e9b43193-4a5b-4df0-9ca2-1ba4a0642942","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"deadd918-fa3e-4edc-af5a-83741c9ae6c4","name":"jcef_helper.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3972","tidal_id":"4961b69f-7f6c-59c4-bc8b-c7d087605efa","created":"2026-01-23T20:31:10.375801Z","modified":"2026-01-23T20:31:10.375804Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"44f25101-5352-4b09-b8db-1bf09e3cbc5c","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"805d7c68-6bfd-4da6-a64e-b73bf20f267a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7c640f99-d9ef-4d72-8fd6-2ed50f8bd2c6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"41ec0bbc-65ca-4913-a763-1638215d7b2f","name":"JCry","type":"malware","source":"MITRE","software_attack_id":"S0389","tidal_id":"76d3c935-6802-5178-a0c9-f2d6ff9ddb3f","created":"2019-06-18T17:20:43.635000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"cd61977a-b4a4-49ea-889e-c217bee3c7ee","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9692aa12-04dc-4a0d-8c5a-8640740ddcd1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"d50ef3fc-7d1c-4a82-b1cf-2319d83da3ae","name":"JHUHUGIT","type":"malware","source":"MITRE","software_attack_id":"S0044","tidal_id":"905b06f1-c7d2-50e7-90b2-9e353de2c3d4","created":"2017-05-31T21:32:34.199000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3fbee7bb-2a32-4935-aff2-e938ca018690","name":"JKEYSKW","description":"<sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup>","source":"MITRE","associated_software_id":"771f1cd5-dac6-43c9-8c93-9f70ce4137e1","owner_id":null,"owner_name":null},{"id":"15e69a07-09c5-42a4-9800-3fa8152a3532","name":"GAMEFISH","description":"<sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup>","source":"MITRE","associated_software_id":"fb803c34-1dbd-4bb4-b397-faec053abe77","owner_id":null,"owner_name":null},{"id":"94a24271-b4cc-4012-86d3-f3146b25e0e2","name":"Trojan.Sofacy","description":"This designation has been used in reporting both to refer to the threat group ([Skeleton Key](https://app.tidalcyber.com/software/206453a4-a298-4cab-9fdf-f136a4e0c761)) and its associated malware.<sup>[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]</sup>","source":"MITRE","associated_software_id":"c1808fee-703d-4116-8d6e-7d181244c928","owner_id":null,"owner_name":null},{"id":"f2393857-1a0d-423d-9e2a-4f0c3e97439b","name":"Sednit","description":"This designation has been used in reporting both to refer to the threat group ([APT28](https://app.tidalcyber.com/groups/5b1a5b9e-4722-41fc-a15d-196a549e3ac5)) and its associated malware.<sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup>","source":"MITRE","associated_software_id":"04241120-45d5-4261-a13b-4816d2dfc8a7","owner_id":null,"owner_name":null},{"id":"cd2ab3e3-3100-465b-9529-e8e52cd2e1b9","name":"Seduploader","description":"<sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup><sup>[[Talos Seduploader Oct 2017](https://app.tidalcyber.com/references/2db77619-72df-461f-84bf-2d1c3499a5c0)]</sup>","source":"MITRE","associated_software_id":"59124557-6250-48b8-aaf8-3fc51df2c993","owner_id":null,"owner_name":null},{"id":"87b23dd6-4367-4dce-ab5b-17002959f2ef","name":"SofacyCarberp","description":"<sup>[[Unit 42 Sofacy Feb 2018](https://app.tidalcyber.com/references/0bcc2d76-987c-4a9b-9e00-1400eec4e606)]</sup>","source":"MITRE","associated_software_id":"111fc9b5-1c08-4256-ab5b-7adf2a8bd81e","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT28 January 2017](https://app.tidalcyber.com/references/61d80b8f-5bdb-41e6-b59a-d2d996392873)]</sup><sup>[[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)]</sup><sup>[[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]</sup><sup>[[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c6fceac9-2369-44b0-9242-f1f0914dae6e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"af48c73d-5929-5a45-8182-aea5495346a3","name":"J-magic","type":"malware","source":"MITRE","software_attack_id":"S1203","tidal_id":"af48c73d-5929-5a45-8182-aea5495346a3","created":"2025-04-22T20:46:56.893423Z","modified":"2025-04-22T20:46:56.893427Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"bf977f7a-ce68-4b42-be58-4ac5b5c3bf6c","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"944ed2a3-7a19-43a6-b1a7-14220337e592","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c96fce69-6b9c-4bbc-bb42-f6a8fb6eb88f","name":"JPIN","type":"malware","source":"MITRE","software_attack_id":"S0201","tidal_id":"986e26f3-8dd4-5aaa-8dca-6aaafeaa0308","created":"2018-04-18T17:59:24.739000Z","modified":"2020-08-11T19:44:31.363000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft PLATINUM April 2016](https://app.tidalcyber.com/references/d0ec5037-aa7f-48ee-8d37-ff8fb2c8c297)]</sup>","group_attack_id":"G0068","group_id":"f036b992-4c3f-47b7-a458-94ac133bce74","name":"PLATINUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"167e9d71-c766-458d-aba4-8cbe1bce4e8e","name":"jQuery","type":"tool","source":"Tidal Cyber","software_attack_id":"S3702","tidal_id":"ac421d02-16b2-5335-a970-9fca2ad3df3a","created":"2025-12-10T14:14:56.542288Z","modified":"2025-12-10T14:14:56.542292Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 20 2025](/references/a99c8dce-a85b-404f-8b91-65135de27537)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"905f4580-06d0-4307-b596-f06bdf900a9d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"473a0840-d9a5-4186-8b18-e9ca4cf1125e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"42fe9795-5cf6-4ad7-b56e-2aa655377992","name":"jRAT","type":"malware","source":"MITRE","software_attack_id":"S0283","tidal_id":"43f58878-400c-5703-84bf-1109e4152139","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"861de6da-bf0d-4b12-96d5-3183680fbcac","name":"jFrutas","description":"<sup>[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]</sup>","source":"MITRE","associated_software_id":"45890a41-4d9a-4a8c-8758-9ed70c6355f4","owner_id":null,"owner_name":null},{"id":"53eb8894-1d69-4d53-9743-510f27c12255","name":"Sockrat","description":"<sup>[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]</sup>","source":"MITRE","associated_software_id":"2adef0c3-f776-48c1-9293-d355b9dbefd7","owner_id":null,"owner_name":null},{"id":"ef49e5e8-7c03-4c7b-81f4-9448ba11cf53","name":"jBiFrost","description":"<sup>[[NCSC Joint Report Public Tools](https://app.tidalcyber.com/references/601d88c5-4789-4fa8-a9ab-abc8137f061c)]</sup>","source":"MITRE","associated_software_id":"7a75e4bf-a8cf-4fb0-b147-12db5a0bb77a","owner_id":null,"owner_name":null},{"id":"2ac63e52-9b97-4571-888c-9eacafb47f15","name":"JSocket","description":"<sup>[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]</sup>","source":"MITRE","associated_software_id":"88632c03-4d0a-4307-8d96-370a9fa0c49c","owner_id":null,"owner_name":null},{"id":"8879a9b9-7df5-4357-819c-54d4c219869b","name":"AlienSpy","description":"<sup>[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]</sup>","source":"MITRE","associated_software_id":"13f9732c-1a38-45ca-9278-4b3266e32997","owner_id":null,"owner_name":null},{"id":"77568c7b-7765-4fa7-8402-f35f4f1388f8","name":"Trojan.Maljava","description":"<sup>[[jRAT Symantec Aug 2018](https://app.tidalcyber.com/references/8aed9534-2ec6-4c9f-b63b-9bb135432cfb)]</sup>","source":"MITRE","associated_software_id":"4fcf08b4-de50-4ab6-a7ae-a3c3a64f32cc","owner_id":null,"owner_name":null},{"id":"68380492-9057-4a79-828f-205a3a7596ed","name":"Frutas","description":"<sup>[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]</sup>","source":"MITRE","associated_software_id":"cf5f6829-3cf7-445f-a4a3-dce78fe6034b","owner_id":null,"owner_name":null},{"id":"e3ea6fd6-b394-458f-bd5d-27b165322632","name":"Adwind","description":"<sup>[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]</sup>","source":"MITRE","associated_software_id":"c1239f48-76e5-40c5-897d-80a7d14f8613","owner_id":null,"owner_name":null},{"id":"28fce90e-ff3d-4325-923c-ad9421ed5dd3","name":"Unrecom","description":"<sup>[[Kaspersky Adwind Feb 2016](https://app.tidalcyber.com/references/69fd8de4-81bc-4165-b77d-c5fc72cfa699)]</sup>","source":"MITRE","associated_software_id":"f5019366-a5f7-4b6f-ba22-de56a66dc7ca","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9dba4703-8c29-47dd-ae50-3a50bcea21b6","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"1c67bf0b-22f8-4f57-8f91-f15b4923455f","name":"Jsc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3239","tidal_id":"3efd6482-f812-577f-a4b7-e018667fe98c","created":"2024-01-12T14:47:56.435813Z","modified":"2024-01-12T14:47:56.435816Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"69700923-c77c-4d60-87da-34dc37a2b04e","name":"Jsc.exe","description":"<sup>[[Jsc.exe - LOLBAS Project](/references/ae25ff74-05eb-46d7-9c60-4c149b7c7f1f)]</sup>","source":"Tidal Cyber","associated_software_id":"adc0e1d8-3291-4c6f-9429-b6a61fb089a7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ad8c15cb-138d-4a62-b9a1-8e38cf73c708","tag":"ee16a0c7-b3cf-4303-9681-b3076da9bff0"},{"id":"ffb2b8d2-6289-41be-9a20-ebc7c24af64e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4ef792c4-34f3-4873-a507-79f00249ef51","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c67f3029-a26c-4752-b7f1-8e3369c2f79d","name":"JSS Loader","type":"malware","source":"MITRE","software_attack_id":"S0648","tidal_id":"fb871861-bab6-5ac9-a258-193a233a86bc","created":"2021-09-22T14:44:48.087000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"82b70126-c7c9-4595-a2e3-8ea272f42ee1","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"4d8a11c3-caa0-4519-86bd-56a6fb33c20e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b93283e6-6ad5-5c68-8316-ab26c3e8aae0","name":"Judy","type":"malware","source":"Mobile","software_attack_id":"S0325","tidal_id":"b93283e6-6ad5-5c68-8316-ab26c3e8aae0","created":"2026-01-28T13:08:09.937633Z","modified":"2026-01-28T13:08:09.937635Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"57e9c32b-a1fa-45bc-9a57-098834a2c356","name":"Juicy Potato","type":"malware","source":"Tidal Cyber","software_attack_id":"S3069","tidal_id":"c6cd0e0b-62b9-5b75-aa9d-602642c9d036","created":"2024-06-13T20:12:29.590244Z","modified":"2024-06-13T20:12:29.590249Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"51a65ed4-83eb-4931-939d-e346d9b30f6a","tag":"4ac8deac-b33f-4276-b9ee-2d810138aedc"},{"id":"2ea53d76-6a16-435d-8b6a-5d40f81e91c5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e16119d6-2fb3-4fd5-b192-b315b5822070","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"df606134-01fc-44e2-9fe5-698c70bc9b0f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c40cc75a-8507-5051-b5b9-e1a980df539d","name":"JumbledPath","type":"malware","source":"MITRE","software_attack_id":"S1206","tidal_id":"c40cc75a-8507-5051-b5b9-e1a980df539d","created":"2025-04-22T20:46:56.150056Z","modified":"2025-04-22T20:46:56.150060Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Amazon Web Services December 15 2025](/references/cb9ff075-d033-4990-b389-4760d089e255)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Salt Typhoon FEB 2025](https://app.tidalcyber.com/references/9e862514-c8ff-5125-9762-2fb9fafb5625)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f66f2d46-b54c-4343-8224-22ed02eb165e","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"ab21b3f5-06bb-4c9e-b031-4ef04254367b","name":"Junction","type":"malware","source":"Tidal Cyber","software_attack_id":"S3722","tidal_id":"7f1334db-dc14-5e1e-81f7-39774d70747b","created":"2025-12-10T14:14:59.980724Z","modified":"2025-12-10T14:14:59.980727Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike.com December 04 2025](/references/24d4a6ac-2f5a-4155-bb14-7fb68a977fce)]</sup>","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5443fd33-48d4-434d-8f41-e8bca21fb14b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5047409b-4864-46af-814d-5bf851ab616d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e20f8cad-b6f0-47a4-8c2f-b02af2ccece0","name":"Kaiji","type":"malware","source":"Tidal Cyber","software_attack_id":"S3753","tidal_id":"7f1448b0-7efb-5ab3-ab3f-fd1a7ec34bcb","created":"2025-12-17T14:18:49.767005Z","modified":"2025-12-17T14:18:49.767009Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"43cf69cf-f528-4fff-bdf4-17fa03a40206","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3b810e9e-d62f-4cb1-9c18-1d676a53bf47","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"97a901c8-b125-4140-b336-b445149abe60","name":"Kali","type":"tool","source":"Tidal Cyber","software_attack_id":"S3551","tidal_id":"83d8d6f5-6afd-5597-9e9a-368d6893799e","created":"2025-09-15T19:14:01.669561Z","modified":"2025-09-15T19:14:01.669564Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"110ba699-5612-452c-bca9-2cc8c28f3e5e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"74fd440c-e719-488c-9b05-c5f188fc8128","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"0899e73e-59cf-491f-8e1e-0e99d027d14a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"3bee576f-09d1-4038-9301-85f260e03275","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"64305c45-fa46-4e34-8640-5905cd867312","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c02ade32-d063-5b37-b598-80c09321184a","name":"Kapeka","type":"malware","source":"MITRE","software_attack_id":"S1190","tidal_id":"c02ade32-d063-5b37-b598-80c09321184a","created":"2025-04-22T20:46:59.889008Z","modified":"2025-04-22T20:46:59.889012Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d42ca72c-2dab-56da-af37-959d40ad68ef","name":"KnuckleTouch","description":"<sup>[[Microsoft KnuckleTouch 2024](https://app.tidalcyber.com/references/b4b71551-45a7-50eb-891f-0f3df592f316)]</sup>","source":"MITRE","associated_software_id":"d854b855-c1a4-46d6-9a3b-d7cafcff526c","owner_id":null,"owner_name":null}],"groups":[{"description":"[Kapeka](https://app.tidalcyber.com/software/c02ade32-d063-5b37-b598-80c09321184a) is associated with [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) operations and previous malware variants such as [GreyEnergy](https://app.tidalcyber.com/software/f646e7f9-4d09-46f6-9831-54668fa20483).<sup>[[Microsoft KnuckleTouch 2024](https://app.tidalcyber.com/references/b4b71551-45a7-50eb-891f-0f3df592f316)]</sup><sup>[[WithSecure Kapeka 2024](https://app.tidalcyber.com/references/0160d4fa-0a68-5310-a96f-840748d63acf)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a8a58d9f-e94f-4cf9-ae13-f807c5b76fa2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ca883d21-97ca-420d-a66b-ef19a8355467","name":"KARAE","type":"malware","source":"MITRE","software_attack_id":"S0215","tidal_id":"1264fdbf-145c-5581-838f-cb6897b43b6b","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1896b9c9-a93e-4220-b4c2-6c4c9c5ca297","name":"Kasidet","type":"malware","source":"MITRE","software_attack_id":"S0088","tidal_id":"b182ee0a-657a-5b5d-9864-a75463fb0f76","created":"2017-05-31T21:32:57.344000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"0cce10f0-ab7b-49c4-8c79-b3ca3f51e64f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"256a50e2-7a4e-4c8c-9cdc-89c75afe98e1","name":"KawaLocker","type":"malware","source":"Tidal Cyber","software_attack_id":"S3561","tidal_id":"d4df90f4-fb04-54ad-ad30-666f560bce7c","created":"2025-10-07T14:07:34.077337Z","modified":"2025-10-07T14:07:34.077341Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d4129eb0-5774-436a-9bc0-a51334361ec1","name":"KAWA4096","description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","source":"USER","associated_software_id":"dddaaf4c-bb74-4baf-a2cc-9f77d849c925","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","group_attack_id":"G3134","group_id":"45a5d563-0e93-405a-ae8c-cca71e88f441","name":"J Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3643a850-d538-433d-99ca-e20073ca1e37","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"28a37605-4b61-4ce2-86ac-158a21a5f1d0","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"d569f9bc-f2ab-469c-bd36-96618b0d3959","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"67a57886-948c-4a9a-8f8d-8016de07ee0b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c54f9967-89a3-45c1-af30-49a2a57f7045","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e93990a0-4841-4867-8b74-ac2806d787bf","name":"Kazuar","type":"malware","source":"MITRE","software_attack_id":"S0265","tidal_id":"03ee22b2-7b03-58e5-b29c-25b176d27bcf","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 Kazuar May 2017](https://app.tidalcyber.com/references/07e64ee6-3d3e-49e4-bb06-ff5897e26ea9)]</sup><sup>[[Talos TinyTurla September 2021](https://app.tidalcyber.com/references/94cdbd73-a31a-4ec3-aa36-de3ea077c1c7)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fc48c33f-b49c-4e3c-ba45-322b79dc70e2","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"5edbdc58-9f37-45fd-babe-bcffb8e676da","name":"KDU","type":"tool","source":"Tidal Cyber","software_attack_id":"S3926","tidal_id":"39b87a0c-2818-59fb-be6a-bf7d547f2808","created":"2026-01-14T13:31:36.735442Z","modified":"2026-01-14T13:31:36.735447Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd5321ce-9e6b-4d13-8424-a621bf7fadf2","name":"Kernel Driver Utility","description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","source":"USER","associated_software_id":"6b328909-18ff-4ea9-80ae-45d4f0a89458","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","group_attack_id":"G3200","group_id":"8adc41b2-e496-4e2c-ba1f-6420e7359669","name":"Unattributed Chinese-speaking ESXi Exploit Developer","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fc165734-1207-407d-bac8-7eeb2241fbc3","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"7015d289-1407-46e2-a675-7f9813136091","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"70f30261-ce65-4c11-a5eb-84bf68150f98","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"f7d5f0a3-7d0d-4646-9ab9-3687646362bd","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f79e354e-afb3-42e4-aa0c-f78cc030ee34","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"17c28e46-1005-4737-8567-d4ad9f1aefd1","name":"Kerrdown","type":"malware","source":"MITRE","software_attack_id":"S0585","tidal_id":"e697a328-f969-5358-855f-b6ee3aa4294e","created":"2021-03-02T13:38:32.673000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Amnesty Intl. Ocean Lotus February 2021](https://app.tidalcyber.com/references/a54a2f68-8406-43ab-8758-07edd49dfb83)]</sup><sup>[[Unit 42 KerrDown February 2019](https://app.tidalcyber.com/references/bff5dbfe-d080-46c1-82b7-272e03d2aa8c)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"672411d8-6b4e-400c-8ee9-7455c3409585","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"32f1e0d3-753f-4b51-aec5-cfaa393cedc3","name":"Kessel","type":"malware","source":"MITRE","software_attack_id":"S0487","tidal_id":"277457f4-d509-583c-8d78-52dd9a520790","created":"2020-07-16T15:14:25.631000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b9730d7c-aa57-4d6f-9125-57dcb65b02e0","name":"Kevin","type":"malware","source":"MITRE","software_attack_id":"S1020","tidal_id":"290ec14a-914e-5fb1-864c-3e8030cb6de2","created":"2022-06-14T14:27:43.651000Z","modified":"2022-08-31T16:38:11.028000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6ec39371-d50b-43b6-937c-52de00491eab","name":"KeyBoy","type":"malware","source":"MITRE","software_attack_id":"S0387","tidal_id":"e4f1836c-15d9-5286-a626-f28b6035317a","created":"2019-06-14T16:45:33.729000Z","modified":"2021-02-09T14:04:15.433000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 Tropic Trooper Nov 2016](https://app.tidalcyber.com/references/cad84e3d-9506-44f8-bdd9-d090e6ce9b06)]</sup><sup>[[CitizenLab Tropic Trooper Aug 2018](https://app.tidalcyber.com/references/5c662775-9703-4d01-844b-40a0e5c24fb9)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"aefbe6ff-7ce4-479e-916d-e8f0259d81f6","name":"Keydnap","type":"malware","source":"MITRE","software_attack_id":"S0276","tidal_id":"5a04bfc0-352f-5bae-9578-239436e70a5c","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"07ba0d37-1346-40dc-9302-2f0a11df801b","name":"OSX/Keydnap","description":"<sup>[[OSX Keydnap malware](https://app.tidalcyber.com/references/d43e0dd1-0946-4f49-bcc7-3ef38445eac3)]</sup>","source":"MITRE","associated_software_id":"115076c8-07e5-4bb3-8951-0a1a57666b17","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"a644f61e-6a9b-41ab-beca-72518351c27f","name":"KEYMARBLE","type":"malware","source":"MITRE","software_attack_id":"S0271","tidal_id":"478647b6-f5c1-5657-95ba-d51a2a6e4bd5","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT KEYMARBLE Aug 2018](https://app.tidalcyber.com/references/b30dd720-a85d-4bf5-84e1-394a27917ee7)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ba9e56b9-7904-5ec8-bb39-7f82f7b2e89a","name":"KEYPLUG","type":"malware","source":"MITRE","software_attack_id":"S1051","tidal_id":"e71b2655-3673-578d-b88d-2ba4998913dc","created":"2023-05-26T01:20:53.364367Z","modified":"2023-05-26T01:20:53.364370Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"53060feb-8a44-43ac-aafe-93e24b94203f","name":"KEPLG","description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","source":"USER","associated_software_id":"375c1ea8-6d51-4001-9f67-efa4114cc019","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"596141b0-1434-5db7-b6aa-b38ba7fd557f","name":"KEYPLUG.LINUX","description":"<sup>[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]</sup>","source":"MITRE","associated_software_id":"a649459f-dd6d-424f-87c4-aeb8412ca6f6","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Mandiant APT41](https://app.tidalcyber.com/references/e54415fe-40c2-55ff-9e75-881bc8a912b8)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"1b54237b-1c3a-47f0-9877-eccc9e16fca3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a6ae8228-3915-446e-8586-7ebc07d87e06","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"08ab2bfb-073e-42a1-a8d4-bc144651ebd7","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"}],"owner_name":null},{"id":"db416419-c6dc-5620-bfee-0734ec48c0d1","name":"KeyRaider","type":"malware","source":"Mobile","software_attack_id":"S0288","tidal_id":"db416419-c6dc-5620-bfee-0734ec48c0d1","created":"2026-01-28T13:08:09.938023Z","modified":"2026-01-28T13:08:09.938025Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c1e1ab6a-d5ce-4520-98c5-c6df41005fd9","name":"KGH_SPY","type":"malware","source":"MITRE","software_attack_id":"S0526","tidal_id":"a7a5865c-3118-5941-b429-9c24f3090e78","created":"2020-11-06T18:58:35.456000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b53f8422-4946-46cc-b602-5474ebc8de52","name":"ki2mtmkl.dll","type":"malware","source":"Tidal Cyber","software_attack_id":"S3885","tidal_id":"e334e10d-5f58-5771-81bf-9a0303ca7430","created":"2026-01-06T18:05:08.168961Z","modified":"2026-01-06T18:05:08.168964Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"616da425-3a30-4afb-8886-1fa3b5fd1a7e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"d8d20eb0-72a5-425c-81c5-5c1847866e27","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"3dcff08a-9ba9-4498-b93c-5a37aaf43594","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"142ada8d-8d46-48f1-8dc2-e40aab0babe9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"cd4ba360-8324-48c9-b3a2-5b924a207e07","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6fda0633-3547-4518-a036-b76fbc0bc570","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5cabc1a2-8d55-41ec-bd59-96f4633dbb11","name":"Kidkadi","type":"malware","source":"Tidal Cyber","software_attack_id":"S3847","tidal_id":"6773a0dd-8c83-549b-bac8-4342dc4eb70b","created":"2025-12-29T17:41:08.348572Z","modified":"2025-12-29T17:41:08.348576Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"97be5dcd-3622-4b6f-808c-294bfc337487","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"9f47f22a-8c51-4e34-a7ab-c48da00291e3","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"19ca7785-d59a-49d6-bfad-fd80297e026f","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"94b42ad3-7536-45b7-b652-62ecde59c428","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f788877c-81b9-4626-b9ab-8ec911c16bb9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b5532e91-d267-4819-a05d-8c5358995add","name":"KillDisk","type":"malware","source":"MITRE","software_attack_id":"S0607","tidal_id":"35cb777c-8f76-5c85-9e46-662cc15f490b","created":"2021-01-20T18:05:07.059000Z","modified":"2022-05-24T14:00:00.188000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1d652f06-c330-46f0-99b3-9c6884f0cbf6","name":"Win32/KillDisk.NBI","description":"","source":"ICS","associated_software_id":"12213e6d-72a5-447e-9e19-2a7eb7e2d81c","owner_id":null,"owner_name":null},{"id":"5a7fbb9d-1269-4a83-8822-c36767c8a14a","name":"Win32/KillDisk.NBH","description":"","source":"ICS","associated_software_id":"f716a88b-4693-4d43-97b0-c5603202d586","owner_id":null,"owner_name":null},{"id":"0da857e3-f5c2-4c91-8785-1929dd3580a4","name":"Win32/KillDisk.NBD","description":"","source":"ICS","associated_software_id":"4b3409dd-72c5-4808-9d11-7806955a7231","owner_id":null,"owner_name":null},{"id":"f045e129-95d5-43bf-9f4d-ee221ddd3ba4","name":"Win32/KillDisk.NBC","description":"","source":"ICS","associated_software_id":"c0b27dd0-0895-4ddb-97da-2d55f2c22ca6","owner_id":null,"owner_name":null},{"id":"603fd1c2-8762-43e4-9739-ad2f24a67400","name":"Win32/KillDisk.NBB","description":"","source":"ICS","associated_software_id":"df0e171c-ed35-4f1d-9ded-a16e58383bd7","owner_id":null,"owner_name":null},{"id":"ce9ccd1f-884b-4cd1-9f8b-94a2dafb79ed","name":"Win32/KillDisk.NBI","description":"","source":"MITRE","associated_software_id":"12213e6d-72a5-447e-9e19-2a7eb7e2d81c","owner_id":null,"owner_name":null},{"id":"0f8c5522-3cd2-4aea-bbc7-6ba33ab37514","name":"Win32/KillDisk.NBH","description":"","source":"MITRE","associated_software_id":"f716a88b-4693-4d43-97b0-c5603202d586","owner_id":null,"owner_name":null},{"id":"f4b77018-2523-4408-a2b0-601d13d642d1","name":"Win32/KillDisk.NBD","description":"","source":"MITRE","associated_software_id":"4b3409dd-72c5-4808-9d11-7806955a7231","owner_id":null,"owner_name":null},{"id":"ccd8e126-f0e0-4587-9ee8-4ac697086e9e","name":"Win32/KillDisk.NBC","description":"","source":"MITRE","associated_software_id":"c0b27dd0-0895-4ddb-97da-2d55f2c22ca6","owner_id":null,"owner_name":null},{"id":"de61a923-4ed1-4f83-97dd-2f98c2bda21f","name":"Win32/KillDisk.NBB","description":"","source":"MITRE","associated_software_id":"df0e171c-ed35-4f1d-9ded-a16e58383bd7","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup><sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup><sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[ESET Lazarus KillDisk April 2018](https://app.tidalcyber.com/references/454704b7-9ede-4d30-acfd-2cf16a89bcb3)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[ESET Lazarus KillDisk April 2018](https://app.tidalcyber.com/references/454704b7-9ede-4d30-acfd-2cf16a89bcb3)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"15c70382-d290-4419-94ff-1f6124255c89","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"fa85f93a-7617-445d-9167-c858e6196524","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"99b1c09c-d329-4a8b-ab18-8fe61b85def1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"64507423-2b90-4af1-8341-fdb95b01b620","name":"KillSec Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3413","tidal_id":"ba53bdd4-e0bf-535b-8f25-529cc9573760","created":"2024-11-25T18:01:20.747847Z","modified":"2024-11-25T18:01:20.747851Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cyber Express KillSec June 26 2024](/references/9afb764a-84fb-4fea-b925-d7d36a24ac14)]</sup>","group_attack_id":"G3065","group_id":"0ed0c954-780d-46a7-a955-f1f4dc91f0ac","name":"KillSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"759a893c-8937-4135-98c3-d081b8f32d37","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"2cf89908-2e3f-4924-bef7-2bc799f84b67","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"dcf015e1-3f8c-4a74-8b9b-8c9cb932af5f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"62043446-4d58-477e-8c8d-f167e687b93e","name":"KimJongRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3717","tidal_id":"ff0010d8-42db-59a7-b3f6-9eb2830b4bc7","created":"2025-12-10T14:14:59.127568Z","modified":"2025-12-10T14:14:59.127572Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ENKI Kimsuky KimJongRAT November 21 2025](/references/e060d834-1dfa-4451-b921-7aa26a2ffa30)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"71eef92d-1a41-462a-bc67-ca17674426e2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9494bce2-b66c-42fa-8bca-6dff5abfef24","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7b4f157c-4b34-4f55-9c20-ff787495e9ba","name":"Kinsing","type":"malware","source":"MITRE","software_attack_id":"S0599","tidal_id":"2e4660b8-ab2d-5c62-aa1e-6465b461e1ab","created":"2021-04-06T12:22:23.447000Z","modified":"2021-08-26T16:39:07.873000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[],"tags":[{"id":"fd6d3de1-4c74-48b4-a41b-6d55036752bf","tag":"efa33611-88a5-40ba-9bc4-3d85c6c8819b"},{"id":"9a4e40ec-0eed-4de2-b6c1-2a775c764501","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"}],"owner_name":null},{"id":"673ed346-9562-4997-80b2-e701b1a99a58","name":"Kivars","type":"malware","source":"MITRE","software_attack_id":"S0437","tidal_id":"76d490cf-e280-5b1f-9b15-d1e1b1766086","created":"2020-05-06T18:10:59.143000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro BlackTech June 2017](https://app.tidalcyber.com/references/abb9cb19-d30e-4048-b106-eb29a6dad7fc)]</sup><sup>[[Symantec Palmerworm Sep 2020](https://app.tidalcyber.com/references/84ecd475-8d3f-4e7c-afa8-2dff6078bed5)]</sup>","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"5e981594-d00a-4c7f-8ed0-3d4a60cc3fcd","name":"Koadic","type":"tool","source":"MITRE","software_attack_id":"S0250","tidal_id":"37eb3f69-5ad4-5bf2-b18c-b450176da50e","created":"2018-10-17T00:14:20.652000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ATT Sidewinder January 2021](https://app.tidalcyber.com/references/d6644f88-d727-4f62-897a-bfa18f86380d)]</sup>","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Reaqta MuddyWater November 2017](https://app.tidalcyber.com/references/ecd28ccf-edb6-478d-a8f1-da630df42127)]</sup><sup>[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Palo Alto Sofacy 06-2018](https://app.tidalcyber.com/references/a32357eb-3226-4bee-aeed-d2fbcfa52da0)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b3b720e1-e2e0-457f-bee1-0f3407fe92f8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"2c6f0e76-098e-4ad5-b5c1-06f0d2dfc19e","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"bf918663-90bd-489e-91e7-6951a18a25fd","name":"Kobalos","type":"malware","source":"MITRE","software_attack_id":"S0641","tidal_id":"a974c73f-14eb-55af-b49e-bba073fad48d","created":"2021-08-24T18:56:35.507000Z","modified":"2021-10-25T17:16:21.187000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3e13d07d-d9e1-4456-bec3-b2375e404753","name":"KOCTOPUS","type":"malware","source":"MITRE","software_attack_id":"S0669","tidal_id":"c45f4070-551c-52d2-ad59-057871bf7b96","created":"2021-12-06T22:38:37.418000Z","modified":"2022-07-29T19:46:14.547000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2cf1be0d-2fba-4fd0-ab2f-3695716d1735","name":"Komplex","type":"malware","source":"MITRE","software_attack_id":"S0162","tidal_id":"2dbbbf71-5ef6-5a08-a991-b9d42e8f7b60","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[XAgentOSX 2017](https://app.tidalcyber.com/references/2dc7a8f1-ccee-46f0-a995-268694f11b02)]</sup><sup>[[Sofacy Komplex Trojan](https://app.tidalcyber.com/references/a21be45e-26c3-446d-b336-b58d08df5749)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3067f148-2e2b-4aac-9652-59823b3ad4f1","name":"KOMPROGO","type":"malware","source":"MITRE","software_attack_id":"S0156","tidal_id":"ac90744c-80fb-50cc-a8d5-4eddf4b4bd70","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d381de2a-30cb-4d50-bbce-fd1e489c4889","name":"KONNI","type":"malware","source":"MITRE","software_attack_id":"S0356","tidal_id":"d6f65ef6-cde5-5e4b-9f20-0a25a84fc947","created":"2019-01-31T00:36:39.771000Z","modified":"2022-04-13T17:26:25.143000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e721b206-83e8-4a85-b369-bd5ea38ffb9c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d09c4459-1aa3-547d-99f4-7ac73b8043f0","name":"KOPILUWAK","type":"malware","source":"MITRE","software_attack_id":"S1075","tidal_id":"96a9a80b-57a0-558f-bb65-cb1645e751d3","created":"2023-11-07T00:35:44.904270Z","modified":"2023-11-07T00:35:44.904276Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Suspected Turla Campaign February 2023](https://app.tidalcyber.com/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6b2126a3-243c-4196-8386-5ee94fd4cd53","name":"Kraken ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3668","tidal_id":"27461af1-97cc-59d1-aa0b-9952bb64ca33","created":"2025-12-10T14:14:51.061052Z","modified":"2025-12-10T14:14:51.061056Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog November 13 2025](/references/a4982787-11b3-484b-b28b-c24b51405e57)]</sup>","group_attack_id":"G3153","group_id":"b44bce1c-76d9-4312-9b75-205740813607","name":"Kraken","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"912fa8da-872a-45f5-b674-7f3389a98f20","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8670a816-c7d9-4dd7-9e1a-4e0b56874c70","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9aaee2f3-6aad-4a5f-a2db-c9bf582712d8","name":"KSwapDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3745","tidal_id":"8d66be84-e7cb-56ff-bcbd-40b2bd89cd29","created":"2025-12-17T14:18:48.564394Z","modified":"2025-12-17T14:18:48.564397Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 December 12 2025](/references/02aae606-da8f-4c9b-86e0-5b960579c8d7)]</sup>","group_attack_id":"G3162","group_id":"d858b6e6-329a-462e-b55b-4fb4aa33291b","name":"Red Menshen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3f3a337c-c5ae-401c-bcd3-957bf0017284","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6e99c512-de20-44e5-a8f6-0f13b01da5e4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a23fb127-929a-432d-be80-c14700f4bfaa","name":"Kubo Injector","type":"tool","source":"Trellix TIG","software_attack_id":"S3461","tidal_id":"3fd486ca-770c-54ef-8921-e55941b66894","created":"2025-04-11T15:06:52.480252Z","modified":"2025-04-11T15:06:52.480255Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"35ac4018-8506-4025-a9e3-bd017700b3b3","name":"Kwampirs","type":"malware","source":"MITRE","software_attack_id":"S0236","tidal_id":"2aa6760d-2fcd-5368-8b6f-d323b9e5890f","created":"2018-10-17T00:14:20.652000Z","modified":"2020-03-18T22:06:42.386000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2a760071-4fed-4df8-b7e9-fa7b606702ff","name":"Ladon 911","type":"tool","source":"Tidal Cyber","software_attack_id":"S3433","tidal_id":"12350664-fe2b-512a-a0f6-96d414d4eed2","created":"2025-02-24T20:29:01.338996Z","modified":"2025-02-24T20:29:01.339000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9277bfb7-71b4-48ad-95f9-bce5fa5defa1","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"406b5cd9-49a7-4d91-ae48-f80b12548c31","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"958d35df-1d33-4ded-8589-5f2115fbbc41","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b95f1097-1b6a-4e6a-8616-c364c87214aa","tag":"09de661e-60c4-43fb-bfef-df017215d1d8"},{"id":"ae3d673e-c982-4d5f-a46e-05aaed229e67","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"a1fcbc65-3698-45a4-bd2a-87594175219b","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0d3be9a7-0e12-46e1-92e4-eca1de512bec","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f79e9068-ab74-4821-abcd-7fddd6ea229d","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"961b8a9e-e54d-41c7-abda-f7e9b7722386","name":"LalsDumper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3802","tidal_id":"bf5918ba-e9c0-57b9-9972-cfaef057f79a","created":"2025-12-24T14:57:27.132623Z","modified":"2025-12-24T14:57:27.132626Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3179","group_id":"66b0f5f6-3377-4f5d-ac79-605dad9221f1","name":"Ink Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"11a0664e-9e80-4d16-9522-0fb0ae9d620d","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"d43eefb0-89dc-44ff-b043-2493bd6a1840","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"3c4fb7bf-1f08-4264-ae28-8dda2ec91aca","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"26f12771-3298-4649-bf04-0a15def81a32","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ced763ff-f853-453b-b08b-92dfc2db425f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"413585a2-00d1-532d-953a-bc5c86f4767f","name":"Latrodectus","type":"malware","source":"MITRE","software_attack_id":"S1160","tidal_id":"413585a2-00d1-532d-953a-bc5c86f4767f","created":"2024-10-31T16:28:05.273300Z","modified":"2024-10-31T16:28:05.273304Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"63b5d17b-48e5-5848-a076-ffca80bbaa09","name":"Unidentified 111","description":"<sup>[[Bleeping Computer Latrodectus April 2024](https://app.tidalcyber.com/references/b138b07e-d68b-5f68-ba74-ddd7bb654fa6)]</sup>","source":"MITRE","associated_software_id":"0268cb50-549e-46fd-909e-49bf4049806e","owner_id":null,"owner_name":null},{"id":"785c630f-853c-5487-aa67-a21f513c08a3","name":"IceNova","description":"<sup>[[Bleeping Computer Latrodectus April 2024](https://app.tidalcyber.com/references/b138b07e-d68b-5f68-ba74-ddd7bb654fa6)]</sup>","source":"MITRE","associated_software_id":"62c29157-857d-4bdb-911d-81370cccd516","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]</sup><sup>[[Bitsight Latrodectus June 2024](https://app.tidalcyber.com/references/9a942e75-3541-5b8d-acde-8f2a3447184a)]</sup>","group_attack_id":"G1038","group_id":"b47551ba-8036-5527-abba-fed787c854a5","name":"TA578","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Expel October 31 2025](/references/ce92580a-66f0-431c-9ee8-7efec2bd4585)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[EclecticIQ August 16 2024](/references/79e0a74f-799f-445e-a677-cc08e66f3113)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c0cde451-f64a-4d34-8136-00954ad1b08f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"684ff1f8-a37e-4e62-bf56-709ff616c4c2","name":"launchd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3779","tidal_id":"9d68657c-7f69-5c1c-8280-73e1dddf5444","created":"2025-12-17T14:18:53.739100Z","modified":"2025-12-17T14:18:53.739103Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"86351783-03c0-486d-8d81-b3e4f5c0ef9a","name":"launchctl","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"fb51e976-f0ba-43b8-b30e-aa36c9530fac","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro September 04 2025](/references/a8f04ece-adbd-4319-b62f-2554d287a61e)]</sup>","group_attack_id":"G3177","group_id":"29243321-228e-4d45-99a3-848c7fc1dbd1","name":"Water Daruanak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"aca7461e-08d8-43c9-99a8-42f692ce0b77","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d97c007b-b634-4e08-b143-dd9e321e408a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"288b2ab2-255a-457a-a6eb-02ee4711d6b8","name":"Launch-VsDevShell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3379","tidal_id":"7e5f0221-69a7-53b5-ade9-7afe83ede1a7","created":"2024-01-12T14:48:47.336286Z","modified":"2024-01-12T14:48:47.336290Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d1d035ea-1d90-45dd-9ff0-0536dd045a51","name":"Launch-VsDevShell.ps1","description":"<sup>[[Launch-VsDevShell.ps1 - LOLBAS Project](/references/6e81ff6a-a386-495e-bd4b-cf698b02bce8)]</sup>","source":"Tidal Cyber","associated_software_id":"b7501271-0611-44a6-b8ee-844345798754","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a21a9009-2078-456e-8b0d-a964b8f0ba51","tag":"5be0da70-9249-44fa-8c3b-7394ef26b2e0"},{"id":"d8f4b8a3-48e5-43d8-87e9-4d39f22fee0d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a8450ac3-2279-4aec-b534-a72194cecff3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f5558af4-e3e2-47c2-b8fe-72850bd30f37","name":"LaZagne","type":"tool","source":"MITRE","software_attack_id":"S0349","tidal_id":"10f8488d-3635-5f0a-a066-4765138009dd","created":"2019-01-30T16:44:59.887000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro Tonto Team October 2020](https://app.tidalcyber.com/references/140e6b01-6b98-4f82-9455-0c84b3856b86)]</sup>","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Cloud Atlas August 2019](https://app.tidalcyber.com/references/4c3ae600-0787-4847-b528-ae3e8ff1b5ef)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) can obtain credential information using [LaZagne](https://app.tidalcyber.com/software/f5558af4-e3e2-47c2-b8fe-72850bd30f37).<sup>[[MSTIC Octo Tempest Operations October 2023](https://app.tidalcyber.com/references/92716d7d-3ca5-5d7a-b719-946e94828f13)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Buckeye](https://app.tidalcyber.com/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]</sup>","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET EvilNum July 2020](https://app.tidalcyber.com/references/6851b3f9-0239-40fc-ba44-34a775e9bd4e)]</sup>","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]</sup><sup>[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]</sup>","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ATT TeamTNT Chimaera September 2020](https://app.tidalcyber.com/references/5d9f402f-4ff4-4993-8685-e5656e2f3aff)]</sup>","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ThreatDown RansomHub September 9 2024](/references/34422e6e-0e79-48ba-a942-9816e9b4ee7c)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"5449f49f-cede-465e-947b-e7afd66844ab","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"ddf89a40-1130-4e80-8989-5528bd44483a","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"61862fd5-6329-4c25-93f1-08059da78e1d","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"0cf96078-8184-4f4e-b698-73bf43fb9955","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"d0b2fa92-7bf3-4fd6-a666-c19c92966fed","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"065615f5-8e33-43f2-bdf9-b98961228ef1","tag":"26c5dec7-3184-4873-ae20-9558a498a27f"},{"id":"72976229-854d-4e7c-a920-26b3b69fdba6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a3ce494a-f725-435f-a35e-df1958ee3e59","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cdae1204-231d-4a7e-8308-1c44713d7195","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"7cc2d5bc-8c6c-4482-a35b-ddb71194c018","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"0af122b0-43e0-4b9a-839f-d7d294cfe7f7","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"994f3aee-b351-489f-b871-dcdb0f76eb79","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"172c3c53-b57d-4859-a56c-bb27c3f490af","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e9e77c93-6a8f-4ba4-8742-5d1c35ba2a64","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"bf716a54-6884-400a-b41b-e4b295e8557e","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":null},{"id":"23cce166-fa2d-4b2f-922f-668a003f1e66","name":"Lbpyjxefa.dll","type":"malware","source":"Tidal Cyber","software_attack_id":"S3908","tidal_id":"a9b3ebd6-459a-5f48-94d9-41d6249d65b0","created":"2026-01-14T13:31:33.590836Z","modified":"2026-01-14T13:31:33.590841Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securonix January 05 2026](/references/314a9db4-8a16-4732-aa23-b24b38897943)]</sup>","group_attack_id":"G3197","group_id":"a28a00b1-dbee-448c-9f91-690dcca00de8","name":"PHALT#BLYX Threat Actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"401673ef-c188-42f7-a435-6d1da0049575","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"2f327d92-6e6b-4bbe-9390-13b7df06fc69","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"bfa12687-f1cd-4666-b3a9-ff0f2138f314","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fc059a2b-64e1-45b3-9911-c2785399cc3e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d0ff555f-ba74-457c-b6e4-02962c230b60","name":"Ldifde","type":"tool","source":"Tidal Cyber","software_attack_id":"S3240","tidal_id":"5fa5cbb9-4515-5bb0-ab66-cca0d88f5e99","created":"2023-07-14T12:56:41.275765Z","modified":"2023-07-14T12:56:41.275769Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e35b1b7d-6a90-4758-9b38-d6f08fed6726","name":"Ldifde.exe","description":"<sup>[[Ldifde.exe - LOLBAS Project](/references/45d41df9-328c-4ea3-b0fb-fc9f43bdabe5)]</sup>","source":"Tidal Cyber","associated_software_id":"6c55efe5-a5d3-411d-8993-697f2fc91144","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bc0a2423-d406-44b9-a6f7-202d46ba08c8","tag":"cea43301-9f7a-46a5-be3a-3a09f0f3c09e"},{"id":"5485fd07-f4a4-49ea-a63e-dc8b35dd99c3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"8e902b51-d07f-4e69-babf-7a8053085d91","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"ace92f1c-00aa-4abf-bbd5-c57df3afed39","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"94e612b8-ada7-4d4f-8ca3-433a7b21a417","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"732861ed-a641-463b-affa-d720c39ba202","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c7a5fbbd-a4e0-429d-b2ed-13a1fa3bc4cc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5357c878-b90b-47cb-86b6-311089db8ccc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d5d79a51-3756-40de-81cd-4dac172fbb74","name":"LEMURLOOT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3022","tidal_id":"df0cdd73-78ff-5463-a919-34ee38228776","created":"2023-07-28T16:33:36.613468Z","modified":"2023-07-28T16:33:36.613474Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant MOVEit Transfer June 2 2023](/references/232c7555-0483-4a57-88cb-71a990f7d683)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3a41d379-966a-4b94-b49d-71bd76bee4aa","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e1dd6770-1e4b-4124-be79-a2854bc4de83","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"edda33bd-afb6-4d24-aba3-5e09188acc34","tag":"173e1480-8d9b-49c5-854d-594dde9740d6"},{"id":"e2679018-189c-4e39-9400-0acbf3f51b2a","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"98a16336-e8ca-434f-9b04-89399835fef5","name":"LetsPRO.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3902","tidal_id":"56393af1-2ad5-5cbc-9d55-a477fdf972d2","created":"2026-01-14T13:31:32.570866Z","modified":"2026-01-14T13:31:32.570871Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bf2db073-2ce8-465d-afb5-9d80a1fd0f90","name":"LetsPro","description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","source":"USER","associated_software_id":"fe74ff87-5d05-49a8-bdc6-ad37e971362d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9cf51daf-aa7b-4bf8-8c35-272bbf96dc77","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"7bc2db35-3bd6-48cb-986f-466430fb33c0","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"f74f9422-5360-46b1-8197-d6b292dfbc9b","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5975486b-5f1e-407f-82e9-4af5c640b166","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"51d9430a-0706-4606-a418-11d5f2ae85a9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"bce485ad-7d4f-45b6-b3c1-218f2f757611","name":"Level","type":"tool","source":"Tidal Cyber","software_attack_id":"S3092","tidal_id":"e8c8bf76-1a88-58e0-a1b9-79321123406e","created":"2023-11-17T17:09:25.687153Z","modified":"2023-11-17T17:09:25.687158Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a8fb8466-5721-4b25-9f8a-a979d8906b0c","name":"Level Remote Management","description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","source":"Tidal Cyber","associated_software_id":"de43630e-5949-4c69-ab58-9e3d44a72386","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"1c96db74-8cd0-41d5-8fcc-64c745e30d59","name":"Level.io","description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","source":"Tidal Cyber","associated_software_id":"d24d63ab-a1b5-4e20-9e60-f2df8fba9cb7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9ac3f8fe-554c-4fe2-80c1-1601f2c59e3a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"71db6881-07ed-4f82-bac6-973581f4b645","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2ef409e3-56b5-4f74-9bbb-0e3f6d23e555","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e13bc847-3075-40de-bce0-8d20d0b6698c","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"eca794fe-429a-4855-b76d-adf75b8f963d","name":"libexpat.dll (malicious variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3905","tidal_id":"0f415e1a-f50a-5d4b-b60a-0aaa67cbbe30","created":"2026-01-14T13:31:33.078516Z","modified":"2026-01-14T13:31:33.078520Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 26 2025](/references/0d6e9bfe-9c6c-40ba-9d12-30273b559d13)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f69814f2-7876-4508-870b-38a3affbb350","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"1086d1c0-8662-4d08-bc94-ee18fe195899","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"fe7b6ef7-2621-4cea-a7cf-af8f82b9306e","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"b722b125-85b3-4a68-b5b5-e2b1b098c135","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"41ba6e0f-e5a7-4898-b4a4-92a4639a641f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d9bb5ee4-f794-4d1d-9a3e-a67a280f06a7","name":"libpython2.4.dll","type":"tool","source":"Tidal Cyber","software_attack_id":"S3855","tidal_id":"fb890b8c-c2d2-57e8-958f-18905af4219b","created":"2025-12-29T17:41:09.549567Z","modified":"2025-12-29T17:41:09.549571Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 24 2025](/references/f7f6c441-7b98-43fc-b173-2be753d6bf97)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3b736aa3-a2f0-4cb6-ac68-f8e00306d7b6","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"98fa0086-917c-4969-a9d2-af6f2ad77a1c","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"d14f1af2-4746-41cb-8655-031cb17bfc89","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"ff7663ee-a183-431b-9403-75fb95385269","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b2aa18e8-a0f6-4c55-9964-eaf3503dab70","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c9d2f023-d54b-4d08-9598-a42fb92b3161","name":"LightNeuron","type":"malware","source":"MITRE","software_attack_id":"S0395","tidal_id":"7bf51d90-6cff-5558-8108-c1a6f4c3479e","created":"2019-06-28T13:09:26.710000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET LightNeuron May 2019](https://app.tidalcyber.com/references/679aa333-572c-44ba-b94a-606f168d1ed2)]</sup><sup>[[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"cf89306c-8526-4363-b133-3d35a93e4e47","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"20c51cdc-44a4-4094-acd2-8c41c8534822","name":"LIGHTRAIL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3642","tidal_id":"8bee52d2-8927-564f-a13f-929b7685a3de","created":"2025-11-19T17:45:40.705688Z","modified":"2025-11-19T17:45:40.705691Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"49466c3b-f215-42fa-8cda-0cdb94287c37","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"55ba5fd6-6ea9-46af-9cdd-19d1cf28a422","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ea7435b5-bb56-5ee1-ac2e-256aec44ae47","name":"LightSpy","type":"malware","source":"MITRE","software_attack_id":"S1185","tidal_id":"ea7435b5-bb56-5ee1-ac2e-256aec44ae47","created":"2025-04-22T20:46:58.230575Z","modified":"2025-04-22T20:46:58.230578Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"},{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[{"description":"<sup>[[MelikovBlackBerry LightSpy 2024](https://app.tidalcyber.com/references/633f7a09-721f-5e16-ba3b-0b1802a41852)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MelikovBlackBerry LightSpy 2024](https://app.tidalcyber.com/references/633f7a09-721f-5e16-ba3b-0b1802a41852)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[{"id":"d6b06974-94e8-49e0-a9f6-a12be847c59e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"1b3af76f-f9a1-58ce-8c7d-aec535f8d0c0","name":"LIGHTWIRE","type":"malware","source":"MITRE","software_attack_id":"S1119","tidal_id":"62cc899d-e658-5d1d-9f9e-7d628fcf1299","created":"2024-04-25T13:28:19.064451Z","modified":"2024-04-25T13:28:19.064454Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"3113cb05-23b4-4f90-ab7a-623b800302ce","name":"Ligolo","type":"tool","source":"Tidal Cyber","software_attack_id":"S3036","tidal_id":"fa4049aa-7672-5cdd-a290-dd7e22ca8d93","created":"2023-08-18T18:56:21.488043Z","modified":"2023-08-18T18:56:21.488051Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Pioneer Kitten August 28 2024](/references/783f4aee-84d9-43dc-accc-99fee6b1ff92)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant ALPHV Affiliate April 3 2023](/references/b8375832-f6a9-4617-a2ac-d23aacbf2bfe)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET APT Activity Report Q4 2023-Q1 2024](/references/896cc899-b667-4f9d-ba90-8650fb978535)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b9095d5e-e113-4991-9f43-5ddea4a836a9","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"c854f0f5-c31e-461e-8290-47f256b586b8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7573c542-11f2-4786-8158-7211311e0e10","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"108ffede-85d1-4983-aa7f-a72ca9ae8fea","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"4bf0544c-e33b-4a27-9060-0b98178fd263","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1ef8b460-39a0-4dd7-80fd-90f9cf0ede77","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3976d92f-6c2e-42ad-a5fa-5d974c1179ae","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"664f561b-88e2-41f5-be7b-6f6f5af756cc","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"f61f7336-5586-4ceb-852f-d2f86cf4a05d","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"22b4ffc9-e471-4d85-9ed5-f65906b08480","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"91d7e296-234c-4d23-84c6-44494c20788b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e0fbacdf-ef3c-41d3-8273-cdedf91693de","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4b345932-4003-4f19-b490-ede26e82038a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9781f766-1afc-517b-9b3e-1cbeed9c556e","name":"Line Dancer","type":"malware","source":"MITRE","software_attack_id":"S1186","tidal_id":"9781f766-1afc-517b-9b3e-1cbeed9c556e","created":"2025-04-22T20:46:57.728154Z","modified":"2025-04-22T20:46:57.728157Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"25999b5a-d111-4e14-91a9-9a8a32d9f6e7","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"fe0446e8-5af8-4a77-81af-5fdb310a2942","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"301950ef-fa98-4e94-a60d-5d34aed2d3a7","tag":"6bb2f579-a5cd-4647-9dcd-eff05efe3679"},{"id":"65a20b48-24d3-4172-bf51-36091387da9e","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"132e109e-9673-4d72-8fa8-e597e838e1f6","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"9aae5a8f-2ec2-43f8-9606-597277f22db4","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"}],"owner_name":null},{"id":"80412b83-74e4-4bea-b05b-84b00f41db69","name":"Line Dancer (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3132","tidal_id":"7193fbc2-213f-56a1-ace0-d0d5fcef4d40","created":"2024-05-07T16:51:47.051555Z","modified":"2024-05-07T16:51:47.051559Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"c73f7632-101f-4406-b0f2-55758c403859","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"a24bd0b6-bdfd-4fbf-94e2-6547f2aee0ae","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"d3388b1f-86eb-4b4d-8571-93038b8f3552","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"cb921641-3171-48ac-aaf7-73edb5be5c7a","tag":"6bb2f579-a5cd-4647-9dcd-eff05efe3679"},{"id":"783e19ad-bf4b-4b43-bfd6-539c38011433","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"e8bb7716-0189-4590-acfb-0e8f912aeabc","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"}],"owner_name":"TidalCyberIan"},{"id":"dd98310f-9824-5c75-944f-79b5eabbfe58","name":"Line Runner","type":"malware","source":"MITRE","software_attack_id":"S1188","tidal_id":"dd98310f-9824-5c75-944f-79b5eabbfe58","created":"2025-04-22T20:46:58.350429Z","modified":"2025-04-22T20:46:58.350433Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"81ffd154-8288-447d-9cfb-b9238616b25b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"d1fc310c-243e-4261-986b-d0cc7b8cabd5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"268bc508-2039-43f6-9e6c-886592014883","tag":"c25f341a-7030-4688-a00b-6d637298e52e"},{"id":"c144d322-1851-498d-9072-aeb1fa36626e","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"06f6a13d-a7d0-41f6-8a67-1527fe1f7ed5","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"a3d10ff3-e260-4f09-a847-ba5f77085943","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"4f04e338-4ebb-4a98-af5f-0ce52026fb80","tag":"2e85babc-77cd-4455-9c6e-312223a956de"}],"owner_name":null},{"id":"60bb6282-9eb8-4640-9d79-69c0c8ee0e0b","name":"Line Runner (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3133","tidal_id":"df6be616-ae62-5cdc-837a-b1f293b61cf6","created":"2024-05-07T16:51:47.266947Z","modified":"2024-05-07T16:51:47.266951Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[{"id":"470bbad4-d203-4a4d-9bb8-69bee539b1b9","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"faf758e2-280a-4bd8-8e7a-c6fe92860a0c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"50fb1578-0f6f-42ca-8ce5-360623a004c0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"062e97e0-f710-4fab-8b7b-2e603a0dc7f8","tag":"c25f341a-7030-4688-a00b-6d637298e52e"},{"id":"b0a90f1c-f3fd-4004-ab56-5ea9749ff770","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"aee27d84-f690-4f73-a0a5-f404f4aa305a","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"aa035ea3-12ac-45b4-9d83-95ac5f1daced","tag":"2e85babc-77cd-4455-9c6e-312223a956de"}],"owner_name":"TidalCyberIan"},{"id":"925975f8-e8ff-411f-a40e-f799968046f7","name":"Linfo","type":"malware","source":"MITRE","software_attack_id":"S0211","tidal_id":"0fcc7cd5-300f-5be0-9735-8ef367ad3177","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a09cedf5-885d-4ddf-a8c4-c236a5df90cf","name":"LinPEAS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3443","tidal_id":"21df948d-1067-5de0-b0a3-8659fad5590a","created":"2025-03-10T18:06:20.631592Z","modified":"2025-03-10T18:06:20.631596Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]</sup>","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Crowdstrike TELCO BPO Campaign December 2022](/references/382785e1-4ef3-506e-b74f-cd07df9ae46e)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"203fa1d1-8e53-4cc9-8533-ff0353a30512","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"0874966b-62c3-4e37-b172-892f6fb9979b","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"1c2d83b2-e5d8-4432-818c-c7a8a4887bdd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a6a62b55-f335-4075-8762-d9d48881e425","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"906529bc-249f-4440-835f-11c6c3060271","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"be3277a9-0177-495d-ac88-cfa60c3812c6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"51fd3285-6b3c-4190-912d-381ab6be29f0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d017e133-fce9-4982-a2df-6867a80089e7","name":"Linux Rabbit","type":"malware","source":"MITRE","software_attack_id":"S0362","tidal_id":"1daa0ab5-7e88-543b-832b-033935cc0d36","created":"2019-03-04T17:12:37.586000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"1b89b3a7-5412-41c6-b775-5365083c4a39","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"90c3c130-22df-46d9-9b82-125b8ff27346","tag":"70dc52b0-f317-4134-8a42-71aea1443707"}],"owner_name":null},{"id":"71e4028c-9ca1-45ce-bc44-98209ae9f6bd","name":"LiteDuke","type":"malware","source":"MITRE","software_attack_id":"S0513","tidal_id":"502b6b47-a650-5714-88d7-ec6fe23a08dd","created":"2020-09-24T17:51:35.005000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"aae51ff9-1f23-4635-ab34-27cede1cf882","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"cc568409-71ff-468b-9c38-d0dd9020e409","name":"LitePower","type":"malware","source":"MITRE","software_attack_id":"S0680","tidal_id":"e3334960-0268-53be-9a57-40507885b1bd","created":"2022-02-02T14:57:58.026000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky WIRTE November 2021](https://app.tidalcyber.com/references/143b4694-024d-49a5-be3c-d9ceca7295b2)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f40d8f67-5323-4ce8-a05b-a80980a23b34","name":"LittleDaemon","type":"malware","source":"Tidal Cyber","software_attack_id":"S3676","tidal_id":"b4557cb5-d2fd-5873-a7d5-551014a80c1b","created":"2025-12-10T14:14:52.463341Z","modified":"2025-12-10T14:14:52.463344Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET PlushDaemon November 19 2025](/references/fd6d089e-4549-4442-91bf-3cf1e85db012)]</sup>","group_attack_id":"G3069","group_id":"3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6","name":"PlushDaemon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a52b0261-36d9-45fd-9ffa-c44cf0a0b5d9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cf00f53c-010c-44ea-bb59-1b9f8f78558e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c9c5e7ad-6e95-5d53-b4db-f6b51c7167ca","name":"LITTLELAMB.WOOLTEA","type":"malware","source":"MITRE","software_attack_id":"S1121","tidal_id":"f0a491df-2c50-5b72-9a77-f4caaa46bc3f","created":"2024-04-25T13:28:17.598217Z","modified":"2024-04-25T13:28:17.598220Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"65d46aab-b3ce-4f5b-b1fc-871db2573fa1","name":"Lizar","type":"malware","source":"MITRE","software_attack_id":"S0681","tidal_id":"acbfccba-4c1c-5fe4-8e0e-a5ee5fddd741","created":"2022-02-02T21:05:48.601000Z","modified":"2022-04-15T11:40:31.460000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"59752f77-382b-4bc6-9e95-32a6db8c0e0a","name":"Tirion","description":"<sup>[[BiZone Lizar May 2021](https://app.tidalcyber.com/references/315f47e1-69e5-4dcb-94b2-59583e91dd26)]</sup><sup>[[Gemini FIN7 Oct 2021](https://app.tidalcyber.com/references/bbaef178-8577-4398-8e28-604faf0950b4)]</sup>","source":"MITRE","associated_software_id":"1eb0bda6-e564-43eb-b440-8da9ffd39909","owner_id":null,"owner_name":null},{"id":"58dbecaa-be90-4ca6-94d6-13bf22e979a2","name":"IceBot","description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","source":"Tidal Cyber","associated_software_id":"23ac6dbc-1075-4612-9afa-46d216fb696b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"e1efd315-f6de-4a5e-a1e5-e9a486c719a4","name":"DiceLoader","description":"<sup>[[Mandiant FIN7 Apr 2022](/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]</sup>","source":"Tidal Cyber","associated_software_id":"ac708833-b07b-4453-8e94-681bceffb5a0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"3bab0517-4950-5f20-bdc6-f2d62a332b17","name":"Icebot","description":"<sup>[[Cocomazzi FIN7 Reboot](https://app.tidalcyber.com/references/599c7416-a6d8-5d3d-9044-dddf095859a5)]</sup> ","source":"MITRE","associated_software_id":"f752a550-853e-5637-bc03-d2272cdb7857","owner_id":null,"owner_name":null},{"id":"a3208447-1c0a-5460-9bf1-27dda88900ee","name":"DiceLoader","description":"<sup>[[Cocomazzi FIN7 Reboot](https://app.tidalcyber.com/references/599c7416-a6d8-5d3d-9044-dddf095859a5)]</sup>","source":"MITRE","associated_software_id":"c0e6bc28-50b1-58d1-b10e-1e9aedfcfe3e","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Threatpost Lizar May 2021](https://app.tidalcyber.com/references/1b89f62f-586d-4dee-b6dd-e5a5cd090a0e)]</sup><sup>[[Gemini FIN7 Oct 2021](https://app.tidalcyber.com/references/bbaef178-8577-4398-8e28-604faf0950b4)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"69d8998e-3347-48fd-a487-7bea9c78ae01","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1fdf0472-f707-44e3-be53-831b93779a5f","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"5a7f1dda-d61d-4a9c-b7f9-00548e3bfc97","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"2fca99a9-7088-4955-87b4-52b4d14f2ceb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"dfd98464-9890-4e28-9c4c-63c252a68440","name":"LocalOlive","type":"malware","source":"Tidal Cyber","software_attack_id":"S3441","tidal_id":"af5e9bad-08f7-579a-a796-18c3195182f4","created":"2025-03-04T15:55:25.260658Z","modified":"2025-03-04T15:55:25.260664Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Ukraine Targeting October 29 2025](/references/08b6d849-2837-4af9-bb8a-e0425e6a02e4)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"259aa925-08fa-481a-97de-050ab5f5d040","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"c71cb178-dcfd-46b3-be6d-b9432167a956","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d8f1c0de-9ab1-4c4d-9f55-a16368390688","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"fbcb9d61-ce50-4350-84e8-0ed0ac07d5d5","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"995bcd8e-85c3-5fb2-8e00-677a029c102a","name":"LockBit 2.0","type":"malware","source":"MITRE","software_attack_id":"S1199","tidal_id":"995bcd8e-85c3-5fb2-8e00-677a029c102a","created":"2025-04-22T20:46:59.901865Z","modified":"2025-04-22T20:46:59.901869Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"32a94ff1-c7f7-4249-9d89-5cf3f16ed025","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e09a4a31-6781-43f2-b209-592ecbc95a89","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"c90dafca-b5b7-4679-bfc1-e25fed42e479","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"57c0c072-50b9-5adb-ae2e-99c5f13807d1","name":"LockBit 3.0","type":"malware","source":"MITRE","software_attack_id":"S1202","tidal_id":"57c0c072-50b9-5adb-ae2e-99c5f13807d1","created":"2025-04-22T20:46:58.737057Z","modified":"2025-04-22T20:46:58.737060Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"608d45b3-c7f4-4ff7-9875-ba660c200bc1","name":"LockBit","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"393a2305-b54b-4ce8-92f9-ef3a4a025dca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"1f032f33-6e3e-5c32-8eb7-08ff0eee67f0","name":"LockBit Black","description":"<sup>[[Joint Cybersecurity Advisory LockBit JUN 2023](https://app.tidalcyber.com/references/44265bd3-ae1f-5826-aee9-009432f6ab46)]</sup><sup>[[Joint Cybersecurity Advisory LockBit 3.0 MAR 2023](https://app.tidalcyber.com/references/b08902da-d993-51eb-acbf-8ac410bc6cb0)]</sup><sup>[[Sentinel Labs LockBit 3.0 JUL 2022](https://app.tidalcyber.com/references/04c8f812-14a1-5ecd-b174-e4ae4e3e83cf)]</sup>","source":"MITRE","associated_software_id":"6dd9e252-bdd3-4d58-ae9b-86859f63d757","owner_id":null,"owner_name":null}],"groups":[{"description":"","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]</sup>","group_attack_id":"G3096","group_id":"82fc3514-e812-47f8-8e76-8bc5a8e3121c","name":"CyberVolk","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"643d0f2d-9689-4d38-8b4c-277f5e4467d2","tag":"b5536626-d6ba-40cf-a3a2-17b9cd8eb0f5"},{"id":"7acd993e-0be3-4a94-b5e7-9aa7fdca1644","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"5ee6c496-7b65-49c9-a994-ac5c46bb57d3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"e78b8ff0-d658-443b-a520-3cd69620ebc9","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"ae1f76b0-3564-417b-bc85-31ac5f609cf5","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"472de2f5-7f66-408a-8539-b094abe50461","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f9d4fbfd-6777-45a4-b6aa-0c9b6cf045d8","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"2e6441d8-5f52-4452-bc45-7af46cfaaae6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c5f3505b-ccd2-40ef-8d6d-69b4d7c2124f","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"27c5ddb8-685c-41c5-91ca-f9f325a613c5","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"c82952b1-1d11-4f64-9869-fc9dc326b777","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"00e77cd6-b8c1-49bf-81c4-325ef969f305","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f57a7a04-7b2e-473e-bb0f-ba119ac5501c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"08c70ea5-9d4d-4146-826e-c5ebd5490378","name":"LockBit 3.0 (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3015","tidal_id":"a5c16a88-708e-59af-af39-bb9c46ada7d7","created":"2023-08-18T18:56:25.212550Z","modified":"2023-08-18T18:56:25.212558Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7c5ade8f-e93f-4ade-844a-84894270457a","name":"LockBit Black","description":"<sup>[[U.S. CISA LockBit 3.0 March 2023](/references/06de9247-ce40-4709-a17a-a65b8853758b)]</sup>","source":"Tidal Cyber","associated_software_id":"37c1fbc5-58d9-48f5-a06f-887a9d404a18","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[SentinelOne November 25 2024](/references/71c8e60c-a72a-4bff-aae3-f3f155fa22ee)]</sup>","group_attack_id":"G3096","group_id":"82fc3514-e812-47f8-8e76-8bc5a8e3121c","name":"CyberVolk","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"131a0449-9292-4ddf-82e9-77ef0ea93dc9","tag":"b5536626-d6ba-40cf-a3a2-17b9cd8eb0f5"},{"id":"dd41472e-f3eb-49e9-b9dd-ba851923d8cd","tag":"ba2210ad-0cf7-4a28-8d40-c1dbec5fb202"},{"id":"6039723b-d404-4746-ac91-50c2fa4e9f71","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"6e85314e-c12c-4c5b-92e0-5a1cdd3a3fd8","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"5ed7efe8-9af9-4ff8-bb11-e19ff797775b","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"b62c279c-0fe0-4d05-840b-76641db7f246","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"005ecfea-c472-4d74-957a-d0bdec9acafd","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"ac0bb9a2-9acd-4ac8-8e51-15ed7f750aeb","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"b296c1b1-ca5d-4835-8b1f-42d6c7bc05f6","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"3b5eb85d-d57f-47bc-b41c-bf906cb55ca7","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"e45e44a0-d9c2-4182-84c3-308d75d7a91b","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"ce53d561-9292-4e72-95f8-d5a100a1aaf3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"f62a0c12-2533-4fd5-b247-b5cd3c05a0d5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"eee76ac3-1c97-419c-b01e-66907704fd26","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"9210ff51-3696-4309-82a6-fe728d4e2a13","name":"LockBit 4.0","type":"malware","source":"Tidal Cyber","software_attack_id":"S3456","tidal_id":"cb90f163-f7f2-5069-b4f5-e8a4f1298d48","created":"2025-03-31T15:01:48.679603Z","modified":"2025-03-31T15:01:48.679611Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Chuong Dong March 15 2025](/references/a49936db-f04e-4eeb-8bb5-d535cf7c3776)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0b478181-3db0-459b-bb00-529e027a1392","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"d42fd728-f8a0-4e03-9fb1-2f6da5ea404c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"72a8bd05-9395-4d41-b383-d59c2e9ce61d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2eae5f48-9474-4b4c-8d14-8ad24655b760","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"25853568-0a7c-47e7-a5ae-79ef45cfd406","name":"LockBit 5.0","type":"malware","source":"Tidal Cyber","software_attack_id":"S3582","tidal_id":"9c9a0205-1fa3-58e1-98e2-65c1d4e10715","created":"2025-10-13T17:29:23.723053Z","modified":"2025-10-13T17:29:23.723057Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro 09 25 2025](/references/bf87bbdc-fa15-4d6b-a9a4-868dfb841cbc)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6f1d8558-d1ff-4c33-87f2-428ec79b9f7f","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"4d11a47d-41d9-46bd-a316-1a1437ee9c11","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"689f9368-4ec0-4b9d-a8f3-d3ea2f8f8624","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"6c6659a9-54f7-4555-9d27-b4be3f5bc5ff","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"80e68432-38f9-4df2-9279-7a520b2528b4","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"f9ee0220-ccbc-4884-b90a-045ddbe58fdb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cb0bb597-5796-474f-b06a-1410ed795794","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"65bc8e81-0a08-49f6-9d04-a2d63d512342","name":"LockerGoga","type":"malware","source":"MITRE","software_attack_id":"S0372","tidal_id":"5eaf07c0-bfdb-5a1c-9b21-4ed1428cf1ee","created":"2019-04-16T19:00:49.435000Z","modified":"2022-05-23T21:22:58.477000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"ICS"}],"tags":[{"id":"4471e557-444b-4bf2-a0dc-44c731f040bc","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"b71aaff2-b00e-4fc8-8ba3-c800d6b8a4d1","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fc077eda-24fd-4c4a-8f76-db1bc1446d36","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"77ac7bdb-9795-4eb4-8fe6-a1ddabeb2065","name":"LODEINFO","type":"malware","source":"Tidal Cyber","software_attack_id":"S3465","tidal_id":"06683448-4986-5f2a-b237-6f28f232cb0a","created":"2025-04-11T15:33:57.081135Z","modified":"2025-04-11T15:33:57.081139Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET MirrorFace December 14 2022](/references/e1896c15-8f19-43e4-96b0-cfd442966b28)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4b860870-ebfe-4f0d-9f60-ae2f984e24be","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"51de7c91-7907-4520-9b12-d82e2f4a1241","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1bf95d37-3c4b-4e3b-ba48-6cf12c045421","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d28c3706-df25-59e2-939f-131abaf8a1eb","name":"LoFiSe","type":"malware","source":"MITRE","software_attack_id":"S1101","tidal_id":"513510b0-3400-5177-997d-9dadadd7958b","created":"2024-04-25T13:28:18.320743Z","modified":"2024-04-25T13:28:18.320746Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7bb953c0-024c-4fa9-a163-ecc4563d4940","name":"Log4jConfigQpgsubFilter.java","type":"malware","source":"Tidal Cyber","software_attack_id":"S3567","tidal_id":"bab66f82-6807-58ac-a44e-750e71454071","created":"2025-10-07T14:07:35.050919Z","modified":"2025-10-07T14:07:35.050921Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"a5b8ea21-4b85-4b89-8fc5-cf82cfb33750","name":"SAGEWAVE","description":"<sup>[[Google Cloud Blog 10 09 2025](/references/ec72f924-4cc8-4709-9b07-f343bff55895)]</sup>","source":"USER","associated_software_id":"cd400690-de24-47c8-9698-de5b7879f102","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CrowdStrike.com 10 06 2025](/references/b5630f1e-ea9c-4b8a-b31a-08e977f0c8ab)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog 10 09 2025](/references/ec72f924-4cc8-4709-9b07-f343bff55895)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7b3d7b05-b099-4742-9b05-25f94df3ee67","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"abc02063-748f-4c06-b388-78e124787242","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"3bd29730-47da-46ab-8d1d-c751627fddc3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"abb2ba39-6ce0-4256-9ef2-80d6992a85b1","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5c45ee9d-69e7-4951-8b73-8d3339961ae7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"041789b9-e4ed-4462-a5b3-e5cffe99cff6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7b471178-30a1-4c48-bbff-c4d2fdbb35a9","name":"LogMeIn","type":"tool","source":"Tidal Cyber","software_attack_id":"S3098","tidal_id":"e52d5e0d-f4c0-5166-9e1c-2cc0379e085f","created":"2023-11-17T17:09:26.980559Z","modified":"2023-11-17T17:09:26.980565Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7069bbbd-00ad-4118-b656-17a9db611a65","name":"Rescue","description":"","source":"Tidal Cyber","associated_software_id":"79b93082-8ee8-49c9-a5c4-4cf5309a6a5c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]</sup>","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bc146608-e184-4b5b-956f-0ec15ede2a9d","tag":"c589aae8-7452-42a9-a9ae-5638a5ab4a12"},{"id":"5ecbd6cf-8505-47da-ac3e-d2f04a926131","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c726e608-e00b-4b13-a463-b1048d61676e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"11d861ad-8d57-46f5-b84e-1ac8bda78642","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9d13e5c9-b9cb-413c-a306-75344e9214f8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"7af68a66-26e7-4f35-b4a0-4f2bcb322305","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"039f34e9-f379-4a24-a53f-b28ba579854c","name":"LoJax","type":"malware","source":"MITRE","software_attack_id":"S0397","tidal_id":"7033bb61-eab2-58bc-8d22-5eb4e616a184","created":"2019-07-02T12:58:09.598000Z","modified":"2020-03-30T16:57:58.594000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET LoJax Sept 2018](https://app.tidalcyber.com/references/bb938fea-2b2e-41d3-a55c-40ea34c00d21)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"aed4e691-78b1-43b6-82f6-c93c7dcedc76","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"4fead65c-499d-4f44-8879-2c35b24dac68","name":"Lokibot","type":"malware","source":"MITRE","software_attack_id":"S0447","tidal_id":"4178896e-9633-5dc0-933a-4c8f261cac3b","created":"2020-05-14T17:31:33.707000Z","modified":"2021-10-11T17:43:38.029000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]</sup>","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"15df91be-875a-4b20-8a89-17e2cdb588aa","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"bfd2a077-5000-4500-82c4-5c85fb98dd5a","name":"LookBack","type":"malware","source":"MITRE","software_attack_id":"S0582","tidal_id":"d7129ef6-8722-530f-a7fd-63ca1ef22c04","created":"2021-03-01T14:07:36.692000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3b1e04c9-3cea-4aba-ae48-d4ddf52966a6","name":"LOOKOVER","type":"malware","source":"Trellix TIG","software_attack_id":"S3429","tidal_id":"9fc09ad5-6064-5212-865e-6f303190aa4f","created":"2025-04-11T15:06:46.541106Z","modified":"2025-04-11T15:06:46.541110Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0a2b5329-a9ce-4899-87a6-ba98c77ab9e1","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"41041d5d-0866-4a57-92b7-d075d8b344ad","name":"LostMyPassword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3037","tidal_id":"9101cd23-42a6-509d-98a6-98e45962a9d7","created":"2023-08-18T18:56:21.783563Z","modified":"2023-08-18T18:56:21.783572Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"17b4cf26-36c3-47af-a3bb-e6c3a84a2ab9","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e0d274ed-26b7-4740-8b63-874f14b72858","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"56e29dc5-71cc-4f56-8bea-c2ce8d732180","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"2ce11cbf-5063-49c3-ba61-9804761f9fd8","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"67f0b82d-3b09-478d-af35-f4c52c39b309","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"5dfb0df1-27ca-4e31-8a7a-53bdee783822","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"e3d83f3d-f327-44c0-85c8-83e777c5a0ce","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"8b65094a-b1bd-45e0-8887-2f0c115f9b93","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"09eb402e-37fe-4b19-9ce7-e1ff204ef094","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"698483b7-26cf-42b4-abeb-870f628d2842","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e2fbefb2-7ca9-41d0-baa7-b9e41661c1ea","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f503535b-406c-4e24-8123-0e22fec995bb","name":"LoudMiner","type":"malware","source":"MITRE","software_attack_id":"S0451","tidal_id":"1f619481-55ca-5c1b-9411-1b3a3f43534a","created":"2020-05-18T21:01:51.045000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"fce1117a-e699-4aef-b1fc-04c3967acc33","name":"LOWBALL","type":"malware","source":"MITRE","software_attack_id":"S0042","tidal_id":"c39fa890-514e-5255-92d8-129c6dc98eaf","created":"2017-05-31T21:32:33.348000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]</sup>","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"31140298-93e8-476a-8d8e-abc2d9177c1f","name":"LP-Notes","type":"malware","source":"Tidal Cyber","software_attack_id":"S3727","tidal_id":"0f47ed9e-f4c9-5100-89a0-e0017bbe6536","created":"2025-12-10T14:15:01.146694Z","modified":"2025-12-10T14:15:01.146698Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"15a4455a-fe7a-4b5f-9aad-2ddd6f9e8b53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4e1f62d7-db29-4cca-8f86-d80ccd8f9a52","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"37a5ae23-3da5-4cbc-a21a-a7ef98a3b7cc","name":"Lslsass","type":"tool","source":"MITRE","software_attack_id":"S0121","tidal_id":"ae5937a2-47a2-5573-8125-9eef24025f10","created":"2017-05-31T21:33:10.962000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ba1f4830-2332-4a61-923a-8ebd970589e0","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"723d9a27-74fd-4333-a8db-63df2a8b4dd4","name":"Lucifer","type":"malware","source":"MITRE","software_attack_id":"S0532","tidal_id":"77e41a5c-bc96-584b-8e7e-d133b8834570","created":"2020-11-16T18:40:34.473000Z","modified":"2021-10-01T20:33:55.926000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"974c2bfd-964c-42a9-b5ce-d7827e012ddf","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":null},{"id":"5a1c6cd5-a6f2-4545-8b33-97f97b5fa34f","name":"Lumar Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3400","tidal_id":"faef662b-d965-5c73-a751-95c488547456","created":"2024-10-14T19:20:46.068446Z","modified":"2024-10-14T19:20:46.068450Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f91bc26f-bb53-42bf-af9f-b754e13f1b7b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"3bf075a0-5335-4754-9164-95b1dd7b9a1e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"feb18b36-5c8c-43ca-8114-886c380b74dd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"81bcfedd-3e9f-5023-8021-2251e8f06636","name":"Lumma Stealer","type":"malware","source":"MITRE","software_attack_id":"S1213","tidal_id":"81bcfedd-3e9f-5023-8021-2251e8f06636","created":"2025-04-22T20:46:58.536853Z","modified":"2025-04-22T20:46:58.536857Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"97d6e9ac-ab0a-4ede-8fe7-a88f7371bbf6","name":"Lumma","description":"<sup>[[eSentire November 13 2025](/references/f346f327-f0e4-4405-bf3c-c0723c23384f)]</sup>","source":"USER","associated_software_id":"d36dd207-678f-4eb6-8fe6-5623649b386e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"d96bb3f5-16a7-5298-bc36-820af6aba819","name":"LummaStealer","description":"<sup>[[Cybereason LumaStealer Undated](https://app.tidalcyber.com/references/3e299bbd-ef03-517a-95a6-4cbfb6eb2369)]</sup>","source":"MITRE","associated_software_id":"c8a1641a-5141-4221-971b-b05227068dbe","owner_id":null,"owner_name":null},{"id":"d1103798-b022-4637-a647-dd741599139e","name":"LummaC2","description":"<sup>[[SpyCloud Stealers Chrome Bypass October 2 2024](/references/9e680ab4-5d8d-46a1-a1e8-2ca2914bb93f)]</sup>","source":"Tidal Cyber","associated_software_id":"2413da2c-21e3-4179-bbb3-ccf1be5bb052","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro November 13 2025](/references/42e2f322-f311-4d96-9f07-9d4130c83cab)]</sup>","group_attack_id":"G3151","group_id":"5e289ad4-7e4a-4ce4-bf6c-876ef98186cb","name":"Water Kurita","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3173","group_id":"7e4dd0e2-4fa0-4dd5-ad0e-41aa9effe8bf","name":"TAG-160","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1c6f1c0a-9eb3-43ff-8ecf-559cdc38d834","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"c6107788-8894-4647-b759-730aa8641e5d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8b1b9c87-ecb8-44fe-850e-9a39c245dbf0","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"aebb56de-142a-463f-806b-09f3c084f0d0","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"10114b66-c83a-4c5b-8eb2-093fba2d21b8","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"f4101982-091b-4365-af87-b8ff8ad7b2c8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4b267849-bd0f-47b5-938a-1c0bd7bcfa2b","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"629afbde-c922-4556-8805-ed62e230ec21","tag":"8a6bbea2-15ab-4bf9-861a-41498939b96c"},{"id":"211f4d11-f167-43df-abbc-8f25b3afed4c","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"4d4836fb-99c9-47fe-9cf9-26dd16f15d3c","name":"Lumma Stealer (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3399","tidal_id":"2c1adfc0-5153-5e1c-85c6-efb6130c037e","created":"2024-10-14T19:20:45.899874Z","modified":"2024-10-14T19:20:45.899878Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a654a4d2-7215-4d3e-b4a3-9747d204a5a6","name":"LummaC2","description":"<sup>[[SpyCloud Stealers Chrome Bypass October 2 2024](/references/9e680ab4-5d8d-46a1-a1e8-2ca2914bb93f)]</sup>","source":"Tidal Cyber","associated_software_id":"2413da2c-21e3-4179-bbb3-ccf1be5bb052","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dcecf94b-a5c8-4ea9-a2ad-7c1c65b68712","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"23c45edb-7d18-414e-88a0-8c9817892601","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1455bd24-8c69-4713-953e-e53573cda522","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e8e81e32-27b4-5830-94cb-a07ca1124296","name":"LunarLoader","type":"malware","source":"MITRE","software_attack_id":"S1143","tidal_id":"e8e81e32-27b4-5830-94cb-a07ca1124296","created":"2024-10-31T16:28:04.655455Z","modified":"2024-10-31T16:28:04.655459Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"04c7172a-344f-4ade-ab74-8b132ba5c125","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"8fa2c759-a03f-5044-a125-0b66fba054de","name":"LunarMail","type":"malware","source":"MITRE","software_attack_id":"S1142","tidal_id":"8fa2c759-a03f-5044-a125-0b66fba054de","created":"2024-10-31T16:28:06.570299Z","modified":"2024-10-31T16:28:06.570302Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7341de42-4f0a-4b4e-8614-3304ab51a63e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6b231f41-51b7-5c78-afd5-6cb73a698045","name":"LunarWeb","type":"malware","source":"MITRE","software_attack_id":"S1141","tidal_id":"6b231f41-51b7-5c78-afd5-6cb73a698045","created":"2024-10-31T16:28:07.874472Z","modified":"2024-10-31T16:28:07.874475Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6feae264-7048-49fa-8503-039384c7df3a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"0cc9e24b-d458-4782-a332-4e4fd68c057b","name":"Lurid","type":"malware","source":"MITRE","software_attack_id":"S0010","tidal_id":"319f8bf9-5bf2-5a7d-aab1-e6a96df533fd","created":"2017-05-31T21:32:14.527000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a33a6a59-fc2d-42bd-8555-dd696de2421f","name":"Enfal","description":"","source":"MITRE","associated_software_id":"4905b225-105e-4aec-af6e-16466cc7b717","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Villeneuve 2014](https://app.tidalcyber.com/references/a156e24e-0da5-4ac7-b914-29f2f05e7d6f)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f5d55fa5-afb8-46ff-b5b5-c792060fd7d3","name":"Lynx Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3169","tidal_id":"c31819ce-65f4-516f-810c-5ac94b68e979","created":"2024-09-13T19:21:23.301804Z","modified":"2024-09-13T19:21:23.301808Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"526fb9ef-0f33-42fd-b4b5-c357203c1ed6","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fb49b111-4f36-4ce8-bec1-c5b5bb9882e4","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"51e905f3-56d7-4707-8c22-b7602a387579","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fa59e646-d6d5-4b0f-8dfa-d6caf709289c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"be8a1630-9562-41ad-a621-65989f961a10","name":"Machete","type":"malware","source":"MITRE","software_attack_id":"S0409","tidal_id":"dde289c5-34f8-5243-b5dc-c4ff1d5ebb8b","created":"2019-09-13T13:17:25.718000Z","modified":"2021-04-12T03:16:03.258000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"53f691a0-57a8-4c74-a0cd-ff26db31cc2a","name":"Pyark","description":"<sup>[[360 Machete Sep 2020](https://app.tidalcyber.com/references/682c843d-1bb8-4f30-9d2e-35e8d41b1976)]</sup>","source":"MITRE","associated_software_id":"a4493a61-fd76-4668-83e3-f708beb2c553","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Securelist Machete Aug 2014](https://app.tidalcyber.com/references/fc7be240-bd15-4ec4-bc01-f8891d7210d9)]</sup><sup>[[ESET Machete July 2019](https://app.tidalcyber.com/references/408d5e33-fcb6-4d21-8be9-7aa5a8bd3385)]</sup>","group_attack_id":"G0095","group_id":"a3be79a2-3d4f-4697-a8a1-83f0884220af","name":"Machete","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7e5a643d-ebfd-4ec6-9fdc-79d6f47fafdb","name":"MacMa","type":"malware","source":"MITRE","software_attack_id":"S1016","tidal_id":"48676227-da49-52c7-a908-f4101843f734","created":"2022-05-06T01:29:34.860000Z","modified":"2022-10-20T19:00:58.329000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"6abb253d-1b77-4b95-8b4d-8fcba4a3104b","name":"OSX.CDDS","description":"<sup>[[Objective-See MacMa Nov 2021](https://app.tidalcyber.com/references/7240261e-d901-4a68-b6fc-deec308e8a50)]</sup>","source":"MITRE","associated_software_id":"246b0d77-743e-413a-8e7a-76a5a4b391de","owner_id":null,"owner_name":null},{"id":"79fc744d-4280-41e8-93bf-32c6264a604f","name":"DazzleSpy","description":"<sup>[[ESET DazzleSpy Jan 2022](https://app.tidalcyber.com/references/212012ac-9084-490f-8dd2-5cc9ac6e6de1)]</sup>","source":"MITRE","associated_software_id":"09e6536d-b970-43ae-a1ac-cea3a523635c","owner_id":null,"owner_name":null}],"groups":[{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) is linked to the use and potentially development of [MacMa](https://app.tidalcyber.com/software/7e5a643d-ebfd-4ec6-9fdc-79d6f47fafdb) through overlapping command and control infrastructure and shared libraries with other unique tools.<sup>[[Symantec Daggerfly 2024](https://app.tidalcyber.com/references/1dadd09e-e7b0-50a1-ba3d-413780dbeb80)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"74feb557-21bc-40fb-8ab5-45d3af84c380","name":"macOS.OSAMiner","type":"malware","source":"MITRE","software_attack_id":"S1048","tidal_id":"8766a8f3-d240-5372-b174-668ac6aa48c1","created":"2022-10-04T06:35:40.506000Z","modified":"2022-10-19T21:01:46.587000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e5e67c67-e658-45b5-850b-044312be4258","name":"MacSpy","type":"malware","source":"MITRE","software_attack_id":"S0282","tidal_id":"1ce0b11d-c4b3-51a3-b788-64eb02938194","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"56f85519-3129-44e9-acb5-331432f30b56","name":"MacSync Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3851","tidal_id":"bebf1bc4-5948-5ac9-bd5d-214c1da05f3c","created":"2025-12-29T17:41:08.947337Z","modified":"2025-12-29T17:41:08.947340Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"1819d953-d73e-47f5-b7a0-ab826b6f5f75","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"6888453d-a72b-4df5-86ea-336242096186","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"b95c4b76-231f-4b2d-a9b0-b86f93eb0480","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5d6ea306-159d-4587-9501-b912ba1ddf5b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"fb07e04f-dc30-4b02-b927-8deb4701cd36","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e4a2c3dc-ffc7-4522-a5c9-4fbef556b23c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"87d80574-dd00-4e0f-89de-ef521183b2ec","name":"MAESTRO","type":"malware","source":"Tidal Cyber","software_attack_id":"S3924","tidal_id":"a7146b8b-b05c-5e1d-9f7e-856a81611d0a","created":"2026-01-14T13:31:36.430377Z","modified":"2026-01-14T13:31:36.430381Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bd06c97d-5a4f-45e4-b022-097279b3ed20","name":"exploit.exe","description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","source":"USER","associated_software_id":"d91ff4b5-be28-4fb1-9feb-025c5f688d59","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","group_attack_id":"G3200","group_id":"8adc41b2-e496-4e2c-ba1f-6420e7359669","name":"Unattributed Chinese-speaking ESXi Exploit Developer","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"67c58a64-170b-4c7f-870a-344aed1387d9","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"ac4d0890-3690-4f9a-ab7d-d93fdd681df2","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"0c3ac31b-4b77-4807-8cab-845f2ef3c186","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"1a434d26-0142-4b59-9b5d-628f449a9ed7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c1e8526d-2117-48a4-a46c-d6f578a8c7cf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7506616c-b808-54fb-9982-072a0dcf8a04","name":"Mafalda","type":"malware","source":"MITRE","software_attack_id":"S1060","tidal_id":"439aa5b8-b0e8-5cbd-b9c2-0b4cac469b03","created":"2023-05-26T01:20:52.579403Z","modified":"2023-05-26T01:20:52.579407Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelLabs Metador Sept 2022](https://app.tidalcyber.com/references/137474b7-638a-56d7-9ce2-ab906f207175)]</sup><sup>[[SentinelLabs Metador Technical Appendix Sept 2022](https://app.tidalcyber.com/references/aa021076-e9c5-5428-a938-c10cfb6b7c97)]</sup>","group_attack_id":"G1013","group_id":"a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b","name":"Metador","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1408a1dd-f889-5024-be7f-9deb77b06882","name":"MagicRAT","type":"malware","source":"MITRE","software_attack_id":"S1182","tidal_id":"1408a1dd-f889-5024-be7f-9deb77b06882","created":"2025-04-22T20:46:59.140910Z","modified":"2025-04-22T20:46:59.140914Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[MagicRAT](https://app.tidalcyber.com/software/1408a1dd-f889-5024-be7f-9deb77b06882) is exclusively associated with [Lazarus Group](https://app.tidalcyber.com/groups/0bc66e95-de93-4de7-b415-4041b7191f08) operations in 2022.<sup>[[Cisco MagicRAT 2022](https://app.tidalcyber.com/references/6dc427b1-7b0f-50b8-bbec-bab2f526fe0e)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f3f49771-4b18-47ec-b1d6-3d4e84c70045","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"20efee47-95bb-4fe2-aab2-463db7335218","name":"MAGICSPELL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3431","tidal_id":"d3dc4748-dcf1-5830-823f-9ded9becc01a","created":"2025-02-18T15:18:32.970390Z","modified":"2025-02-18T15:18:32.970394Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERT-UA Alert July 5 2023](/references/d7694540-fe19-44c7-a9e2-205a0e630878)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9fb9a336-2f22-44c1-99a7-14eddad9319b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"e1857b18-c8eb-452e-9d66-c0dd95b9ce0d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8605fb9e-992f-4f34-a041-0874abb9bb69","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a9b90257-e98d-42d8-ba7a-ab72463a7636","name":"MagTek ReaderConfiguration.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3953","tidal_id":"ea066745-e4d5-5c72-9f19-5c42cecf9564","created":"2026-01-23T20:31:07.524575Z","modified":"2026-01-23T20:31:07.524579Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[www.trellix.com October 22 2025](/references/a14fa007-b9de-4bc5-9431-d416bdc7b24d)]</sup>","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2df59e6e-374c-4fab-993c-dbccd3bcf146","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5983b079-ab60-484c-a257-5058fc78d3b5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ec02651f-4764-4652-9744-4012308ee9c9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d762974a-ca7e-45ee-bc1d-f5218bf46c84","name":"MailSniper","type":"tool","source":"MITRE","software_attack_id":"S0413","tidal_id":"9f30ba6e-1690-5d6a-92e2-553814461218","created":"2019-10-05T02:34:01.189000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]</sup>","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"49450d3a-c8fd-43aa-a994-82661a83cb7f","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"08e34c09-230b-420a-b341-fd5884267414","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"4709493e-41c4-4010-ba5a-bcc043d4cd66","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"}],"owner_name":null},{"id":"cf7f05a7-4093-4855-b9d9-b93226056aec","name":"Makecab","type":"tool","source":"Tidal Cyber","software_attack_id":"S3241","tidal_id":"afdd8fad-9736-59b1-925a-b85734de053b","created":"2024-01-12T14:47:56.818585Z","modified":"2024-01-12T14:47:56.818589Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a82ef541-630b-4801-aa84-2129c04f7d5a","name":"Makecab.exe","description":"<sup>[[Makecab.exe - LOLBAS Project](/references/6473e36b-b5ad-4254-b46d-38c53ccbe446)]</sup>","source":"Tidal Cyber","associated_software_id":"be6d153d-2288-4519-bade-cca6c8ae2aa8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Symantec MuddyWater Dec 2018](/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c92ac041-dae7-43aa-93b5-c8de4820ad64","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"98e3fa04-e889-47d2-8f1a-6559ab11f21d","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"77e249e3-371a-46b0-b99d-f38447219f86","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"42b95e51-fc59-459f-8c3a-eea6c436e13c","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d1f95188-64bf-4e24-bd08-5fb31ae72571","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"d259f666-08a7-4756-b544-61ff6a6aa706","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"44083ecb-4e8f-447a-9bf6-dbf1b8a0f98b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1eb8e9c2-cdcb-416a-994d-391046752c91","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"482a8d4f-6534-434e-a2ad-0a6475d68a73","name":"Malicious Chrome Extension (Telegram Agent + Cookies)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3947","tidal_id":"120f3972-df9b-51b2-a10b-8796d887fdb2","created":"2026-01-14T13:31:40.162815Z","modified":"2026-01-14T13:31:40.162819Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"63ae5aa2-060f-4234-89c1-44fc3134440a","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"56314238-79ed-4ba1-b363-24ad323149a1","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"953b7a82-0961-4ae5-8d6d-949f14d132fc","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"a96d592c-3c5c-45ed-bd73-8021fd56a7c3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8e272a85-c8f2-4f03-a5a4-352c22a9fcbf","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"427687f5-e2ac-4b85-892d-148f981957ac","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4a954741-d8e4-4ca3-b219-bc21c3f66b3b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"de95eb01-60e5-44c7-8211-8b7fd35b9a33","name":"Malicious Trust Wallet Browser Extension v2.68","type":"malware","source":"Tidal Cyber","software_attack_id":"S3887","tidal_id":"57571beb-7c34-5bc2-af71-cb2daa5a38ed","created":"2026-01-06T18:05:08.475933Z","modified":"2026-01-06T18:05:08.475937Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a400c5d9-8ae6-4052-813b-746c2cee761d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"67682858-6516-4695-b411-8034b11cc1eb","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"42387366-c905-450f-a182-971c8ae78572","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"b9886a3a-299a-486a-a4bc-253761b9a63e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"329674c2-eacb-46aa-bc53-ca94a725a63f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fd33be9d-79ff-4522-a4aa-90acf55cd84c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"be1f9185-1b49-43d3-b6c9-eb6ef107d62f","name":"Mallox Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3422","tidal_id":"8412c67f-9f93-560a-be83-03625a1a3827","created":"2025-02-03T21:09:17.167348Z","modified":"2025-02-03T21:09:17.167352Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"775041ab-174e-4aa2-b0bd-8cd11f93cf30","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5ad01dd5-9c38-4a52-aba6-dc9de9315fe9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a0df79e1-d20e-4848-ac40-185952a6117f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9b6b705e-55ae-4d9e-9c57-baf1358cc324","name":"Manage-bde","type":"tool","source":"Tidal Cyber","software_attack_id":"S3380","tidal_id":"8fd860b4-7942-5117-8a92-6d801957383d","created":"2024-01-12T14:48:47.695915Z","modified":"2024-01-12T14:48:47.695919Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2309f2fb-b0ae-4957-847c-43fc9628608e","name":"Manage-bde.wsf","description":"<sup>[[Manage-bde.wsf - LOLBAS Project](/references/74d5483e-2268-464c-a048-bb1f25bbfc4f)]</sup>","source":"Tidal Cyber","associated_software_id":"8c479a90-537a-4661-ba2a-7e9e7ca5d04a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"7aef1667-3f4c-4be2-acc7-360727d94f43","tag":"ff10869f-fed4-4f21-b83a-9939e7381d6e"},{"id":"1fbfeb3f-c774-4b28-89eb-6ec986e32007","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"822cad66-c200-4967-8b78-0d8e11d5c359","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6ad6a432-aec0-52b1-8431-f40c2660fcdc","name":"Mandrake","type":"malware","source":"Mobile","software_attack_id":"S0485","tidal_id":"6ad6a432-aec0-52b1-8431-f40c2660fcdc","created":"2026-01-28T13:08:09.938177Z","modified":"2026-01-28T13:08:09.938179Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"b359a9a6-88d0-4d86-838c-d6aba578a111","name":"oxide","description":"<sup>[[Bitdefender Mandrake](https://app.tidalcyber.com/references/cf88d5a8-133b-5743-8f41-ee351fa9a7e9)]</sup>","source":"Mobile","associated_software_id":"15bcdb06-d1f6-57cf-aa9d-c50330ddc8ee","owner_id":null,"owner_name":null},{"id":"42037a21-7b2b-44bb-89cf-a5c7e3ec1ea1","name":"briar","description":"<sup>[[Bitdefender Mandrake](https://app.tidalcyber.com/references/cf88d5a8-133b-5743-8f41-ee351fa9a7e9)]</sup>","source":"Mobile","associated_software_id":"38351ebb-d7d6-5094-a0be-a5f92fd3d295","owner_id":null,"owner_name":null},{"id":"51748635-9fda-4b59-aa56-f5d37a8f4767","name":"ricinus","description":"<sup>[[Bitdefender Mandrake](https://app.tidalcyber.com/references/cf88d5a8-133b-5743-8f41-ee351fa9a7e9)]</sup>","source":"Mobile","associated_software_id":"e67fa127-b4c3-5e17-8135-de33a6392e09","owner_id":null,"owner_name":null},{"id":"f1641742-fdb8-4055-b22f-d7b7eeb1921e","name":"darkmatter","description":"<sup>[[Bitdefender Mandrake](https://app.tidalcyber.com/references/cf88d5a8-133b-5743-8f41-ee351fa9a7e9)]</sup>","source":"Mobile","associated_software_id":"dd369a04-f12f-5162-ab12-72ad919c7ff9","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"5d966408-4206-536d-828f-dcc340dae746","name":"Mango","type":"malware","source":"MITRE","software_attack_id":"S1169","tidal_id":"5d966408-4206-536d-828f-dcc340dae746","created":"2025-04-22T20:47:00.845809Z","modified":"2025-04-22T20:47:00.845812Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3386f6ca-a5b5-4699-b4a5-cf00a5778da5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9702e486-e5b9-486f-84f3-289c599d3d72","name":"Mango (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3162","tidal_id":"934e2f4a-904e-55f3-ad6c-8e224d67b9dd","created":"2024-09-04T12:51:12.912874Z","modified":"2024-09-04T12:51:12.912878Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fc779d46-1aa6-41bc-9612-0874fabd1657","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d0b17e32-134d-40df-a352-dbcfb9a9e661","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1cf0e5e4-7888-4554-b7b0-d75b0f3c5631","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1821edd4-7554-5de8-8a22-9f4d49a4917d","name":"Manjusaka","type":"malware","source":"MITRE","software_attack_id":"S1156","tidal_id":"1821edd4-7554-5de8-8a22-9f4d49a4917d","created":"2024-10-31T16:28:07.772761Z","modified":"2024-10-31T16:28:07.772764Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"08127906-d973-437e-8d7e-9cfa636e5dd8","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"5fd70a64-481d-4d0d-85e0-a3a636c87f29","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"888ca612-5629-4303-bca7-d6990006f654","name":"Mario Ransomware","type":"malware","source":"Trellix TIG","software_attack_id":"S3470","tidal_id":"c1a3a503-9021-5929-8894-cae5d1e95d4b","created":"2025-04-11T15:06:54.063905Z","modified":"2025-04-11T15:06:54.063908Z","platforms":[],"associated_software":[{"id":"78eb04e4-d6cb-4309-abc4-b056e26f5f96","name":"Mario","description":"<sup>[[Unit 42 December 17 2025](/references/5d5a68da-5ad3-4707-ba0d-410ac770e673)]</sup>","source":"USER","associated_software_id":"1c7bb3e5-774c-4f41-bf04-394c9597c5ce","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"71147b53-ef8c-4f45-8df6-6374f9514220","name":"Mario ESXi","description":"","source":"Trellix TIG","associated_software_id":"ce4200b5-3a85-455c-b6e9-3e94750a26fb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"a7b18d56-9620-4477-a696-57bbf3c65da6","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"40806539-1496-4a64-b740-66f6a1467f40","name":"MarkiRAT","type":"malware","source":"MITRE","software_attack_id":"S0652","tidal_id":"c67afe62-9807-59b3-90c6-f65f9f980f63","created":"2021-09-28T17:48:36.547000Z","modified":"2021-10-25T14:24:59.957000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky Ferocious Kitten Jun 2021](https://app.tidalcyber.com/references/b8f8020d-3f5c-4b5e-8761-6ecdd63fcd50)]</sup>","group_attack_id":"G0137","group_id":"275ca7b0-3b21-4c3a-8b6f-57b6f0ffb6fb","name":"Ferocious Kitten","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"00e8059d-25ad-4616-b5bf-4375fb79c605","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"c17c7e6a-d5f3-49ec-8604-f8adee389a75","name":"MASOL RAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3608","tidal_id":"ffd92421-d3a3-5cf9-8db0-ad58921d7ed4","created":"2025-10-24T16:13:48.566451Z","modified":"2025-10-24T16:13:48.566455Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"f714e5f2-77b3-4603-9509-bfce48bcae80","name":"Backdr-NQ","description":"<sup>[[Trend Micro November 25 2024](/references/8bf807bc-5103-4962-9a19-c12396cdb767)]</sup>","source":"USER","associated_software_id":"bf8c6188-8266-4e82-8189-89e37b63d932","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro November 25 2024](/references/8bf807bc-5103-4962-9a19-c12396cdb767)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ba5c9b25-d7e7-4571-b46e-2dc49991a6af","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"7947f1b8-98ca-4592-911d-2da69212d367","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"ec7e71a5-045c-4f81-b9ef-b50b61b4b39b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9c2414e9-dbe9-4ce1-990f-8c2af93ac3a1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"24862f72-a4e0-4a6b-90d7-2465aa86c402","name":"MASSCAN","type":"tool","source":"Tidal Cyber","software_attack_id":"S3121","tidal_id":"0961eb47-617f-5410-bc3c-5e948fec1c0c","created":"2024-04-04T20:39:10.179409Z","modified":"2024-04-04T20:39:10.179412Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2b65f779-9b56-48d0-9fb5-bfad824647a4","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"2e1e5531-8232-4042-a404-92362ad803be","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"dce1900d-e606-453c-8b43-c260e5d7dbb8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ad8424d2-96a9-49ce-874d-d587923d3452","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f528ca45-a4c7-4c0d-aaab-3e17dfb1bb9f","name":"Matanbuchus","type":"malware","source":"Tidal Cyber","software_attack_id":"S3731","tidal_id":"94f78cd5-4e4a-59d4-93bf-40e4f90d0bb5","created":"2025-12-10T14:15:03.215290Z","modified":"2025-12-10T14:15:03.215293Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3174","group_id":"6bc7e9b9-dac0-4223-8761-0a9b6033426b","name":"TAG-161","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a142f0cb-76d4-4a11-bb77-1ae4cd4bb98f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"23ba6872-427a-4ff5-bcc7-4285fe0a6e4c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d90dbe80-3ece-40be-939e-b69b12ad34b4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"eeb700ea-2819-46f4-936d-f7592f20dedc","name":"Matryoshka","type":"malware","source":"MITRE","software_attack_id":"S0167","tidal_id":"328d7171-1af2-5e59-baef-8d26bd5baeae","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]</sup>","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"aa472f81-7673-4545-89f9-1dd43cead4f1","name":"Mavinject","type":"tool","source":"Tidal Cyber","software_attack_id":"S3242","tidal_id":"adfa85fd-81c0-52e4-bca3-85688e38140c","created":"2024-01-12T14:47:57.177852Z","modified":"2024-01-12T14:47:57.177856Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ea9cd7d1-4a23-47fb-ad52-c4a077b9fe35","name":"Mavinject.exe","description":"<sup>[[LOLBAS Mavinject](/references/4ba7fa89-006b-4fbf-aa6c-6775842c97a4)]</sup>","source":"Tidal Cyber","associated_software_id":"e74db115-407d-44dd-906e-2163f2a50e29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4bea38ab-ea3c-4336-851a-acb91364fe8a","tag":"724c3509-ad5e-46a3-a72c-6f3807b13793"},{"id":"9ee34eb5-7eba-4fc3-a480-ecc08b853509","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b920b63e-c265-4179-be25-866929de010d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ce655138-2773-475b-9aab-394e863597ff","name":"MAYBEROBOT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3601","tidal_id":"c8d73bd8-396e-5859-98bd-dda92af7928c","created":"2025-10-24T16:13:47.536706Z","modified":"2025-10-24T16:13:47.536710Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"10983d66-4f5f-41c3-8ad5-ff3083cb560b","name":"SIMPLEFIX","description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","source":"USER","associated_software_id":"abdd6e48-670c-4b03-8322-6ff93649523a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6fc829bb-a734-468c-97b3-84abb683dac9","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"37c239e6-5577-41aa-9115-dd483d2c39fc","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"275c7957-c22d-4b16-aa0e-1fbc85fce85d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ae03094a-0f8a-4cb7-9f48-26608a717118","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b3565dfa-8316-5de7-9037-f17434c1e169","name":"MazarBOT","type":"malware","source":"Mobile","software_attack_id":"S0303","tidal_id":"b3565dfa-8316-5de7-9037-f17434c1e169","created":"2026-01-28T13:08:09.938259Z","modified":"2026-01-28T13:08:09.938260Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3c206491-45c0-4ff7-9f40-45f9aae4de64","name":"Maze","type":"malware","source":"MITRE","software_attack_id":"S0449","tidal_id":"ba144e38-3124-511e-b67b-aa72643fe3dc","created":"2020-05-18T16:17:59.464000Z","modified":"2022-01-24T17:01:08.605000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye Maze May 2020](https://app.tidalcyber.com/references/02338a66-6820-4505-8239-a1f1fcc60d32)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]</sup>","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ab4c9459-9559-4307-b181-f7af0950664e","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ee75051f-1f92-40f3-a844-03e963eeb258","tag":"3c3f9078-5d1e-4c29-a5eb-28f237bbd1ad"},{"id":"c4246cd0-26a8-45be-b28f-38f3be309dba","tag":"1cc90752-70a3-4a17-b370-e1473a212f79"},{"id":"2b004fc5-8211-4f94-a5c5-125edd570a0c","tag":"286918d5-0b48-4655-9118-907b53de0ee0"},{"id":"a55d3b4c-5b70-42cd-a85a-454b0afe414e","tag":"c5c8f954-1bc0-45d5-9a4f-4385d0a720a1"},{"id":"e34b170a-2220-4704-b14c-189cceb61739","tag":"ab64f2d8-8da3-48de-ac66-0fd91d634b22"},{"id":"d915c383-f2c0-44eb-bf7c-3e2ee526feec","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"8fb74f9b-b2bf-4001-8df5-59385980854a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"fb879c66-92b1-4a43-8df8-987fc3bc1b1b","name":"MBR Killer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3020","tidal_id":"03ec153b-bb8c-576c-aa95-7574a647d3fb","created":"2024-06-13T20:12:28.025180Z","modified":"2024-06-13T20:12:28.025184Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"be777e2a-fd11-4d16-8d06-f13500d97a6f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f968fa3d-466a-41dc-82f7-27124d6fd22c","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"35c0bc78-2203-4aca-85f2-072d84b6e1bf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"939cbe39-5b63-4651-b0c0-85ac39cb9f0e","name":"MCMD","type":"tool","source":"MITRE","software_attack_id":"S0500","tidal_id":"230125ec-b69f-50c0-b8cf-f3331e46669b","created":"2020-08-13T17:15:25.702000Z","modified":"2022-07-29T19:48:28.725000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Secureworks MCMD July 2019](https://app.tidalcyber.com/references/f7364cfc-5a3b-4538-80d0-cae65f3c6592)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"31cbe3c8-be88-4a4f-891d-04c3bb7ed482","name":"MechaFlounder","type":"malware","source":"MITRE","software_attack_id":"S0459","tidal_id":"833628a9-6c1d-5f36-93e8-23f471f79cde","created":"2020-05-27T19:05:29.386000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 MechaFlounder March 2019](https://app.tidalcyber.com/references/2263af27-9c30-4bf6-a204-2f148ebdd17c)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f4087136-5886-59e9-8b55-0f062af5b5be","name":"MEDUSA","type":"malware","source":"MITRE","software_attack_id":"S1220","tidal_id":"f4087136-5886-59e9-8b55-0f062af5b5be","created":"2025-10-29T21:08:48.110516Z","modified":"2025-10-29T21:08:48.110519Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Mandiant UNC3886 2024](https://app.tidalcyber.com/references/77b32efe-b936-5541-b0fb-aa442a7d11b7)]</sup>\n","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"058aa030-5661-4284-ae24-3496fbda49cd","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"c9e824b2-554b-4f42-b4c3-48e0a841f589","name":"MedusaLocker Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3066","tidal_id":"b9bbad67-1f95-579d-8da6-e6795a94e044","created":"2023-08-11T21:14:14.725007Z","modified":"2023-08-11T21:14:14.725014Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3015","group_id":"55b20209-c04a-47ab-805d-ace83522ef6a","name":"MedusaLocker Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"95297f37-f62d-4763-bc78-1f69ffb1122e","tag":"0512bbd3-0596-4426-9ee6-d2bfeb8fd219"},{"id":"85aa814d-6e2a-4174-9bc7-46eb162f3a36","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"889d5c7d-d822-4cd0-8f84-4956410d83fe","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f43585ba-8754-4b5a-b420-28060084b7a3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"d4161d9f-c949-51d8-8550-addec262aa3d","name":"Medusa Ransomware","type":"malware","source":"MITRE","software_attack_id":"S1244","tidal_id":"d4161d9f-c949-51d8-8550-addec262aa3d","created":"2025-10-29T21:08:48.110590Z","modified":"2025-10-29T21:08:48.110591Z","platforms":[],"associated_software":[],"groups":[{"description":"[Medusa Group](https://app.tidalcyber.com/groups/5dd29b96-60b6-5c98-8fc0-510502c700b0) has used [Medusa Ransomware](https://app.tidalcyber.com/software/d4161d9f-c949-51d8-8550-addec262aa3d) for ransomware activities.<sup>[[Palo Alto Unit 42 Medusa Group Medusa Ransomware January 2024](https://app.tidalcyber.com/references/baad1552-9b29-5509-8763-5e16f2b370e1)]</sup><sup>[[CISA Medusa Group Medusa Ransomware March 2025](https://app.tidalcyber.com/references/fe6f032e-11f3-5d6d-9a65-e5fc54cb2779)]</sup><sup>[[Broadcom Medusa Ransomware Medusa Group March 2025](https://app.tidalcyber.com/references/01d2a059-f002-5e1e-97c1-ae714648fc10)]</sup><sup>[[Security Scorecard Medusa Ransomware January 2024](https://app.tidalcyber.com/references/9bb3d126-ccfe-5790-9588-324cf30899d0)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Security Blog October 06 2025](/references/242bd97d-dad0-49af-9ed6-f150542b8ded)]</sup>","group_attack_id":"G3139","group_id":"0aa009a3-4c8d-44d9-aa5f-6f68eb7d846c","name":"Storm-1175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1c8bfbd2-1096-4a11-a5af-6e6b9c7261e1","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"d29f103b-ceb0-49fc-8085-2d0fd84288d8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4a9ba721-6c6c-4b52-a0d5-d6893dad4c51","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"85f75a50-9a42-4b85-95d1-4231f1bb701d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"25794297-70a4-4459-b798-29791379a6da","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"620de61f-79ea-49fd-9933-09f66f6b0c34","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"}],"owner_name":null},{"id":"c387c7e0-b8d9-4475-8672-c1285e38f2a1","name":"Medusa Ransomware (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3444","tidal_id":"072686d1-381c-5f01-83f4-c2eae1f34b7f","created":"2025-03-17T18:33:47.203806Z","modified":"2025-03-17T18:33:47.203810Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog October 06 2025](/references/242bd97d-dad0-49af-9ed6-f150542b8ded)]</sup>","group_attack_id":"G3139","group_id":"0aa009a3-4c8d-44d9-aa5f-6f68eb7d846c","name":"Storm-1175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"87000d92-7f5c-482b-9888-64a4c08fe1d0","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"4bb1aaa0-5cc2-4340-90f6-3ff87cae2ccd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f8900361-ec66-4040-9c8a-e6d18125e394","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"862b2767-dff5-482b-ac98-7c0c51e6c554","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"8a364e3f-d07e-4720-9833-dd2ac0940bd6","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"59d2b390-a8f1-49ba-b4d6-623a9b4f3810","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"}],"owner_name":"TidalCyberIan"},{"id":"7d5b9d91-9447-4b32-984b-16be30dab230","name":"Medusa Rootkit","type":"malware","source":"Trellix TIG","software_attack_id":"S3406","tidal_id":"30743d0d-f255-59b9-b966-55165350e931","created":"2025-04-11T15:06:39.453825Z","modified":"2025-04-11T15:06:39.453829Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"49b265fd-a5e2-45df-bc46-e2d1c879c2cb","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":"TidalCyberIan"},{"id":"acc64744-7188-48b2-a753-196fff0467c6","name":"Meduza","type":"malware","source":"Tidal Cyber","software_attack_id":"S3401","tidal_id":"e88ec040-fae3-5e11-97cb-2f3089089a88","created":"2024-10-14T19:20:46.238371Z","modified":"2024-10-14T19:20:46.238375Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7131b8dd-3b85-44fc-a698-2962b79dfd6a","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"735eb1a8-6670-4c62-b52f-0097715b09f2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b0ff7fae-3762-434f-9021-b0c17cf64ea5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6c3bbcae-3217-43c7-b709-5c54bc7636b1","name":"meek","type":"tool","source":"MITRE","software_attack_id":"S0175","tidal_id":"7846ca12-2524-5013-8bca-f4e33ccec5b4","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant No Easy Breach](https://app.tidalcyber.com/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"df92f37d-644d-481a-bf51-de3c0d65e39b","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"f2384d09-61fa-4679-b975-6901dcd5c506","name":"MEGAcmd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3143","tidal_id":"bd9637bb-c32f-5203-882a-cfb63d95e4a2","created":"2024-06-24T15:00:25.924081Z","modified":"2024-06-24T15:00:25.924086Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[huntress.com August 21 2025](/references/ff3cc4e2-ff9b-40e5-a5e1-af6fc14ccb67)]</sup>","group_attack_id":"G3125","group_id":"4f797580-fff2-4f5c-a5d2-bffeaced17e4","name":"Cephalus Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]</sup>","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll Royal Ransomware February 13 2023](/references/de385ede-f928-4a1e-934c-8ce7a6e7f33b)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA LockBit Citrix Bleed November 21 2023](/references/21f56e0c-9605-4fbb-9cb1-f868ba6eb053)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1d7a94cf-23d9-490c-b8a7-cf0a613dfcc9","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"5d4e4172-3b88-456e-9c1f-c87dc63afa33","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"231e9771-18af-4180-9bb8-157a8a54480b","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"12e9ecc8-3ff1-47d1-be00-67f67fae54ac","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3e6ea8a5-7b79-41dc-9ddd-b00a6e53be86","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"24ec31f3-4ec9-445f-b750-59a8d9e39345","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d8a4a817-2914-47b0-867c-ad8eeb7efd10","name":"MegaCortex","type":"malware","source":"MITRE","software_attack_id":"S0576","tidal_id":"4fb00e00-c917-569c-b85f-7543325f184b","created":"2021-02-17T20:27:27.222000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f71ae07c-29e8-4920-8b4f-d294081eba5a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"6a43077c-1a57-4f52-a3df-2ba364cdb083","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"eed908e5-a0b3-473f-bca4-0d3197af2168","name":"MEGAsync","type":"tool","source":"Tidal Cyber","software_attack_id":"S3021","tidal_id":"a7298a3d-2ff8-5982-b7d3-5e15a946b6ea","created":"2023-07-14T12:56:38.208898Z","modified":"2023-07-14T12:56:38.208902Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e1c87dab-3216-4d30-a396-96cd440be0b6","name":"MEGA","description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","source":"USER","associated_software_id":"16a8121b-da07-430a-ba77-a70472ca7375","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"d2e86c9f-44b3-402d-9234-9b94479ef317","name":"MEGA.nz","description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","source":"USER","associated_software_id":"6469589f-c6a8-4538-93c8-44b59ecbe6df","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Akira April 18 2024](/references/2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]</sup>","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Resecurity BlackLock March 25 2025](/references/2977c45f-3a7a-42ae-be59-378aa288dc24)]</sup>","group_attack_id":"G3109","group_id":"fea2db0e-e6a6-44f1-9b5a-2d00744c388b","name":"BlackLock Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d583ac3f-ad07-41e6-bed1-6959a97ae285","tag":"9db5e7e2-74da-46a7-9bf4-e4cfb66106c9"},{"id":"de059cdb-6c00-439f-8ff9-8cecc002ec2f","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"c3039d81-5cfb-437f-bb36-6461e0a8593e","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d4a92a21-ee50-41cd-9d8f-acac2b7ad8dd","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"11127535-9ca4-44bd-9177-25169678eefd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ecdae391-fe08-4288-afd7-b17778029af1","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7b072437-1b34-4801-9d58-4f1b6a52c19c","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"74cd2d94-3542-426d-8c44-9578fa20dede","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5fd21d1f-8db8-4511-9a19-e9a49617017f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c3078833-6918-46a1-b818-3d67f1070c48","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"732cd3c4-8421-49fc-b19b-e909b633996a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"a547bcc4-a4de-496e-8079-8afa7671ee83","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"538ee4ad-850e-4edf-a447-94e1d203f2d6","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"7129d4c0-1ff0-494b-ba50-6e47336358a3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"ce7cc3f0-ec0e-49ae-940c-25e895de9ada","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1f97eced-24c7-4aef-86cd-fcbfc3b0910d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"462185ea-09b9-50b2-88f4-b1956d8cb392","name":"Megazord","type":"malware","source":"MITRE","software_attack_id":"S1191","tidal_id":"462185ea-09b9-50b2-88f4-b1956d8cb392","created":"2025-04-22T20:46:57.789966Z","modified":"2025-04-22T20:46:57.789970Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA Akira Ransomware APR 2024](https://app.tidalcyber.com/references/bfa99833-7ddf-576a-958c-adac87da09c8)]</sup><sup>[[Cisco Akira Ransomware OCT 2024](https://app.tidalcyber.com/references/fa57d7ae-c0d2-58cd-8a91-a242f7348d60)]</sup><sup>[[Palo Alto Howling Scorpius DEC 2024](https://app.tidalcyber.com/references/26d3e738-8921-51bc-a71c-7e74278a6a78)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"47dc28b0-d7bc-4959-ae10-fcde7700073a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a86aa110-7b76-403c-815b-52e5aad6f059","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"aa844e6b-feda-4928-8c6d-c59f7be88da0","name":"Melcoz","type":"malware","source":"MITRE","software_attack_id":"S0530","tidal_id":"9e109128-6d39-5188-a59e-74b44bbdb352","created":"2020-11-10T20:24:50.464000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9bd0d33e-49c3-4ea8-bcb1-dee16255e533","name":"MemLoader Edge","type":"malware","source":"Tidal Cyber","software_attack_id":"S3960","tidal_id":"10eae48f-3297-54f9-94c1-86f2456ac253","created":"2026-01-23T20:31:08.540763Z","modified":"2026-01-23T20:31:08.540767Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"8e082651-6302-4faa-9307-79699f50fa57","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"5d177be2-4902-452b-a5eb-fb719f411355","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"2d8724a8-785d-4f89-bc92-8f9e37786009","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f09ef017-63b6-4461-b786-3a4879a4f6d3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d117bafa-101f-4c29-8418-9daf9c16b6d2","name":"MemLoader HidenDesk","type":"malware","source":"Tidal Cyber","software_attack_id":"S3961","tidal_id":"9a9a09ea-42c3-59fa-82e2-ee0f2898f52f","created":"2026-01-23T20:31:08.692775Z","modified":"2026-01-23T20:31:08.692779Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"01631360-9d5b-49b6-b9c3-935cd4c583b8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"e836b485-4d24-4c33-bc7f-61eb3693e29a","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"8d819ba9-173b-4717-9475-2786e1e0d362","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9f5867ce-d740-491d-a353-c4f92b28842e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6a2e4e95-60c2-4cf1-a9dc-5e167127c472","name":"Merlin","type":"tool","source":"Tidal Cyber","software_attack_id":"S3453","tidal_id":"d963286d-2dc2-557c-b0c6-47666f046cc0","created":"2025-03-25T13:16:26.985953Z","modified":"2025-03-25T13:16:26.985956Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"e5bef040-7d3a-4f19-a269-3ccde22089ff","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c185e50a-2157-4bbe-9a8f-776e8de0e1dc","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"b3604345-f37f-44bc-9dbe-e14e322e4bcf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7b3e8be3-7f27-4bb5-87a8-984c756b92d8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a0d47941-5185-4209-84d9-a70da1904f9d","name":"MeshAgent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3586","tidal_id":"5245e721-e410-5015-b496-04160f8c845f","created":"2025-10-13T17:29:24.289312Z","modified":"2025-10-13T17:29:24.289315Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog October 06 2025](/references/242bd97d-dad0-49af-9ed6-f150542b8ded)]</sup>","group_attack_id":"G3139","group_id":"0aa009a3-4c8d-44d9-aa5f-6f68eb7d846c","name":"Storm-1175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4e20bc94-47af-4b0d-83be-04ed9249a8e8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"3d6c9838-84cc-42e7-8903-2445fb745351","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"1d7f0f0b-1481-4e9c-a5dc-e7bbbe5aba47","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"afb6a808-724e-457a-9dcf-503b79c9f4df","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"43ed1593-1f06-4acd-89f4-e3b6b2a0ac57","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"616e0c67-4913-4445-9923-419b328a158f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"15d7e478-349d-42e6-802d-f16302b98319","name":"MESSAGETAP","type":"malware","source":"MITRE","software_attack_id":"S0443","tidal_id":"f75a4a1f-add4-5fe6-a321-478a151264c8","created":"2020-05-11T21:41:19.008000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye MESSAGETAP October 2019](https://app.tidalcyber.com/references/f56380e8-3cfa-407c-a493-7f9e50ba3867)]</sup><sup>[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"0a9874bf-4f02-5fab-8ab6-d0f42c6bc71d","name":"metaMain","type":"malware","source":"MITRE","software_attack_id":"S1059","tidal_id":"a1ba720a-3056-55a6-9425-0b68e219967b","created":"2023-05-26T01:20:55.162217Z","modified":"2023-05-26T01:20:55.162221Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelLabs Metador Sept 2022](https://app.tidalcyber.com/references/137474b7-638a-56d7-9ce2-ab906f207175)]</sup><sup>[[SentinelLabs Metador Technical Appendix Sept 2022](https://app.tidalcyber.com/references/aa021076-e9c5-5428-a938-c10cfb6b7c97)]</sup>","group_attack_id":"G1013","group_id":"a3a3a1d3-7fe7-5578-8c5f-9c0f2f68079b","name":"Metador","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ca607087-25ad-4a91-af83-608646cccbcb","name":"Metamorfo","type":"malware","source":"MITRE","software_attack_id":"S0455","tidal_id":"642fb2f3-83ac-5627-9e8d-9741fb1ad765","created":"2020-05-26T17:34:19.044000Z","modified":"2022-10-18T23:23:55.295000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4ba3ce3c-899e-42af-891f-70b28b0d00f6","name":"Water Saci Banking Trojan","description":"<sup>[[Trend Micro December 02 2025](/references/329e7423-e145-4390-96df-fe0744b51b19)]</sup>","source":"USER","associated_software_id":"0dbb10e5-cffe-4a90-8681-1eb101654c4d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c2833e32-851b-49d5-98e7-3dc7502ad069","name":"Casbaneiro","description":"<sup>[[ESET Casbaneiro Oct 2019](https://app.tidalcyber.com/references/a5cb3ee6-9a0b-4e90-bf32-be7177a858b1)]</sup>","source":"MITRE","associated_software_id":"10ba04c6-5c6e-4b8e-b855-3d02ce26808b","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Trend Micro December 02 2025](/references/329e7423-e145-4390-96df-fe0744b51b19)]</sup>","group_attack_id":"G3158","group_id":"cbf5dc44-dafc-4cd5-9695-dc47d39e8b78","name":"Water Saci","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7754bd01-0750-4ee3-bd7b-47f167749b05","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"1a889057-70ce-4b7f-8861-cc563aea8c4a","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"0efb1324-7f40-486c-b27b-c6bb858a693d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"f1046afa-062d-45e1-a423-08596f4420a3","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"328069b3-a6af-4b74-8c67-6475925c39d3","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"410e43a9-3800-4800-b657-b4bf19fa84b8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"52eef453-1d67-4d28-9eb1-a89e2e575b7f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8d3b1150-8bb3-49a8-8266-7023e3c5e50a","name":"Metasploit","type":"malware","source":"Tidal Cyber","software_attack_id":"S3068","tidal_id":"155efaf4-c697-5cda-8ac6-c411c8565252","created":"2023-09-08T15:49:57.244307Z","modified":"2023-09-08T15:49:57.244311Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CERT-UA Alert April 28 2022](/references/ebea04a5-d21b-4174-a12b-b398c8054a9f)]</sup>","group_attack_id":"G3077","group_id":"9d665cc1-8ecc-4064-8221-c74bd6ffd97a","name":"UAC-0098","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bc3f95da-c2be-4410-9809-3465cd623e0f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a13ad362-13df-45a5-a9c8-64804e39a05e","tag":"677c5953-3cc8-44bb-89bc-d9a31f9d170c"},{"id":"66ced8bf-8617-4412-b326-a8fe72d0c7c1","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"c92902a2-1236-4cd5-96e8-599257bf538b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a0e81a6c-9383-42e5-a0ca-3dddb361629f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5abaa27d-a852-482d-af49-a3bfe9d99089","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"bbcf7984-b1b1-4f77-a616-3f6ccc1551a4","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9f1b6201-0b75-43a4-acb5-7cefbc96772e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6932f6df-28cf-4bcf-a1ab-3afacdab2f52","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":"TidalCyberIan"},{"id":"e95281ef-a1b1-4da0-b7cc-fa0a9236a4fc","name":"MetaStealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3128","tidal_id":"a23800f2-af83-53c7-901e-7ea9736ed438","created":"2024-06-13T20:12:33.500943Z","modified":"2024-06-13T20:12:33.500947Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"09465967-f406-43b1-8e94-f4142673e3dc","tag":"c7bd6fa4-288f-4da1-986e-e0fd9a4a3c97"},{"id":"87a1a74f-f1e0-4ce9-8f10-777e887f8efa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"60be8832-03bb-4197-b8cc-eeef1d417b37","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ee07030e-ff50-404b-ad27-ab999fc1a23a","name":"Meteor","type":"malware","source":"MITRE","software_attack_id":"S0688","tidal_id":"e0ec0c46-9c3b-5b8b-ab3a-3b57d44e56a5","created":"2022-03-07T19:08:55.858000Z","modified":"2022-04-14T15:48:23.444000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"b6075cd0-075f-4a3e-a460-f052eefa6660","tag":"f68659fd-4d2f-4c9c-959d-b9f7ef91c228"}],"owner_name":null},{"id":"62a44d4d-d7ea-4b8f-b29c-2b6867acbaf2","name":"Meterpreter","type":"tool","source":"Tidal Cyber","software_attack_id":"S3498","tidal_id":"48f991d5-3d8f-505e-b636-96e2308ea59c","created":"2025-06-10T15:51:00.832946Z","modified":"2025-06-10T15:51:00.832949Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[AhnLab Kimsuky Meterpreter May 15 2025](/references/317e7e68-f7b2-4976-9604-7fba5dabce62)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cisco Talos Mustang Panda May 5 2022](/references/6d329def-43ef-40e0-bf70-7bc6fa9bcc2a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic CUBA Ransomware 2022](/references/79299d27-dbbf-56d0-87fd-15e3f9167cf8)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9937d872-27b5-47a2-ab6d-2628cde99d67","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"4248cd5b-fb03-432f-858c-71e955165d02","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cdee8f1c-b14b-4224-8875-ca2306952a9c","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"248f43d9-3481-42f4-9c14-78dcf99169a6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"21cfd839-98f7-4662-be7e-41376bb26ada","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ec8e06b2-a81b-486c-bfb3-3e16b68fc61c","name":"mfpmp.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3827","tidal_id":"1b9451c7-9825-514e-bfdd-8ed9f022f858","created":"2025-12-29T17:41:05.033103Z","modified":"2025-12-29T17:41:05.033107Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"71e93c70-19f3-401a-9ebe-ce6a60e2c4a2","name":"Microsoft Media Foundation Protected Pipeline executable","description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","source":"USER","associated_software_id":"d704944b-0166-4d2d-b80d-d633a903ad8b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"1891fd17-7e95-4615-b8d6-53a91d56e519","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"c737ad7f-1d32-4d1d-83d8-9d59a0e3822d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ace1b9c6-5616-4411-afde-990dddd41f4b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4184f447-6f74-487b-be08-6330a6b78992","name":"Mftrace","type":"tool","source":"Tidal Cyber","software_attack_id":"S3345","tidal_id":"93eea13c-baf9-5c55-aa2c-090f2c683a68","created":"2024-01-12T14:48:34.649868Z","modified":"2024-01-12T14:48:34.649872Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3c8563d5-7397-4275-8df1-d365026c3f3f","name":"Mftrace.exe","description":"<sup>[[Mftrace.exe - LOLBAS Project](/references/b6d42cc9-1bf0-4389-8654-90b8d4e7ff49)]</sup>","source":"Tidal Cyber","associated_software_id":"d9cc6ddb-3c47-45f9-8caf-8124ca55945f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"936cd336-c869-4a34-ac8e-eb8c4f9b3f88","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b70184c6-19ad-480f-b9b3-841ed6cfe025","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"df390ec3-6557-524d-8a89-3fceff24ca96","name":"MgBot","type":"malware","source":"MITRE","software_attack_id":"S1146","tidal_id":"df390ec3-6557-524d-8a89-3fceff24ca96","created":"2024-10-31T16:28:06.513166Z","modified":"2024-10-31T16:28:06.513169Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) is uniquely associated with the use of [MgBot](https://app.tidalcyber.com/software/df390ec3-6557-524d-8a89-3fceff24ca96) since at least 2012.<sup>[[ESET EvasivePanda 2023](https://app.tidalcyber.com/references/08026c7e-cc35-5d51-9536-a02febd1a891)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a960b02a-be0e-41ea-88c1-f53101383d33","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"6742bbd0-bafc-490f-89b7-77addcbd6213","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"e4c1bc18-5dd5-4108-8d16-bc1e9f1524a9","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"19c5e992-0259-4473-9d5d-57e0fa1066b4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5879efc1-f122-43ec-a80d-e25aa449594d","name":"Micropsia","type":"malware","source":"MITRE","software_attack_id":"S0339","tidal_id":"37ff5eec-32b1-5bee-a237-2e74984baf6b","created":"2019-01-29T21:47:53.070000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G1028","group_id":"e3c5164e-49cf-5bb1-955d-6775585abb14","name":"APT-C-23","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5c3c18c2-3118-44ab-9f75-52d32c32d7bb","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"00845076-d8de-4e16-881d-219d6ab619dc","name":"MicrosoftEdgeUpdate.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3667","tidal_id":"adb2bbf8-2e57-57bc-a130-56ee11331241","created":"2025-12-10T14:14:50.847840Z","modified":"2025-12-10T14:14:50.847844Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro November 13 2025](/references/42e2f322-f311-4d96-9f07-9d4130c83cab)]</sup>","group_attack_id":"G3151","group_id":"5e289ad4-7e4a-4ce4-bf6c-876ef98186cb","name":"Water Kurita","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4d1bfaa9-e825-4b85-920a-c3c2f6af2d9a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bb3c183c-f29b-4851-893b-841de816caab","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"370b00ba-1f91-4375-8a4c-5ca67066f4fd","name":"Microsoft.NodejsTools.PressAnyKey","type":"tool","source":"Tidal Cyber","software_attack_id":"S3346","tidal_id":"52f47901-2134-5b79-9545-71cb2ef40971","created":"2024-01-12T14:48:35.024408Z","modified":"2024-01-12T14:48:35.024412Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"50c7eb9c-5bc2-4e06-a052-835c2f76ac5c","name":"Microsoft.NodejsTools.PressAnyKey.exe","description":"<sup>[[Microsoft.NodejsTools.PressAnyKey.exe - LOLBAS Project](/references/25c46948-a648-4c3c-b442-e700df68fa20)]</sup>","source":"Tidal Cyber","associated_software_id":"9ddd8ae4-93ff-41ce-b8f2-ac035a25411f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"beb71865-d07c-495f-9544-ede89d52babe","tag":"eb75bfce-e0d6-41b3-a3f0-df34e6e9b476"},{"id":"32b12833-7230-49a2-9508-7e4c4a1662e7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ed7e6142-fbc8-4086-b738-13b387f2e2cf","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f6ae32ec-13d2-4077-8216-b4c262ca58e7","name":"Microsoft OneDrive.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3659","tidal_id":"920eaa62-9818-52f2-928b-35e819ea84ed","created":"2025-11-26T19:38:18.842890Z","modified":"2025-11-26T19:38:18.842895Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None September 03 2025](/references/fd78818b-2d33-4dd8-93a1-4263e8ceeec9)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"cd531504-f646-4d06-adad-3242d323691e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b12d55f0-6d03-459f-bf24-6e2456f0c03d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"49d5fbc1-8394-46fd-aa61-f60c18ab4884","name":"Microsoft.Win32.TaskScheduler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3913","tidal_id":"1dd1c6ab-4ec8-5b67-9356-7a409e263810","created":"2026-01-14T13:31:34.469238Z","modified":"2026-01-14T13:31:34.469242Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"87422972-b563-4751-851e-a1a78f8227db","name":"TaskScheduler library","description":"<sup>[[Cyble December 19 2025](/references/0632aa3b-2687-4ca8-9d3a-b109f624f21e)]</sup>","source":"USER","associated_software_id":"9919ad21-cc16-4517-929d-ae699e22816a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ca845b7d-de5e-460f-a50c-3c3cdc082b96","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"34d5f92f-334b-4e22-912d-8a94c99682a7","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"bd159164-189a-4525-9a94-40387162dd0c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"cdc76b73-8d95-4164-8385-50ee757ad1f4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"080fc4cc-fe9c-45dc-bc41-50765a6c5354","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"27bd5fc3-17d9-46fa-84ce-c772736512cd","name":"Microsoft.Workflow.Compiler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3243","tidal_id":"8bfe5f38-1a6b-5086-a41a-1933881c1063","created":"2024-01-12T14:47:57.513604Z","modified":"2024-01-12T14:47:57.513608Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9d2ea5e7-8e65-42a3-ad22-451f034e1acc","name":"Microsoft.Workflow.Compiler.exe","description":"<sup>[[Microsoft.Workflow.Compiler.exe - LOLBAS Project](/references/1e659b32-a06f-45dc-a1eb-03f1a42c55ef)]</sup>","source":"Tidal Cyber","associated_software_id":"26fae087-2715-4a16-8583-ffe1e0040044","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"39d43b08-4221-4690-9666-513e6e314aa0","tag":"b48e3fa8-25b4-42be-97e7-086068a150c5"},{"id":"6d3a1866-ad8c-4487-80e6-972340e85fc4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"549defa4-002b-4de4-aa41-33267b5f088a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"57545dbc-c72a-409d-a373-bc35e25160cd","name":"Milan","type":"malware","source":"MITRE","software_attack_id":"S1015","tidal_id":"7b9c490b-d2bd-5991-92a3-6878ac3704dc","created":"2022-06-06T18:34:37.625000Z","modified":"2022-08-31T21:45:17.174000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"053eadf6-5b33-45d1-b499-837e43d4a3aa","name":"James","description":"<sup>[[Accenture Lyceum Targets November 2021](https://app.tidalcyber.com/references/127836ce-e459-405d-a75c-32fd5f0ab198)]</sup>","source":"MITRE","associated_software_id":"e94603e8-5352-4ef9-9970-e2ac9ede79b4","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]</sup><sup>[[Accenture Lyceum Targets November 2021](https://app.tidalcyber.com/references/127836ce-e459-405d-a75c-32fd5f0ab198)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d3a80d1f-1d1d-4ac4-ae2a-c687dff7b47e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b8e7c0b4-49e4-4e8d-9467-b17f305ddf16","name":"Mimikatz","type":"tool","source":"MITRE","software_attack_id":"S0002","tidal_id":"387f8f1d-b604-554d-a2b3-61de15d2c5e1","created":"2017-05-31T21:32:11.544000Z","modified":"2022-08-03T15:07:11.534000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]</sup><sup>[[BitDefender Chafer May 2020](https://app.tidalcyber.com/references/24ea6a5d-2593-4639-8616-72988bf2fa07)]</sup><sup>[[Dark Reading APT39 JAN 2019](https://app.tidalcyber.com/references/b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58)]</sup><sup>[[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has gathered credentials using [Mimikatz](https://app.tidalcyber.com/software/b8e7c0b4-49e4-4e8d-9467-b17f305ddf16).<sup>[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup><sup>[[MSTIC Octo Tempest Operations October 2023](https://app.tidalcyber.com/references/92716d7d-3ca5-5d7a-b719-946e94828f13)]</sup><sup>[[Mandiant UNC3944 May 2025](https://app.tidalcyber.com/references/ba2831ec-0f30-574b-afdc-e8a7ec12b1ea)]</sup><sup>[[Check Point Scattered Spider JUL 2025](https://app.tidalcyber.com/references/276a2ed6-d532-51ee-9066-83145b7506c5)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Threat Group-3390](https://app.tidalcyber.com/groups/79be2f31-5626-425e-844c-fd9c99e38fe5) has used a modified version of Mimikatz called Wrapikatz.<sup>[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]</sup><sup>[[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)]</sup><sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup><sup>[[Talent-Jump Clambling February 2020](https://app.tidalcyber.com/references/51144a8a-0cd4-4d5d-826b-21c2dc8422be)]</sup><sup>[[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MSTIC DEV-0537 Mar 2022](https://app.tidalcyber.com/references/a9ce7e34-6e7d-4681-9869-8e8f2b5b0390)]</sup>","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[Microsoft 365 Defender Solorigate](https://app.tidalcyber.com/references/449cf112-535b-44af-9001-55123b342779)]</sup><sup>[[CrowdStrike StellarParticle January 2022](https://app.tidalcyber.com/references/149c1446-d6a1-4a63-9420-def9272d6cb9)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET Turla Mosquito May 2018](https://app.tidalcyber.com/references/d683b8a2-7f90-4ae3-b763-c25fd701dbf6)]</sup><sup>[[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Whitefly March 2019](https://app.tidalcyber.com/references/d0e48356-36d9-4b4c-b621-e3c4404378d2)]</sup>","group_attack_id":"G0107","group_id":"f0943620-7bbb-4239-8ed3-c541c36baaa1","name":"Whitefly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 DarkHydrus July 2018](https://app.tidalcyber.com/references/800279cf-e6f8-4721-818f-46e35ec7892a)]</sup><sup>[[Unit 42 Playbook Dec 2017](https://app.tidalcyber.com/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]</sup>","group_attack_id":"G0079","group_id":"f2b31240-0b4a-4fa4-82a4-6bb00e146e75","name":"DarkHydrus","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky CactusPete Aug 2020](https://app.tidalcyber.com/references/1c393964-e717-45ad-8eb6-5df5555d3c70)]</sup>","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Thrip June 2018](https://app.tidalcyber.com/references/482a6946-b663-4789-a31f-83fb2132118d)]</sup>","group_attack_id":"G0076","group_id":"a3b39b07-0bfa-4c69-9f01-acf7dc6033b4","name":"Thrip","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN13 Aug 2022](https://app.tidalcyber.com/references/ebd9d479-1954-5a4a-b7f0-d5372489733c)]</sup>","group_attack_id":"G1016","group_id":"570198e3-b59c-5772-b1ee-15d7ea14d48a","name":"FIN13","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cycraft Chimera April 2020](https://app.tidalcyber.com/references/a5a14a4e-2214-44ab-9067-75429409d744)]</sup><sup>[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup> ","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup><sup>[[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 MuddyWater Nov 2017](https://app.tidalcyber.com/references/dcdee265-2e46-4f40-95c7-6a2683edb23a)]</sup><sup>[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Crowdstrike Indrik November 2018](https://app.tidalcyber.com/references/0f85f611-90db-43ba-8b71-5d0d4ec8cdd5)]</sup><sup>[[Mandiant_UNC2165](https://app.tidalcyber.com/references/92e39558-cd2c-54c4-8930-aafdd2f14bca)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Carbanak](https://app.tidalcyber.com/references/2f7e77db-fe39-4004-9945-3c8943708494)]</sup>","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Netscout Stolen Pencil Dec 2018](https://app.tidalcyber.com/references/6d3b31da-a784-4da0-91dd-b72c04fd520a)]</sup><sup>[[KISA Operation Muzabi](https://app.tidalcyber.com/references/8742ac96-a316-4264-9d3d-265784483f1a)]</sup><sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 Cuba August 9 2022](/references/06f668d9-9a68-4d2f-b9a0-b92beb3b75d6)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]</sup><sup>[[Cybereason Oceanlotus May 2017](https://app.tidalcyber.com/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)]</sup><sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit42 OilRig Playbook 2023](https://app.tidalcyber.com/references/e38902bb-9bab-5beb-817b-668a67a76541)]</sup><sup>[[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)]</sup><sup>[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]</sup><sup>[[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]</sup>","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]</sup><sup>[[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)]</sup><sup>[[Trend Micro Tick November 2019](https://app.tidalcyber.com/references/93adbf0d-5f5e-498e-aca1-ed3eb11561e7)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Bizeul 2014](https://app.tidalcyber.com/references/a4617ef4-e6d2-47e7-8f81-68e7380279bf)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Medusa Group](https://app.tidalcyber.com/groups/5dd29b96-60b6-5c98-8fc0-510502c700b0) has used [Mimikatz](https://app.tidalcyber.com/software/b8e7c0b4-49e4-4e8d-9467-b17f305ddf16) to dump LSASS for credential harvesting.<sup>[[CISA Medusa Group Medusa Ransomware March 2025](https://app.tidalcyber.com/references/fe6f032e-11f3-5d6d-9a65-e5fc54cb2779)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MOXFIVE Qilin April 1 2025](/references/363d1140-2d89-4354-ad03-85f031b9cc94)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PTSecurity Cobalt Group Aug 2017](https://app.tidalcyber.com/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)]</sup><sup>[[PTSecurity Cobalt Dec 2016](https://app.tidalcyber.com/references/2de4d38f-c99d-4149-89e6-0349a4902aa2)]</sup><sup>[[Group IB Cobalt Aug 2017](https://app.tidalcyber.com/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) has used [Mimikatz](https://app.tidalcyber.com/software/b8e7c0b4-49e4-4e8d-9467-b17f305ddf16) for credential dumping during operations.<sup>[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks IRON LIBERTY July 2019](https://app.tidalcyber.com/references/c666200d-5392-43f2-9ad0-1268d7b2e86f)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Sofacy](https://app.tidalcyber.com/references/46226f98-c762-48e3-9bcd-19ff14184bb5)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup><sup>[[Microsoft NICKEL December 2021](https://app.tidalcyber.com/references/29a46bb3-f514-4554-ad9c-35f9a5ad9870)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup><sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[RedCanary Mockingbird May 2020](https://app.tidalcyber.com/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]</sup>","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]</sup>","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]</sup>","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[FireEye TRITON 2019](https://app.tidalcyber.com/references/49c97b85-ca22-400a-9dc4-6290cc117f04)]</sup>","group_attack_id":"G0088","group_id":"3a54b8dc-a231-4db8-96da-1c0c1aa396f6","name":"TEMP.Veles","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cisco Talos Blog September 10 2024](/references/c8ea888b-c87c-49eb-a1be-3a269292c414)]</sup>","group_attack_id":"G3075","group_id":"2ee8f401-679c-455e-bc19-511bacdbffff","name":"DragonRank","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cyber Centre ALPHV/BlackCat July 25 2023](/references/610c8f22-1a96-42d2-934d-8467d136eed2)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) used [Mimikatz](https://app.tidalcyber.com/software/b8e7c0b4-49e4-4e8d-9467-b17f305ddf16) to dump credentials from LSASS memory.<sup>[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"067118ee-2ded-4ac8-9a42-00185fab68a8","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"65affbd0-9c2a-4abc-9922-370c4048d32b","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"0f61b358-d7f2-4161-88aa-8271423c72fd","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"009ed2b3-2a35-4256-9bd0-eb8784cc54a7","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"d2f159da-35b7-4f8e-a0e2-e6e839f51f4d","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"a4005fbe-44fb-4758-8a94-006117b37843","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"ccde64c1-4aea-462f-bca7-7e49ca09d13d","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"5c9ecb01-ade4-4274-bbb7-80ad92ca895f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"68529ee9-3fb8-4f9d-b0a9-6d7bf61ad850","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c0d0ae40-2edb-4adb-af41-680f0f123d7b","tag":"5fda51b0-dfda-49bd-8615-524b45d4cd44"},{"id":"4f891d3f-d51b-4c34-a660-f2f89877ad1f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b008a4f4-b592-4bb9-b457-11166802f03a","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"a95dcb52-1697-4150-9443-3cd26f3ad5a6","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"dbce1a6f-1196-4e04-ba0c-dc1be67a7a3c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"43707970-2add-43cc-b8fd-740a346be49e","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a600b6c2-5a66-43a7-bafa-0d71e2cd2b88","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"0ded591f-1b31-486b-95f5-aaa1749fb177","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"bd26c0ee-b06b-4461-bda8-e371d36f5d35","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"209170a6-3bf1-4b3e-b327-a9e6621bc57b","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a145b987-853f-4ab2-8bc6-822ed2852ab9","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"68b6d52a-7d15-449e-bee3-8031afa2ea71","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"42350632-b59a-4cc5-995e-d95d8c608553","name":"MimiPenguin","type":"tool","source":"MITRE","software_attack_id":"S0179","tidal_id":"bcbbd5a7-ee70-5011-a858-e5d464222aba","created":"2018-01-16T16:13:52.465000Z","modified":"2021-10-15T16:57:34.776000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Palo Alto Black-T October 2020](https://app.tidalcyber.com/references/d4351c8e-026d-4660-9344-166481ecf64a)]</sup>","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7eebbfb7-b972-4e4e-9a96-484109b9226f","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"c0dea9db-1551-4f6c-8a19-182efc34093a","name":"Miner-C","type":"malware","source":"MITRE","software_attack_id":"S0133","tidal_id":"4230530e-e31c-513c-9d4e-aa642451c03c","created":"2017-05-31T21:33:16.315000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3b6fde60-7d14-4e7b-ac5c-79164f00fef4","name":"MINIBIKE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3643","tidal_id":"10a26ac2-d46a-5671-bb01-9a73ed2c02d8","created":"2025-11-19T17:45:40.851223Z","modified":"2025-11-19T17:45:40.851226Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"87da1be6-4aac-4318-8b95-f4a1b6372de7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e84a70b6-8ee1-4bd4-86f1-c6ad2d83308a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"36864ce9-d39f-452d-aa49-5a2a48290594","name":"MiniBrowse","type":"malware","source":"Tidal Cyber","software_attack_id":"S3562","tidal_id":"a6fbc727-3799-5972-9388-f92055d868c2","created":"2025-10-07T14:07:34.233863Z","modified":"2025-10-07T14:07:34.233865Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research 09 22 2025](/references/e813f0cf-b9de-429a-8699-aadd90b5de4f)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"edcf0f50-8902-4209-b55c-83f2eff9a52c","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"941dba79-bd6f-40f6-8c72-a2fd5d4a1ce8","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"73b5f1e2-7647-49ba-b6df-88a1103272b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f0213177-feed-4ce3-a578-2463541c35f8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2bb16809-6bc3-46c3-b28a-39cb49410340","name":"MiniDuke","type":"malware","source":"MITRE","software_attack_id":"S0051","tidal_id":"d91ddf8a-03a3-58f4-9db1-e7330d6f3e86","created":"2017-05-31T21:32:36.919000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b2a5a96a-ccd2-4a72-98c1-839d0b289cca","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"2fecbdd8-1631-4ec0-a92b-5ebd00233e07","name":"MiniDump","type":"tool","source":"Trellix TIG","software_attack_id":"S3474","tidal_id":"7fa33aff-ca92-53eb-89d3-663554526091","created":"2025-04-11T15:06:54.758049Z","modified":"2025-04-11T15:06:54.758053Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"a9b2d5c7-a7a3-4097-a00c-20d1aeaa51ec","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"582a4bf1-b551-48ba-a73e-79d2de83e8b0","name":"MiniJunk","type":"malware","source":"Tidal Cyber","software_attack_id":"S3563","tidal_id":"259ff9a9-ba94-53fe-8389-a91ee616d130","created":"2025-10-07T14:07:34.377506Z","modified":"2025-10-07T14:07:34.377508Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"30a58c55-7c00-4121-86b6-2d7a5643f49a","name":"Minibike","description":"<sup>[[Check Point Research 09 22 2025](/references/e813f0cf-b9de-429a-8699-aadd90b5de4f)]</sup>","source":"USER","associated_software_id":"f5beb3cd-f9d2-4922-8aeb-c9649eba8995","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"7577561a-1430-48ed-8bb6-8187475e3ead","name":"SlugResin","description":"<sup>[[Check Point Research 09 22 2025](/references/e813f0cf-b9de-429a-8699-aadd90b5de4f)]</sup>","source":"USER","associated_software_id":"dbe1ce0c-a229-4eec-9661-4927c16370ec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Check Point Research 09 22 2025](/references/e813f0cf-b9de-429a-8699-aadd90b5de4f)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"130931d3-4e3e-47d6-b91e-4ac964750b5b","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"7562f6ec-5a1b-4b4e-9030-f1d5642393ff","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"7e054eeb-0373-462e-b0eb-5754f2b6fb82","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"53ed602c-04e3-474c-8109-60dc7e84f6d1","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"99496be9-0b76-4eaf-8f3b-b1e3709709ba","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"22f4eba1-ada8-446a-b862-543ca74bff21","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"67550a5b-0070-4963-8683-6a430a3698a8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e3dae1c5-31a4-40ee-bfc8-3185e8b9a6e2","name":"MinIO Client","type":"tool","source":"Tidal Cyber","software_attack_id":"S3828","tidal_id":"1fabcfb1-b6c5-53f7-9140-c28285cfbe08","created":"2025-12-29T17:41:05.239837Z","modified":"2025-12-29T17:41:05.239841Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8e69df5a-689f-4c47-9dd7-b2cf531ac4f1","name":"mc","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"d9de88ef-d959-4b16-a5e0-d415a401821b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"b2325556-7c93-4f8d-9baf-7dc0b6aff276","name":"mc.exe","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"8f32eb59-8e0d-43df-8b64-c0d9b491b41f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6ae55a54-4e91-4da0-bd97-563cc9ef7e35","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"791a4ef3-8c9f-42f4-81ce-3dc6cf687339","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"81d1e635-6638-471e-a090-760961f5baad","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d748bf8d-df7c-4d39-b6d7-d986fc17ad63","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"14267109-482b-4b08-98c9-096ded89d180","name":"MINOCAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3759","tidal_id":"1d71fd1d-fb5b-5fc7-9e3c-abc28d323cbe","created":"2025-12-17T14:18:50.684159Z","modified":"2025-12-17T14:18:50.684163Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3160","group_id":"1313da23-bbc5-4724-a278-fd6ca5e561f0","name":"Earth Lamia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3161","group_id":"2b008386-ffdc-433d-9b09-1e2cf4f3a4a4","name":"Jackpot Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3163","group_id":"a80c62db-7e04-44a8-8692-945aa22e09d6","name":"UNC6586","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3164","group_id":"0ca3cd2f-9650-4b70-9a65-6a5b512554ca","name":"UNC6588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3165","group_id":"5f8d373c-6992-4a2b-8a86-a16cbd45165a","name":"UNC6595","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3166","group_id":"d92dff67-9704-4503-ad57-867bea3e6bfa","name":"UNC6600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3167","group_id":"0e6985de-e4c1-494b-8901-9aa491202f6f","name":"UNC6603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"48daf01a-6516-4c8b-ba25-789bb14ab1e5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"409d758a-4679-40ab-ad37-6f9999821fe1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"535f1b97-7a70-4d18-be4e-3a9f74ccf78a","name":"MirageFox","type":"malware","source":"MITRE","software_attack_id":"S0280","tidal_id":"314fd151-efe6-5fa7-ab44-3aacfd9302e6","created":"2018-10-17T00:14:20.652000Z","modified":"2022-07-22T18:52:32.764000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[APT15 Intezer June 2018](https://app.tidalcyber.com/references/0110500c-bf67-43a5-97cb-16eb6c01040b)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3b0b100d-bab9-4fb0-87be-8f2e6edb5269","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"cf0c5d36-38c6-4604-b7e3-c96f7fd32906","name":"Mirai","type":"malware","source":"Tidal Cyber","software_attack_id":"S3735","tidal_id":"e2c654c8-6196-53d0-b9d5-d5ec6e9ecb91","created":"2025-12-10T14:15:03.913533Z","modified":"2025-12-10T14:15:03.913536Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"48abc4ee-60ae-4164-aab9-5984a3350eb0","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"33493f53-6a76-40b6-8142-fe966c1acd7f","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"234c45ad-f9dd-454d-8aa7-966b33ae26ac","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5c022c10-3532-46df-981e-b002c40b2f89","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4048afa2-79c8-4d38-8219-2207adddd884","name":"Misdat","type":"malware","source":"MITRE","software_attack_id":"S0083","tidal_id":"0e81dbd0-b09b-510f-87f6-225c5e309a13","created":"2017-05-31T21:32:55.126000Z","modified":"2022-09-30T21:01:41.137000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"758e5226-6015-5cc7-af4b-20fa35c9bac1","name":"Mispadu","type":"malware","source":"MITRE","software_attack_id":"S1122","tidal_id":"31421adf-fa7e-5f99-9248-14bd4e52948d","created":"2024-04-25T13:28:18.557892Z","modified":"2024-04-25T13:28:18.557895Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SCILabs Malteiro 2021](https://app.tidalcyber.com/references/c6948dfc-b133-556b-a8ac-b3a4dba09c0e)]</sup>","group_attack_id":"G1026","group_id":"803f8018-6e45-5b0f-978f-1fe96b217120","name":"Malteiro","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7d075221-9470-4063-b7de-41c1896b9e2b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"fe554d2e-f974-41d6-8e7a-701bd758355d","name":"Mis-Type","type":"malware","source":"MITRE","software_attack_id":"S0084","tidal_id":"5cfb8072-5131-51c3-a5ff-abed1417b7f2","created":"2017-05-31T21:32:55.565000Z","modified":"2022-09-30T20:04:42.419000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f603ea32-91c3-4b62-a60f-57670433b080","name":"Mivast","type":"malware","source":"MITRE","software_attack_id":"S0080","tidal_id":"62bbfd6a-2eb5-5c22-adb3-abf392990008","created":"2017-05-31T21:32:54.044000Z","modified":"2022-07-20T20:09:46.802000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Black Vine](https://app.tidalcyber.com/references/0b7745ce-04c0-41d9-a440-df9084a45d09)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"21adf67d-2c0c-4c6d-a0dc-b7ca7c159513","name":"mkdir","type":"tool","source":"Trellix TIG","software_attack_id":"S3416","tidal_id":"2aac8456-1015-5bc1-9994-8eb2242b8844","created":"2025-04-11T15:06:44.042131Z","modified":"2025-04-11T15:06:44.042135Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"7bded42d-ad82-4b00-88c7-c1129c11894d","name":"MKG","type":"malware","source":"Tidal Cyber","software_attack_id":"S3160","tidal_id":"fb51e6b5-06bc-55ed-bd74-8839eeeb3a52","created":"2024-09-04T12:51:12.488452Z","modified":"2024-09-04T12:51:12.488455Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ff203467-3552-429e-a7f3-50a7fc9d5424","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"60a05fc4-3ae7-4793-87f1-2e3705d1c932","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a8a65789-3e91-4941-b2d6-15baf3e11bd7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8c7acae2-f844-4e01-86d8-18c3ea90963f","name":"Mmc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3244","tidal_id":"1904ef1b-9fb7-5fb7-b9e6-601678691c6f","created":"2024-01-12T14:47:57.861350Z","modified":"2024-01-12T14:47:57.861353Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9e2cab0f-efe8-4d8e-b293-e54ce4fb5db3","name":"Mmc.exe","description":"<sup>[[Mmc.exe - LOLBAS Project](/references/490b6769-e386-4a3d-972e-5a919cb2f6f5)]</sup>","source":"Tidal Cyber","associated_software_id":"08c13774-647c-472d-8e6e-d1fb2f21e67d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"df9dcd1d-ce67-4116-a7f8-637c1379328e","name":"Microsoft Management Console","description":"<sup>[[The DFIR Report November 17 2025](/references/0b46ec32-fa74-4d0a-8816-0dab60e575cb)]</sup>","source":"USER","associated_software_id":"ef41944a-5dd0-4d7e-a540-79a0ef69a8c9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"4e2a90c4-960b-43c9-8999-6179bf3135ee","name":"virtmgmt.msc","description":"<sup>[[The DFIR Report November 17 2025](/references/0b46ec32-fa74-4d0a-8816-0dab60e575cb)]</sup>","source":"USER","associated_software_id":"116f22f4-2881-4680-9b59-29bf695ca2c2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"1e192c5b-3224-4ddf-8881-51812fa9f7b4","name":"lusrmgr.msc","description":"<sup>[[The DFIR Report November 17 2025](/references/0b46ec32-fa74-4d0a-8816-0dab60e575cb)]</sup>","source":"USER","associated_software_id":"51fc2792-c458-426d-afec-5cb63189fcda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"5191550b-e20c-4917-8742-032cf51ba894","name":"dsa.msc","description":"<sup>[[The DFIR Report November 17 2025](/references/0b46ec32-fa74-4d0a-8816-0dab60e575cb)]</sup>","source":"USER","associated_software_id":"5b14ee6c-5807-48e8-a685-fdc2e4b073c0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6c91ec46-fa68-4073-92e9-6bb987152962","tag":"f9e6382f-e41e-438e-bd7e-57a57046d9e6"},{"id":"baa7e135-cf1a-4ec8-990e-aad1caf97a70","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e8f5a473-b458-4ca7-b05f-5b4139cf4ba5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"95a01561-baac-46ce-b489-80603b8aec5b","name":"MobaXterm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3634","tidal_id":"6a53473f-1339-53fb-bbdc-7b8df1b67690","created":"2025-11-19T17:45:39.525420Z","modified":"2025-11-19T17:45:39.525423Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2043ba2e-89f1-477f-8f6f-cb66d3f503e7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"dd26fc37-e69d-4b73-be58-6b5c86333821","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"116f913c-0d5e-43d1-ba0d-3a12127af8f6","name":"MobileOrder","type":"malware","source":"MITRE","software_attack_id":"S0079","tidal_id":"219b00d2-a480-5f92-a0f5-33b402eb5182","created":"2017-05-31T21:32:53.681000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]</sup>","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"33b8051f-aeaa-4573-bc59-b48f30f8eaf8","name":"ModeloRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3981","tidal_id":"e8266f1d-21a7-5860-bd10-5a4d76b8beac","created":"2026-01-23T20:31:11.678521Z","modified":"2026-01-23T20:31:11.678524Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","group_attack_id":"G3213","group_id":"a0202bc8-abe6-42c1-ac84-1dc27b9e322f","name":"KongTuke","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7df0eea7-b036-4503-80f5-968f032d826b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"baa94d4f-0572-4526-af6e-b70eba88d7b6","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"add380ad-1ac0-4279-9582-765e5c3fcf20","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"b7c65f85-7f83-4a00-9ab8-b07178d0ae62","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"c764bbfe-aa37-48f8-b60e-de0c057f19bf","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"8f1dbba4-9b32-41fe-aeba-74ebdf691ef5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"080a98a3-d9e1-44c1-a969-dca25d323394","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"daf17d6e-63a3-4c89-8147-df328465caff","name":"ModuleInstaller","type":"malware","source":"Tidal Cyber","software_attack_id":"S3952","tidal_id":"275eaa9d-0ed7-5876-a17d-923210ef86d8","created":"2026-01-23T20:31:07.337401Z","modified":"2026-01-23T20:31:07.337405Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[www.trellix.com October 22 2025](/references/a14fa007-b9de-4bc5-9431-d416bdc7b24d)]</sup>","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2ec2c5bc-a96d-485a-8d40-d9d271f06b00","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"83b50ba9-b7ea-408a-8997-6ab4f6b63c5e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"430270db-991c-4c23-990b-8d0c45f242ae","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"b53051d7-b09f-4d93-9052-da45882173ff","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f062dd23-0ab6-4fb8-a7e1-026beb4e8ecb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7ca5debb-f813-4e06-98f8-d1186552e5d2","name":"MoleNet","type":"malware","source":"MITRE","software_attack_id":"S0553","tidal_id":"561b5782-e54c-5dc0-bf26-c68b2774ab0a","created":"2020-12-28T22:09:15.461000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)]</sup> ","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"90bc946d-90ec-49ec-919f-1474128ee171","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9bffdaff-a9dc-59fa-9899-9d987fa190dd","name":"Moneybird","type":"malware","source":"MITRE","software_attack_id":"S1137","tidal_id":"9bffdaff-a9dc-59fa-9899-9d987fa190dd","created":"2024-10-31T16:28:03.454072Z","modified":"2024-10-31T16:28:03.454076Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Moneybird](https://app.tidalcyber.com/software/9bffdaff-a9dc-59fa-9899-9d987fa190dd) is associated with ransomware operations launched by [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a).<sup>[[CheckPoint Agrius 2023](https://app.tidalcyber.com/references/b3034b5d-1fe5-5677-a2e8-9329141875d4)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3229b171-77d4-48ff-88ba-6ea0a42ac328","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"7f5355b3-e819-4c82-a0fa-b80fda8fd6e6","name":"Mongall","type":"malware","source":"MITRE","software_attack_id":"S1026","tidal_id":"3705b3a8-a414-505a-83f4-1324c3aaeb37","created":"2022-07-25T17:00:15.045000Z","modified":"2022-10-21T18:41:08.032000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelOne Aoqin Dragon June 2022](https://app.tidalcyber.com/references/b4e792e0-b1fa-4639-98b1-233aaec53594)]</sup>","group_attack_id":"G1007","group_id":"454402a3-0503-45bf-b2e0-177fa2e2d412","name":"Aoqin Dragon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0eaaaf3b-5a01-4c51-a4bf-b921d9267ee8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f9093a2c-0574-57ac-94f3-0b03d5c954ad","name":"Monokle","type":"malware","source":"Mobile","software_attack_id":"S0407","tidal_id":"f9093a2c-0574-57ac-94f3-0b03d5c954ad","created":"2026-01-28T13:08:09.938336Z","modified":"2026-01-28T13:08:09.938337Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"7d7905f9-22cf-4b30-bb8f-5b5da52d1036","name":"Monti Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3170","tidal_id":"b9475183-8ee2-5804-87af-3918b2ab1563","created":"2024-09-13T19:21:23.499057Z","modified":"2024-09-13T19:21:23.499060Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c476b8fe-e05c-4c64-8ce8-75c1baff2f19","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"13a8ed39-3497-4d09-a661-6d7a291bc03b","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"0ae9b4aa-93f4-4124-9275-bdfbc11b6dd1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"695f13fc-c10f-4fd1-994e-9fe20af6a17e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a699f32f-6596-4060-8fcd-42587a844b80","name":"MoonWind","type":"malware","source":"MITRE","software_attack_id":"S0149","tidal_id":"8d1dc8d0-32cb-5e6d-855f-85538aafed08","created":"2017-05-31T21:33:27.016000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a556e5cb-2381-4346-a002-8b0ba07d34fa","name":"MOPSLED","type":"malware","source":"Trellix TIG","software_attack_id":"S3445","tidal_id":"afb7e00c-474f-5ccf-a1f8-9012f2a14a0c","created":"2025-04-11T15:06:49.707822Z","modified":"2025-04-11T15:06:49.707825Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"237ccf95-e9db-4c40-bff0-87bf0d3b92c9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"f41ae6c1-4a83-5eb8-9800-b343cac4572d","name":"MOPSLED","type":"malware","source":"MITRE","software_attack_id":"S1221","tidal_id":"f41ae6c1-4a83-5eb8-9800-b343cac4572d","created":"2025-10-29T21:08:48.110746Z","modified":"2025-10-29T21:08:48.110747Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Mandiant UNC3886 2024](https://app.tidalcyber.com/references/77b32efe-b936-5541-b0fb-aa442a7d11b7)]</sup>","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Google Cloud Mandiant UNC3886 2024](https://app.tidalcyber.com/references/77b32efe-b936-5541-b0fb-aa442a7d11b7)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7078295c-a642-4ec3-88c8-fb18e07b682d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"69f202e7-4bc9-4f4f-943f-330c053ae977","name":"More_eggs","type":"malware","source":"MITRE","software_attack_id":"S0284","tidal_id":"07763048-24c7-5c70-aa54-55b9ddadfbb5","created":"2018-10-17T00:14:20.652000Z","modified":"2021-04-23T19:15:17.339000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4577117f-d47d-4867-bfc0-15f1835d571b","name":"Terra Loader","description":"<sup>[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)]</sup><sup>[[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]</sup>","source":"MITRE","associated_software_id":"8e995f3c-8e8d-4f7e-b91c-9c9d02ae1448","owner_id":null,"owner_name":null},{"id":"04730daa-f110-4c35-8a36-745ea17e000f","name":"SpicyOmelette","description":"<sup>[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)]</sup>","source":"MITRE","associated_software_id":"96f03902-3d1b-49cf-a0df-8add8434f012","owner_id":null,"owner_name":null},{"id":"fae5b21a-80f3-4ba5-a5c6-ff5c047ef62d","name":"SKID","description":"<sup>[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","source":"MITRE","associated_software_id":"d2877108-0856-4969-8eb5-421cd2d7acf8","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Talos Cobalt Group July 2018](https://app.tidalcyber.com/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)]</sup><sup>[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Security Intelligence More Eggs Aug 2019](https://app.tidalcyber.com/references/f0a0286f-adb9-4a6e-85b5-5b0f45e6fbf3)]</sup><sup>[[Visa FIN6 Feb 2019](https://app.tidalcyber.com/references/9e9e8811-1d8e-4400-8688-e634f859c4e0)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET EvilNum July 2020](https://app.tidalcyber.com/references/6851b3f9-0239-40fc-ba44-34a775e9bd4e)]</sup>","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3a373269-0e16-41ea-b566-2cbfa3fa6d1b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"385e1eaf-9ba8-4381-981a-3c7af718a77d","name":"Mori","type":"malware","source":"MITRE","software_attack_id":"S1047","tidal_id":"f64c5bf4-6e30-5b27-aab8-f85b3812725d","created":"2022-09-30T15:21:05.086000Z","modified":"2022-10-17T14:42:30.109000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9ce0637d-4925-4bfb-b61a-07cd4de5ca55","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c3939dad-d728-4ddb-804e-cf1e3743a55d","name":"Mosquito","type":"malware","source":"MITRE","software_attack_id":"S0256","tidal_id":"4e717308-8894-5874-af35-270c45cbbda3","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Turla Mosquito Jan 2018](https://app.tidalcyber.com/references/cd177c2e-ef22-47be-9926-61e25fd5f33b)]</sup><sup>[[ESET Turla Mosquito May 2018](https://app.tidalcyber.com/references/d683b8a2-7f90-4ae3-b763-c25fd701dbf6)]</sup><sup>[[Secureworks IRON HUNTER Profile](https://app.tidalcyber.com/references/af5cb7da-61e0-49dc-8132-c019ce5ea6d3)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5f9400c8-35e9-4dd2-9369-02e31b5bbdaf","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"06772736-c60f-4526-a8e2-1554a8050831","name":"mount (Unix)","type":"tool","source":"Trellix TIG","software_attack_id":"S3407","tidal_id":"34c7f089-a368-5cce-9637-9895a4e410eb","created":"2025-04-11T15:06:39.717575Z","modified":"2025-04-11T15:06:39.717578Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"ec54a1e4-92d4-4503-a510-a18989f1f8f3","name":"MpCmdRun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3245","tidal_id":"e9d50148-25cb-56b1-a353-41d7ae1e8a5d","created":"2024-01-12T14:47:58.204827Z","modified":"2024-01-12T14:47:58.204832Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed767e80-c2bc-4e9a-8977-c918db11259f","name":"MpCmdRun.exe","description":"<sup>[[MpCmdRun.exe - LOLBAS Project](/references/2082d5ca-474f-4130-b275-c1ac5e30064c)]</sup>","source":"Tidal Cyber","associated_software_id":"78bdf160-7b3c-4832-a3fc-1caa419309c7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"11ab5df5-39c8-4f6d-b98d-fbde2044e0fd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d7191684-e206-49d4-8e91-46013a93a29b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ddf460ab-d7dd-4c71-a669-860148a429e2","name":"Mpiexec","type":"tool","source":"Tidal Cyber","software_attack_id":"S3867","tidal_id":"b84ee87d-ba97-5a90-a753-e099133386fe","created":"2026-01-06T18:05:05.221537Z","modified":"2026-01-06T18:05:05.221540Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b4ee9de4-04e9-4061-bb66-271b60077395","name":"Mpiexec.exe","description":"<sup>[[Mpiexec.exe - LOLBAS Project](/references/4fdead67-7684-40d3-9395-c9a89e9ea2c7)]</sup>","source":"USER","associated_software_id":"564fcdb7-42fa-4707-acb5-960b4bff68a5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4b284192-48b2-4efc-afa2-a12bf263f635","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"730cb8cb-3663-424b-b335-ea93533e8106","name":"mrAgent","type":"malware","source":"Trellix TIG","software_attack_id":"S3467","tidal_id":"63d33965-4eda-5dd9-a245-454536930444","created":"2025-04-11T15:06:53.576574Z","modified":"2025-04-11T15:06:53.576577Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f6304e51-130f-4cb5-8dc0-d4c270b8f54f","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"c3b1f336-b77b-4bfb-b1d6-de4a9016e621","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"5808cc2e-fefc-422e-9b1b-8226b398bb76","name":"MSAccess","type":"tool","source":"Tidal Cyber","software_attack_id":"S3481","tidal_id":"66e29556-8396-5e79-b175-3a15b3eebadb","created":"2025-05-20T16:19:09.352191Z","modified":"2025-05-20T16:19:09.352195Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aba0cd63-6d69-4b6f-ab62-45878b9c10f0","name":"MSAccess.exe","description":"<sup>[[MSAccess.exe - LOLBAS Project](/references/2796b750-4801-4a36-b67a-00cde283fb7c)]</sup>","source":"Tidal Cyber","associated_software_id":"03430a9e-830f-444e-b884-8062b90c7e1a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"49eab26b-bcb3-403d-a848-bc3ae350aae7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"17a86f52-86b7-411e-b8c8-3f402b1adb70","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1f500e4c-25a1-4570-a3ba-5c9cd463afde","name":"Msbuild","type":"tool","source":"Tidal Cyber","software_attack_id":"S3246","tidal_id":"1caf5a8a-e73f-5f24-8ee3-bca0b6965001","created":"2024-01-12T14:47:58.574151Z","modified":"2024-01-12T14:47:58.574155Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"43ae4958-8850-4fef-8f6a-b7a22355953a","name":"Msbuild.exe","description":"<sup>[[LOLBAS Msbuild](/references/de8e0741-255b-4c41-ba50-248ac5acc325)]</sup>","source":"Tidal Cyber","associated_software_id":"7e97093f-629d-4de9-8c28-3adc429e3abb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Securonix January 05 2026](/references/314a9db4-8a16-4732-aa23-b24b38897943)]</sup>","group_attack_id":"G3197","group_id":"a28a00b1-dbee-448c-9f91-690dcca00de8","name":"PHALT#BLYX Threat Actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"335ffbb3-8dac-4e03-9f36-31c47b90cf20","tag":"dfda978e-e0a0-4e1a-85c7-d9ab2cd7ccc5"},{"id":"f617c1ab-dea8-4b7d-994a-ecee76b983c3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d4bd60e4-3d0a-479b-87c4-d9137de18f6d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"716c8cc2-9150-41ed-89c6-4e0c986c6873","name":"MSC EvilTwin loader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3714","tidal_id":"ae21d93a-a604-5d4f-bd05-b2ae856229b7","created":"2025-12-10T14:14:58.618499Z","modified":"2025-12-10T14:14:58.618503Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","group_attack_id":"G3157","group_id":"271cfdb6-e918-4a86-9289-c6a4d6b99ce4","name":"Water Gamayun","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"da02d4d5-9e0e-4b12-a18a-44984fc45a86","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d484da7e-9f0a-410d-b280-3e7b03958b44","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"90c6cc43-d9dd-436c-b7ee-ede979765bdf","name":"Msconfig","type":"tool","source":"Tidal Cyber","software_attack_id":"S3247","tidal_id":"b5826798-b2c5-5729-ab1f-69e28fa1ddf0","created":"2024-01-12T14:47:58.922834Z","modified":"2024-01-12T14:47:58.922838Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1673ec41-a2e1-46eb-8c02-d71278ae5a48","name":"Msconfig.exe","description":"<sup>[[Msconfig.exe - LOLBAS Project](/references/a073d2fc-d20d-4a52-944e-85ff89f04978)]</sup>","source":"Tidal Cyber","associated_software_id":"98ecedd7-7044-41c6-b9df-5b8c88b41713","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"15db0845-5e60-4cf5-8a79-b244942ef7df","tag":"7e20fe4e-6883-457d-81f9-b4010e739f89"},{"id":"17051748-cc16-49b7-b3b7-a427de00c930","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"316c19d4-4e74-44fd-85ae-bc196ad1691d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"175b32ed-bea6-491c-8aac-d088f642a6e1","name":"Msdeploy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3347","tidal_id":"48f7f103-4e9b-506f-9fe6-3cfdd34fa104","created":"2024-01-12T14:48:35.383394Z","modified":"2024-01-12T14:48:35.383398Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b2d9ba67-d1e9-476a-9181-59102704fc7d","name":"Msdeploy.exe","description":"<sup>[[Msdeploy.exe - LOLBAS Project](/references/e563af9a-5e49-4612-a52b-31f22f76193c)]</sup>","source":"Tidal Cyber","associated_software_id":"69a34cf5-5e76-48b5-b1c0-9ab895dbd9f9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"32c2552b-67f9-465a-90c3-f6602c01f847","tag":"11452158-b8d2-4a33-952a-8896f961a2f5"},{"id":"dbedd674-c6d9-46a3-aa05-b86c89e353c0","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1ef31ee5-144e-465d-94fd-f261b74a4def","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"bc39280c-da92-4e78-ab37-7c54ff72a1ba","name":"Msdt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3248","tidal_id":"a25d16e5-aacc-5994-903b-cdb33812c946","created":"2024-01-12T14:47:59.270133Z","modified":"2024-01-12T14:47:59.270137Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2cbee2c8-3dbd-44ed-8617-a53eeca4740a","name":"Msdt.exe","description":"<sup>[[Msdt.exe - LOLBAS Project](/references/3eb1750c-a2f2-4d68-b060-ceb32f44f5fe)]</sup>","source":"Tidal Cyber","associated_software_id":"19e717f8-ecab-48e6-83c0-90d8d20e875d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e49f1921-8378-4273-a7e5-b1bfa183fae3","tag":"8c30b46b-3651-4ccd-9d91-34fe89bc6843"},{"id":"0f3d2349-0b48-4200-9b1c-6707a962fd38","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ff226ba9-c725-4406-87bb-ab7a37abbb80","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d64d75ba-1722-4a39-ab7f-d46c5d5815ec","name":"Msedge","type":"tool","source":"Tidal Cyber","software_attack_id":"S3249","tidal_id":"f97d604e-1b1c-5ecd-a8ea-bbe96e334d0b","created":"2024-01-12T14:47:59.615830Z","modified":"2024-01-12T14:47:59.615834Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e037462c-009d-4cba-a110-3a62b43f6129","name":"Microsoft Edge","description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","source":"USER","associated_software_id":"5a7c0fd8-a9bd-4127-8034-4f1f54daf607","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"a9eff8ce-1b3a-4987-bcee-55ce2d140332","name":"Msedge.exe","description":"<sup>[[Msedge.exe - LOLBAS Project](/references/6169c12e-9753-4e48-8213-aff95b0f6a95)]</sup>","source":"Tidal Cyber","associated_software_id":"79b9559f-79c5-4e40-85a9-6238400bb523","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fe2164c0-f282-4518-840c-72cdbb91fc33","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"3255070b-7924-46f3-b478-bc970714a6fa","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"4e018e19-7697-46f4-b439-cdcea4632d7b","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a9ead87e-9d68-497d-a6ee-b3fdb0a3a822","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"46119118-94c0-4d89-a95a-9008e7f8c643","tag":"5bd3af6b-cb96-4d96-9576-26521dd76513"},{"id":"c14b38c8-9e48-4d57-bc2a-a1321e8c5473","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8d1f7043-7a5e-4361-bdf8-c1e3486a9f93","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e098413e-1d54-4d1f-bf63-1443b57bcc2f","name":"msedge_proxy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3303","tidal_id":"e0cc9648-e6be-5086-9966-ec32ee133638","created":"2024-01-12T14:48:18.737474Z","modified":"2024-01-12T14:48:18.737478Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8c5556da-165d-459a-ac74-e29656433aba","name":"msedge_proxy.exe","description":"<sup>[[msedge_proxy.exe - LOLBAS Project](/references/a6fd4727-e22f-4157-9a5f-1217cb876b32)]</sup>","source":"Tidal Cyber","associated_software_id":"51e2b302-2fa7-42c4-a559-6a77d987d48b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c61fb577-b437-484a-aa1c-511a0a793df8","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f779f308-db3d-4e5e-8674-7ed1d8edf903","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ac6d4ab8-f34c-4b00-a943-cc2749b28a05","name":"msedgewebview2","type":"tool","source":"Tidal Cyber","software_attack_id":"S3304","tidal_id":"5294af32-b5f0-58ed-b662-470283a132b2","created":"2024-01-12T14:48:19.090475Z","modified":"2024-01-12T14:48:19.090480Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8f151647-4a07-4e05-bb26-aee282b58d2e","name":"msedgewebview2.exe","description":"<sup>[[msedgewebview2.exe - LOLBAS Project](/references/8125ece7-10d1-4e79-8ea1-724fe46a3c97)]</sup>","source":"Tidal Cyber","associated_software_id":"0a528d20-d553-4d8d-a63c-14a0bcbd442f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a5cf2377-d763-45a6-80a9-187c6484b865","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"894b04ce-a52f-41df-8148-ea2486b681ee","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f552a5a4-49dd-4ba6-9916-e631df4d4457","name":"Mshta","type":"tool","source":"Tidal Cyber","software_attack_id":"S3250","tidal_id":"a554bb88-d2e8-5da1-9000-b665727a155c","created":"2024-01-12T14:47:59.962691Z","modified":"2024-01-12T14:47:59.962695Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"469c9511-dc04-477d-a05b-538bb8767e7d","name":"Mshta.exe","description":"<sup>[[LOLBAS Mshta](/references/915a4aef-800e-4c68-ad39-df67c3dbaf75)]</sup>","source":"Tidal Cyber","associated_software_id":"061ab2c8-f37a-4a57-95b4-9cc05d00f7e2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","group_attack_id":"G3157","group_id":"271cfdb6-e918-4a86-9289-c6a4d6b99ce4","name":"Water Gamayun","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[MalwareBytes SideCopy Dec 2021](/references/466569a7-1ef8-4824-bd9c-d25301184ea4)]</sup>","group_attack_id":"G1008","group_id":"31bc763e-623f-4870-9780-86e43d732594","name":"SideCopy","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[EST Kimsuky April 2019](/references/8e52db6b-5ac3-448a-93f6-96a21787a346)]</sup><sup>[[CISA AA20-301A Kimsuky](/references/685aa213-7902-46fb-b90a-64be5c851f73)]</sup><sup>[[Crowdstrike GTR2020 Mar 2020](/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup><sup>[[KISA Operation Muzabi](/references/8742ac96-a316-4264-9d3d-265784483f1a)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybereason Oceanlotus May 2017](/references/1ef3025b-d4a9-49aa-b744-2dbea10a0abf)]</sup><sup>[[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye MuddyWater Mar 2018](/references/82cddfa6-9463-49bb-8bdc-0c7d6b0e1472)]</sup><sup>[[Securelist MuddyWater Oct 2018](/references/d968546b-5b00-4a7b-9bff-57dfedd0125f)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Symantec Shuckworm January 2022](/references/3abb9cfb-8927-4447-b904-6ed071787bef)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye FIN7 April 2017](/references/6ee27fdb-1753-4fdf-af72-3295b072ff10)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rewterz Sidewinder APT April 2020](/references/e1cecdab-d6d1-47c6-a942-3f3329e5d98d)]</sup><sup>[[Rewterz Sidewinder COVID-19 June 2020](/references/cdd779f1-30c2-40be-a500-332920f0e21c)]</sup>","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Secureworks BRONZE PRESIDENT December 2019](/references/019889e0-a2ce-476f-9a31-2fc394de2821)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Confucius APT Feb 2018](/references/d1d5a708-75cb-4d41-b2a3-d035a14ac956)]</sup>","group_attack_id":"G0142","group_id":"d0f29889-7a9c-44d8-abdc-480b371f7b2b","name":"Confucius","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET T3 Threat Report 2021](/references/34a23b22-2d39-47cc-a1e9-47f7f490dcbd)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 TA551 Jan 2021](/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Lazarus APT January 2022](/references/fbd96014-16c3-4ad6-bb3f-f92d15efce13)]</sup><sup>[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c82dfa58-1eda-456e-bd8b-7258eec45016","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"da51c334-4b65-4d85-8b80-9e23741708b8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"a634648f-9584-4f65-8d33-840684b523b7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"11e68053-be02-4495-9e0e-81354a7a3d7f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"355f5575-4ee2-4fc2-9d2e-8ea855d4a405","tag":"fe0e2dd3-962e-41a3-9850-cea146b1301f"},{"id":"bc33e19b-15ff-4b26-a5e5-4dc9743cd77f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c7bb8025-3d4a-4827-aedd-b984ff339a8c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f94674b9-f924-4452-8516-49657ed40032","name":"Mshtml","type":"tool","source":"Tidal Cyber","software_attack_id":"S3313","tidal_id":"83bc569e-2470-5f80-9b3f-f3b0288e49ad","created":"2024-01-12T14:48:22.488362Z","modified":"2024-01-12T14:48:22.488366Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7e9c81fc-f32f-4619-8f83-03200a7d98d3","name":"Mshtml.dll","description":"<sup>[[Mshtml.dll - LOLBAS Project](/references/1a135e0b-5a79-4a4c-bc70-fd8f3f84e1f0)]</sup>","source":"Tidal Cyber","associated_software_id":"1a75f478-ea4b-4beb-a2d0-7b51e7368cb6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"62b3c01e-a1a3-42b1-9c26-ca1fbc4c36d4","tag":"46338353-52ee-4f8d-9f18-f1b32644dd76"},{"id":"33aa6ab6-eed8-4517-a0fc-c9bea506bc94","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"66504062-3e66-44a3-a3f4-89b7351d90e4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9d00d3c4-9a01-403a-9275-c94960fd871f","name":"Msiexec","type":"tool","source":"Tidal Cyber","software_attack_id":"S3251","tidal_id":"56566d9b-c6a9-5ea5-acc2-9f6815f6c0ec","created":"2024-01-12T14:48:00.649165Z","modified":"2024-01-12T14:48:00.649169Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6ce4d3a9-99fc-4c45-8e0e-cf6ac1e8ffdb","name":"Msiexec.exe","description":"<sup>[[LOLBAS Msiexec](/references/996cc7ea-0729-4c51-b9c3-b201ec32e984)]</sup>","source":"Tidal Cyber","associated_software_id":"925dfacc-a078-4d5e-bddb-fd5e4e204b71","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ReliaQuest December 09 2025](/references/d01a6573-49f4-415b-a778-778d08255afd)]</sup>","group_attack_id":"G3175","group_id":"2a834c03-7339-481f-8fcb-787e13f990c6","name":"Storm-0249","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[360 Machete Sep 2020](/references/682c843d-1bb8-4f30-9d2e-35e8d41b1976)]</sup>","group_attack_id":"G0095","group_id":"a3be79a2-3d4f-4697-a8a1-83f0884220af","name":"Machete","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Zscaler APT31 Covid-19 October 2020](/references/1647c9a6-e475-4a9a-a202-0133dbeef9a0)]</sup>","group_attack_id":"G0128","group_id":"5e34409e-2f55-4384-b519-80747d02394c","name":"ZIRCONIUM","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybereason TA505 April 2019](/references/076f2b95-97d2-4d50-bb9b-6199c161e5c6)]</sup><sup>[[Deep Instinct TA505 Apr 2019](/references/529524c0-123b-459c-bc6f-62aa45c228d1)]</sup><sup>[[Trend Micro TA505 June 2019](/references/e664a0c7-154f-449e-904d-335be1b72b29)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit42 Molerat Mar 2020](/references/328f1c87-c9dc-42d8-bb33-a17ad4d7f57e)]</sup>","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rancor Unit42 June 2018](/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]</sup>","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9a8434a7-e7b5-4c86-b5c7-f1e74a391632","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"84d6122c-5822-47ef-8d01-a9a58a865c75","tag":"fc2bbc6f-da5c-4afd-ae27-2fadf77c3bc4"},{"id":"042fb18d-21db-4f4f-ab76-70c368b7e7a8","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"769a0d45-a1d2-45b4-9e04-67414b977a9e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"82962766-9092-442c-b08a-0e37ea26cb00","name":"msimg32.dll","type":"tool","source":"Tidal Cyber","software_attack_id":"S3612","tidal_id":"c23049b5-48f6-51fc-bee2-fcd91db2da46","created":"2025-10-24T16:13:49.167670Z","modified":"2025-10-24T16:13:49.167674Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","group_attack_id":"G3170","group_id":"dddd119f-edac-4077-958b-6a775dd4a147","name":"Shanya Packer Operator","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9d3e1679-1842-4707-b629-1720c0cd949e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"6db5cc5b-6978-4ba9-a0e1-7a8c1c5bf70e","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"f393ffec-accf-4efa-ad47-cc9accb48a25","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6cfb48fb-38d1-4f55-b122-d79034122985","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d316ab94-0420-4356-a3bb-f92f42a4247c","name":"MsoHtmEd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3348","tidal_id":"4007072d-fbac-54b4-a24e-955eb0004326","created":"2024-01-12T14:48:35.738227Z","modified":"2024-01-12T14:48:35.738231Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"20fc41e3-9d53-441a-b245-95445f534531","name":"MsoHtmEd.exe","description":"<sup>[[MsoHtmEd.exe - LOLBAS Project](/references/c39fdefa-4c54-48a9-8357-ffe4dca2a2f4)]</sup>","source":"Tidal Cyber","associated_software_id":"fc985102-ca75-491e-8eac-ba8ce06670e2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8c82e7f8-5935-480d-92e0-7602a2639be0","tag":"874c053b-d6b8-42c2-accc-cd256bb4d350"},{"id":"dee35149-b868-444d-96ff-f99c007f1faa","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"18555fae-37a0-4fc8-b340-2e4e7502a711","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"de02c865-45eb-42b5-b202-fb12cbd4f36b","name":"mspaint.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3622","tidal_id":"40395548-15a6-587f-87b3-ecb7c844d728","created":"2025-11-11T13:26:34.148531Z","modified":"2025-11-11T13:26:34.148535Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"842cf9c1-6fe4-4424-853a-41229f1f5635","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"78148058-ad51-40cc-b269-cd9166378e44","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6b74b076-ecd9-41f0-8fd7-05544a3e6467","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c07f48ee-4667-4dd3-aa8e-cb6d588c547c","name":"Mspub","type":"tool","source":"Tidal Cyber","software_attack_id":"S3349","tidal_id":"1da472f3-c5aa-5f45-95f2-a0500b67453e","created":"2024-01-12T14:48:36.081605Z","modified":"2024-01-12T14:48:36.081610Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4f6e6932-0d33-48b1-a3e1-d84e3c5fd279","name":"Mspub.exe","description":"<sup>[[Mspub.exe - LOLBAS Project](/references/41eff63a-fef0-4b4b-86f7-0908150fcfcf)]</sup>","source":"Tidal Cyber","associated_software_id":"b36cdee2-05cb-44fb-853d-299e0a90165e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"562b5d48-0db2-4f94-a972-6006127e5a94","tag":"a523dcb0-9181-4170-a113-126df84594ca"},{"id":"3db1d2ab-8af6-4444-a20d-e0ecccd8a108","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"41149230-f06d-49b3-b64e-075f79c6ead5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7e56e655-a2b0-4710-99ac-f63343a3ce1f","name":"mstsc.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3587","tidal_id":"5f0dc12e-d5fb-5997-8b8b-488b92c7bb20","created":"2025-10-13T17:29:24.424839Z","modified":"2025-10-13T17:29:24.424842Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog October 06 2025](/references/242bd97d-dad0-49af-9ed6-f150542b8ded)]</sup>","group_attack_id":"G3139","group_id":"0aa009a3-4c8d-44d9-aa5f-6f68eb7d846c","name":"Storm-1175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6bb6f7aa-12e0-417c-b4db-2f6b386e906a","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"8e522187-42ea-49c8-bd7a-9c69e1ba5b70","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9b519562-135c-45d7-868b-087ca594302b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1e8d9595-b62f-4caf-91b5-0254096092cc","name":"MSXML2.XMLHTTP","type":"tool","source":"Tidal Cyber","software_attack_id":"S3930","tidal_id":"6460e78b-b29a-5f27-ad9c-2583bbf9f23e","created":"2026-01-14T13:31:37.356018Z","modified":"2026-01-14T13:31:37.356022Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"37088f3d-58ba-405c-97a0-5ef1cf77e543","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"52144ab1-852d-4090-8cca-4e51feb81641","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b6dc1a96-cf29-4243-9b80-3d8e1e3a8cd5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8cccbfed-3f78-45fd-b5d1-efe884d28f09","name":"msxsl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3350","tidal_id":"4adfa5b1-319a-5b65-83ae-bc91f5efeda7","created":"2024-01-12T14:48:36.435182Z","modified":"2024-01-12T14:48:36.435186Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"02d62b59-e68d-4bbc-af64-302507b16897","name":"msxsl.exe","description":"<sup>[[msxsl.exe - LOLBAS Project](/references/4e1ed0a8-60d0-45e2-9592-573b904811f8)]</sup>","source":"Tidal Cyber","associated_software_id":"9ccccfe2-f653-42f7-9e36-3158781f4e2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1916de45-3e4f-4ff8-b8aa-b65c42d462c1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"749c06ac-964f-42a8-b259-7559fe25570d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ff8ad5d3-0eba-45f6-b1a2-b2c5efe9f4a9","name":"MuddyViper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3728","tidal_id":"c0eed952-b67c-5c50-9145-f96441a64105","created":"2025-12-10T14:15:02.491109Z","modified":"2025-12-10T14:15:02.491115Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9395c744-22f0-4f4b-8e8a-db9f1a7ee691","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bad32ec3-449b-4ab5-8fdb-45f610f30c37","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"bb69e871-3710-4f56-b290-c16444a9c7a5","name":"Mullvad VPN","type":"tool","source":"Tidal Cyber","software_attack_id":"S3552","tidal_id":"33bdeffc-4bff-505a-ba1d-78b8dc38d48a","created":"2025-09-19T19:48:16.391582Z","modified":"2025-09-19T19:48:16.391586Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ReliaQuest September 15 2025](/references/8693bfa8-2b15-4697-b519-24833e2e8822)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7b142862-5cef-4fbe-9f21-7dbf6090e67e","tag":"fe28cf32-a15c-44cf-892c-faa0360d6109"},{"id":"e80ab145-e32d-497f-b2bd-26de0c16e8e9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"f42ea9ae-6a2c-4ff0-8ac2-8d23a21be166","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"b2eb7c6f-bbe9-4ef8-942e-cc131907a274","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"34bcd5c2-200f-4338-8c21-27b3475e5e40","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b5f46c32-b316-5d9c-8dc1-a53df5487493","name":"MultiLayer Wiper","type":"malware","source":"MITRE","software_attack_id":"S1135","tidal_id":"b5f46c32-b316-5d9c-8dc1-a53df5487493","created":"2024-10-31T16:28:04.709184Z","modified":"2024-10-31T16:28:04.709188Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[MultiLayer Wiper](https://app.tidalcyber.com/software/b5f46c32-b316-5d9c-8dc1-a53df5487493) is associated with wiping operations linked to [Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a).<sup>[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7c227ed6-1d0c-4750-8afc-540bd795b94f","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"768111f9-0948-474b-82a6-cd5455079513","name":"MURKYTOP","type":"malware","source":"MITRE","software_attack_id":"S0233","tidal_id":"09188f67-8951-54c0-8d3c-7cd4fe200b5b","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup><sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f1398367-a0af-4a89-b240-50cae4985ed9","name":"Mythic","type":"tool","source":"MITRE","software_attack_id":"S0699","tidal_id":"80750479-9891-559f-9953-bf1949b474e2","created":"2022-03-26T01:38:12.966000Z","modified":"2022-04-18T15:41:53.146000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fbf17461-3ac0-40c7-b409-92716f6b0e1b","name":"Mythic C2","description":"<sup>[[Arctic Wolf November 25 2025](/references/24a1832e-ffc5-4504-8e47-32ba0be97b0c)]</sup>","source":"USER","associated_software_id":"a3fb7771-3d32-4103-ab34-40f0aac2158a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Arctic Wolf November 25 2025](/references/24a1832e-ffc5-4504-8e47-32ba0be97b0c)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ef410a8f-40a9-4f09-8738-9fcfdf107922","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"47e2aed7-c0c2-4bba-b5b8-483d33b9b915","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"8e554575-de78-4191-9971-c80614a4891a","name":"N-able","type":"tool","source":"Tidal Cyber","software_attack_id":"S3446","tidal_id":"15b11c83-6591-5c16-88b5-91077c764b1c","created":"2025-03-17T18:33:48.061936Z","modified":"2025-03-17T18:33:48.061939Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e515e9bc-5f68-4004-9732-2b6329a66e6a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"7704e639-4bf7-45b0-9ca5-94d9ed3c6b99","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c4a7c985-617b-4ea2-bf13-7fc5b64308b1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5346edf4-2b51-4c80-81fc-ae8fd6913666","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9ae2eaf2-2b0a-480d-b9e5-03fdbef0cc48","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5cfd6135-c53b-4234-a17e-759494b2101f","name":"Naid","type":"malware","source":"MITRE","software_attack_id":"S0205","tidal_id":"a02762ef-72bc-5f31-aa53-4138878a685a","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8cc2f8ea-7657-446b-ba02-838df0868ced","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0e28dfc9-8948-4c08-b7d8-9e80e19cc464","name":"NanHaiShu","type":"malware","source":"MITRE","software_attack_id":"S0228","tidal_id":"cc26165c-8a79-5f17-9ce0-694c8bebedeb","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint Leviathan Oct 2017](https://app.tidalcyber.com/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)]</sup><sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"db05dbaa-eb3a-4303-b37e-18d67e7e85a1","name":"NanoCore","type":"malware","source":"MITRE","software_attack_id":"S0336","tidal_id":"c5b2405f-dca3-5152-b21a-3416058bf1f6","created":"2019-01-29T20:05:35.952000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]</sup>","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Citizen Lab Group5](https://app.tidalcyber.com/references/ffbec5e8-947a-4363-b7e1-812dfd79935a)]</sup>","group_attack_id":"G0043","group_id":"fcc6d937-8cd6-4f2c-adb8-48caedbde70a","name":"Group5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT33 Webinar Sept 2017](https://app.tidalcyber.com/references/9b378592-5737-403d-8a07-27077f5b2d61)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]</sup>","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d03feade-c243-43ec-a967-ffeff0cb6e92","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"df2fd3bd-b1f1-4cb3-8c91-935f930beb93","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a814fd1d-8c2c-41b3-bb3a-30c4318c74c0","name":"NativeZone","type":"malware","source":"MITRE","software_attack_id":"S0637","tidal_id":"3a370aad-eee2-5207-beb8-ea686df334b5","created":"2021-08-04T19:36:55.518000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SentinelOne NobleBaron June 2021](https://app.tidalcyber.com/references/98cf2bb0-f36c-45af-8d47-bf26aca3bb09)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0d888470-4333-4c39-9465-34e8d3d41889","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"b410d30c-4db6-4239-950e-9b0e0521f0d2","name":"NavRAT","type":"malware","source":"MITRE","software_attack_id":"S0247","tidal_id":"1c958fff-ab88-57e9-b27d-02dca9ade1f4","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Talos NavRAT May 2018](https://app.tidalcyber.com/references/f644ac27-a923-489b-944e-1ba89c609307)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"cada27a4-1bf1-4fce-8963-3c095db67a2b","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"950f13e6-3ae3-411e-a2b2-4ba1afe6cb76","name":"NBTscan","type":"tool","source":"MITRE","software_attack_id":"S0590","tidal_id":"a99a3864-7837-5364-a5b8-5fb55c1c4942","created":"2021-03-17T15:26:20.015000Z","modified":"2021-04-24T20:45:08.323000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [NBTscan](https://app.tidalcyber.com/software/950f13e6-3ae3-411e-a2b2-4ba1afe6cb76) during operations.<sup>[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro Tonto Team October 2020](https://app.tidalcyber.com/references/140e6b01-6b98-4f82-9455-0c84b3856b86)]</sup>","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]</sup>","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]</sup><sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]</sup><sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]</sup><sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)]</sup><sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Agrius](https://app.tidalcyber.com/groups/36c70cf2-c7d5-5926-8155-5d3a63e3e55a) used [NBTscan](https://app.tidalcyber.com/software/950f13e6-3ae3-411e-a2b2-4ba1afe6cb76) to scan victim networks for existing and accessible hosts.<sup>[[Unit42 Agrius 2023](https://app.tidalcyber.com/references/70fb43bd-f8e1-56a5-a0e9-884e85f16b10)]</sup>","group_attack_id":"G1030","group_id":"36c70cf2-c7d5-5926-8155-5d3a63e3e55a","name":"Agrius","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0d61aa4c-a7bf-4b00-866d-d61b2f649a43","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"be819678-c4f0-4cd0-b349-636f14bfc066","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"81c2fc9b-8c2c-40f6-a327-dcdd64b70a7e","name":"nbtstat","type":"tool","source":"MITRE","software_attack_id":"S0102","tidal_id":"403f828d-8a3e-599d-a363-5e19e8ba7a96","created":"2017-05-31T21:33:03.773000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3ae8ec23-6a65-4cab-abe1-c27633f99dc3","name":"Ncat","type":"tool","source":"Tidal Cyber","software_attack_id":"S3547","tidal_id":"6cf26e38-3d04-563c-8f36-a3575ba4f69b","created":"2025-09-15T19:14:00.815591Z","modified":"2025-09-15T19:14:00.815595Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"73bcc160-1559-4b24-a32d-36452c7a9554","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"6ca5a6b9-3877-4241-9f70-84fae0dc9a6f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1aa10f2d-b8cf-456f-9940-e4b16158fde7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6d42e6c5-3056-4ff1-8d5d-a736807ec84c","name":"NDiskMonitor","type":"malware","source":"MITRE","software_attack_id":"S0272","tidal_id":"9d2636c4-0d21-59ad-a2b4-a40c6a9120e0","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"38510bab-aece-4d7b-b621-7594c2c4fe14","name":"Nebulae","type":"malware","source":"MITRE","software_attack_id":"S0630","tidal_id":"f817af74-f79d-5510-a404-2ec9a6216024","created":"2021-06-30T14:44:35.055000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8662e29e-5766-4311-894e-5ca52515ccbe","name":"Neoichor","type":"malware","source":"MITRE","software_attack_id":"S0691","tidal_id":"27925361-ffb5-5a5f-add8-98d353754114","created":"2022-03-22T17:22:38.233000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft NICKEL December 2021](https://app.tidalcyber.com/references/29a46bb3-f514-4554-ad9c-35f9a5ad9870)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3819adac-ac37-423c-826a-2f667f302624","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"33939793-a1d5-5673-8762-313d1cbe0635","name":"Neo-reGeorg","type":"malware","source":"MITRE","software_attack_id":"S1189","tidal_id":"33939793-a1d5-5673-8762-313d1cbe0635","created":"2025-04-22T20:47:00.613865Z","modified":"2025-04-22T20:47:00.613871Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant-Sandworm-Ukraine-2022](https://app.tidalcyber.com/references/7ad64744-2790-54e4-97cd-e412423f6ada)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2e85341b-5e6d-4cd7-87d0-8ac147ed2c64","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"377c6f96-b553-4452-ad31-7b400d83a0b4","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"de8b18c9-ebab-4126-96a9-282fa8829877","name":"Nerex","type":"malware","source":"MITRE","software_attack_id":"S0210","tidal_id":"614f75e2-c6d5-5e6c-b2f7-a2a0cd752bda","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c9b8522f-126d-40ff-b44e-1f46098bd8cc","name":"Net","type":"tool","source":"MITRE","software_attack_id":"S0039","tidal_id":"d43d44a0-e53a-52d3-86e6-c467ae0e8a15","created":"2017-05-31T21:32:31.601000Z","modified":"2021-10-15T20:33:54.392000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ecbd12f7-e968-417d-96a8-4cff78421881","name":"net use","description":"<sup>[[Trend Micro January 12 2026](/references/836489cd-dd2c-4a0d-8783-c055206131e1)]</sup>","source":"USER","associated_software_id":"99bd6b61-e6ee-4b78-9f9a-2dfd035c6cd9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"122c29f6-c5ae-4039-9a1c-9518b7478a08","name":"net.exe","description":"","source":"MITRE","associated_software_id":"ef9df548-c7c2-41fd-96f1-acdb9e8a763c","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)]</sup><sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) has used the [Net](https://app.tidalcyber.com/software/c9b8522f-126d-40ff-b44e-1f46098bd8cc) utility on the Windows operating system.<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup><sup>[[Microsoft Storm-0501 Embargo Ransomware August 2025](https://app.tidalcyber.com/references/a3b3ad77-6119-59da-899a-d9cfa840f18c)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT40 March 2019](https://app.tidalcyber.com/references/8a44368f-3348-4817-aca7-81bfaca5ae6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DFIR Report APT35 ProxyShell March 2022](https://app.tidalcyber.com/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]</sup><sup>[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye Know Your Enemy FIN8 Aug 2016](https://app.tidalcyber.com/references/0119687c-b46b-4b5f-a6d8-affa14258392)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup><sup>[[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CrowdStrike Ryuk January 2019](https://app.tidalcyber.com/references/df471757-2ce0-48a7-922f-a84c57704914)]</sup><sup>[[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)]</sup><sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)]</sup><sup>[[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)]</sup><sup>[[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)]</sup><sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup><sup>[[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]</sup>\n","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]</sup>","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell TG-1314](https://app.tidalcyber.com/references/79fc7568-b6ff-460b-9200-56d7909ed157)]</sup>","group_attack_id":"G0028","group_id":"0f86e871-0c6c-4227-ae28-3f3696d6ae9d","name":"Threat Group-1314","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](https://app.tidalcyber.com/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Alperovitch 2014](https://app.tidalcyber.com/references/72e19be9-35dd-4199-bc07-bd9d0c664df6)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ANY.RUN's Cybersecurity Blog 10 01 2025](/references/87535fb7-8916-494e-94ff-cf28c125f0b4)]</sup>","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Huntress INC Ransomware May 2024](https://app.tidalcyber.com/references/3ebccffe-d56d-594a-9548-740cf88a453b)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro BlackCat April 18 2022](/references/a04d89b1-3334-4d96-8c45-bb88f396e036)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6c87a8ec-9fdd-4d8d-a4d0-b9bc5fae7952","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"f90cdfaa-d7ae-40e4-b0d6-1195f18ed405","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"722f0b84-a29c-42c9-8fe2-714a9a2432d5","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5c64c7ed-97b8-4b0d-894c-41205e35b01c","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"49dbdc21-89b9-4c95-b4fd-770a4e07f4ce","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"3c0f806e-8093-4033-a927-9ad593d311a1","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"e432a1bb-fbb6-47c9-9e63-9e55c033c8f2","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"75c85ac9-547f-4fe2-93ec-5220119aa5ba","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"569d7096-fe81-4c94-9de1-eb14003faf55","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"b627c566-ca35-44c7-89bc-c7b4780f3848","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"a3603f68-8e2d-4578-af53-1087aeb81df5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4b140893-ece9-4013-b418-764b0c0cef53","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"31c5b692-6b84-47e1-a64b-0697f03f7e43","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"0559281a-4393-4ef4-b4fe-b78b2275ca57","tag":"4e7ae33d-e040-4618-bccf-3b5e4aac81ed"},{"id":"2398e9d1-75ec-45cc-aa3f-a52bf9fec727","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cb675c1b-5bbf-4f4c-9cce-c83da64d0dc1","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"67040000-2cca-4a76-ab45-534195d6ade6","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"82d4c242-9a56-421c-80b7-a0690bd2cc9e","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2135dd60-2b57-4e08-99d4-5a8d9bcbea8a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"323f572f-15fa-499e-bd0f-d2d5916b8c81","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"6fad3016-82a0-40a0-93c1-cced4e0dd93f","name":"Netapi64.dll","type":"malware","source":"Tidal Cyber","software_attack_id":"S3627","tidal_id":"dcc786d3-2229-5a3f-9507-4d6469ce6a7a","created":"2025-11-19T17:45:38.506485Z","modified":"2025-11-19T17:45:38.506487Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog November 03 2025](/references/4fc98ad2-fabe-46a7-8546-db22dd737177)]</sup>","group_attack_id":"G3148","group_id":"83996f9f-7f96-479b-9295-6582b13905c2","name":"SesameOp threat actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"562eefb9-c281-4da6-9e32-d21eab821ea2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a11c5f0c-8883-42f3-8e0f-ec148e5c6cad","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5c93098f-ecf5-4e32-847b-b5bb339196c1","name":"netcat","type":"tool","source":"Tidal Cyber","software_attack_id":"S3742","tidal_id":"8ecde593-e087-5875-837e-7d14ab692905","created":"2025-12-17T14:18:48.102992Z","modified":"2025-12-17T14:18:48.102996Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ca5a2566-d509-4e05-889f-7768a3f59f18","name":"nc","description":"<sup>[[Google Cloud Blog March 21 2024](/references/efba67c7-a481-44de-84bd-cf74bc946f6e)]</sup>","source":"USER","associated_software_id":"441e33d9-f99b-466e-af94-07716ef6a3df","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog March 21 2024](/references/efba67c7-a481-44de-84bd-cf74bc946f6e)]</sup>","group_attack_id":"G3078","group_id":"21df749a-1e70-4c11-921c-071a61d9a900","name":"UNC5174","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"31c74242-67e1-48dd-b8f8-2d00f92a14f0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"72ca0190-a993-4fa1-a418-23f3ae8311c3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"947c6212-4da8-48dd-9da9-ce4b077dd759","name":"Net Crawler","type":"malware","source":"MITRE","software_attack_id":"S0056","tidal_id":"67230dd9-6d86-5e6a-ab01-add17d1dd8e7","created":"2017-05-31T21:32:38.851000Z","modified":"2022-07-22T18:37:22.182000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7d0d6a4-b821-4e97-8bab-96d16952e7f2","name":"NetC","description":"","source":"MITRE","associated_software_id":"edb7867e-195e-4a88-9198-f118a64af6b0","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]</sup>","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"852c300d-9313-442d-9b49-9883522c3f4b","name":"NETEAGLE","type":"malware","source":"MITRE","software_attack_id":"S0034","tidal_id":"33a6b4ee-a553-5983-8048-ba3e83ac27bd","created":"2017-05-31T21:32:27.787000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]</sup>","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f7d7886b-c101-42be-96d6-88660ff2f52d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e3c279a9-30bc-4a95-a4a0-bb6a6f31c7c0","name":"NetExec","type":"tool","source":"Tidal Cyber","software_attack_id":"S3635","tidal_id":"14fd7c0c-ef6c-5f90-bfaa-581b9f344f97","created":"2025-11-19T17:45:39.673828Z","modified":"2025-11-19T17:45:39.673831Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"d3f5e372-ca3d-4fb2-aeb9-906db5f5b478","name":"nxc.exe","description":"<sup>[[The DFIR Report November 17 2025](/references/0b46ec32-fa74-4d0a-8816-0dab60e575cb)]</sup>","source":"USER","associated_software_id":"85531067-3107-470a-b0d2-de22caee1646","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4c7e597d-bfa8-48f8-a731-114960828397","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c6911f14-affa-419c-8ce4-57b08abcd849","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"803192b8-747b-4108-ae15-2d7481d39162","name":"netsh","type":"tool","source":"MITRE","software_attack_id":"S0108","tidal_id":"97e621af-4bb4-5083-9329-88cfd658f79f","created":"2017-05-31T21:33:06.083000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"76a58587-87cf-41d3-bb5a-dd3f7dfd8b48","name":"netsh.exe","description":"","source":"MITRE","associated_software_id":"f0875544-e774-4ba7-8ed3-c9828ea69fbd","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)]</sup><sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Ukraine Targeting October 29 2025](/references/08b6d849-2837-4af9-bb8a-e0425e6a02e4)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybereason Cobalt Kitty 2017](https://app.tidalcyber.com/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Novetta Blockbuster Loaders](https://app.tidalcyber.com/references/5d3e2f36-3833-4203-9884-c3ff806da286)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Group-IB Anunak](https://app.tidalcyber.com/references/fd254ecc-a076-4b9f-97f2-acb73c6a1695)]</sup>","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DFIR Report APT35 ProxyShell March 2022](https://app.tidalcyber.com/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Deep Dive Solorigate January 2021](/references/ddd70eef-ab94-45a9-af43-c396c9e3fbc6)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro Play Playbook September 06 2022](/references/2d2b527d-25b0-4b58-9ae6-c87060b64069)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c084e68d-aad3-4769-9f9d-b8f9ebff3ad2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"efe61b2f-1131-4e09-8e17-5537b449c6b4","tag":"064dc489-6b50-4cc1-bb9b-fe722f21aaf1"},{"id":"ed262b10-011b-4e3e-b209-7540bbfded9a","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6dc09af0-bdbf-4699-b034-688a2e3aad62","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"e7f6d71d-2603-4863-aa86-db20481d1e53","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e54b1777-669f-40d3-978a-ad40f9150f4d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"83a7bc43-a26a-4ad9-908c-ac274c3fd5b1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7d79af62-d13d-4e22-b4d1-b272b660985e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5b2ddc42-29fb-44e4-9cbd-7e14cf020494","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"d63e62d3-356f-4fdf-b65b-3648d0b2f922","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"3636edd9-3a5a-4f6d-970a-e3f87c2a3421","name":"NET-STAR","type":"malware","source":"Tidal Cyber","software_attack_id":"S3571","tidal_id":"becce45c-c801-5d85-b8d2-f0be03d88e3d","created":"2025-10-13T17:29:22.133945Z","modified":"2025-10-13T17:29:22.133949Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4523552b-0105-420c-a10d-079db63967ee","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"819548ef-32ec-4444-9eea-7a40e1d36f58","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"591d9cfa-2518-4503-81c6-67d538d3330e","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"3efa849b-af8b-496b-a410-f53d61ea9e01","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"bb36d8c6-b092-47ff-b6ea-b72095814564","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"22c632f5-3c2a-4aa3-8b6a-8f459e2f9361","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"132fb908-9f13-4bcf-aa64-74cbc72f5491","name":"netstat","type":"tool","source":"MITRE","software_attack_id":"S0104","tidal_id":"d3e7d35d-446a-52a3-a17f-f9f865afe5d3","created":"2017-05-31T21:33:04.545000Z","modified":"2022-10-12T21:29:16.407000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)]</sup><sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)]</sup><sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup><sup>[[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]</sup>","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"b012a59a-3d0d-44db-b29b-446acea0bbeb","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"fd154b87-fa23-4aca-b3a0-dc9ec15971e3","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"2a9b27ce-71c2-40a2-9b49-5128ba7ea86c","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f70884ea-5b5e-418d-8f9d-15ea4dd6b08a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3c19b306-3213-4dea-8631-666d34d03a12","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"8bea1940-95a2-4790-b006-10cc158e11b3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"082fa9cd-ad32-43b2-9580-5219bf2888df","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b4abc274-fa24-4428-b865-9d0c4d2feaae","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"96ecdb59-b047-4557-b2a7-c9712e8c903b","name":"NetSupport","type":"tool","source":"Tidal Cyber","software_attack_id":"S3135","tidal_id":"b9c67e4f-9439-542b-914e-390d7f32233c","created":"2024-06-13T20:12:34.591962Z","modified":"2024-06-13T20:12:34.591968Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fc1953ae-21a9-4947-9ede-7b918d6eb890","name":"NetSupport RAT","description":"","source":"Tidal Cyber","associated_software_id":"d3851fe9-6ab9-43f3-b7c1-3d2e731165e8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8095475c-18d3-429d-90a0-55e1952ebc07","name":"NetSupport Manager","description":"","source":"Tidal Cyber","associated_software_id":"f27f2e84-6546-44a5-8012-e05d6bdf5eb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[eSentire November 13 2025](/references/f346f327-f0e4-4405-bf3c-c0723c23384f)]</sup>","group_attack_id":"G3155","group_id":"bd396d01-231e-4b59-ab3d-fbf1aceb2a26","name":"SheldIO","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Red Canary June 26 2024](/references/e0d62504-6fec-4d95-9f4a-e0dda7e7b6d9)]</sup>","group_attack_id":"G3056","group_id":"54a13c54-a1d5-46e9-b155-56d981a5ad8f","name":"Scarlet Goldfinch","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Proofpoint TA547 April 10 2024](/references/c1fab1dd-bec1-4637-9d50-8317247dc82b)]</sup>","group_attack_id":"G3059","group_id":"ac3426c4-6d7e-4e99-9546-266fb7fd8c44","name":"TA547","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"43d6e8f5-f781-4222-8f6c-64574db995a6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d9812566-01e8-4e9e-afb8-79d1b0e552bb","tag":"6307a146-7a64-41a7-b765-8ea935027895"},{"id":"0ecf8e28-8894-4594-9561-40a60e8bbd53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c195e5b6-0c02-46cb-953e-6e479422eb30","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"95907b44-cc39-4099-bd1d-8ad7e767229f","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"0ecf0c66-7c13-4209-999d-91bc980e8bb6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"43f17cc2-2485-40c5-ae6f-6759ea681be9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1b8f9cf9-db8f-437d-800e-5ddd090fe30d","name":"NetTraveler","type":"malware","source":"MITRE","software_attack_id":"S0033","tidal_id":"1bdc891a-9414-5bb3-b4c1-a09a40377d52","created":"2017-05-31T21:32:25.361000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]</sup>","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5a01e698-72bb-4e92-8c83-d74cba4a612a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5b4b395f-f61a-4bd6-94c1-fb45ed3cd13d","name":"Netwalker","type":"malware","source":"MITRE","software_attack_id":"S0457","tidal_id":"80f0a163-4640-562a-8f06-df57e58e875f","created":"2020-05-26T21:02:38.186000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"84ef87a0-6ce9-4fcc-b96a-26bcfdabc057","name":"Mailto","description":"","source":"Tidal Cyber","associated_software_id":"ebe1fe56-5d87-444f-bf06-76d18f19b788","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"ade8e593-d88a-45b7-8fce-7f9f2ce23511","name":"Koko Ransomware","description":"","source":"Tidal Cyber","associated_software_id":"4ff19645-f405-4bc2-847b-13409fce15cf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8df1a09b-6170-4b69-b861-d50dadc77624","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"6f93fdb4-d31e-43e6-9bb0-78ca5c5d07dc","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"0b2188b3-9939-457c-a17c-b15c10f5efe7","tag":"242bc007-5ac5-4d96-8638-699a06d06d24"},{"id":"439cfb09-221e-4431-8912-ce755a48235e","tag":"e554bd60-5de3-4162-9ed3-66073ae9d6b3"},{"id":"14adc9a1-48bc-4189-b1aa-95207e312ed3","tag":"0e948c57-6c10-4576-ad27-9832cc2af3a1"},{"id":"a54cb5a5-4d05-46c3-8327-264ba73e0659","tag":"3d90eed2-862d-4f61-8c8f-0b8da3e45af0"},{"id":"6495c430-3387-4704-b73c-f393a894b00a","tag":"4fb4824e-1995-4c65-8c71-e818c0aa1086"},{"id":"b3c61d95-3f40-47d8-9352-658590016899","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"62e267d1-8d13-41c0-887d-942cf19ad37f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"c7d0e881-80a1-49ea-9c1f-b6e53cf399a8","name":"NETWIRE","type":"malware","source":"MITRE","software_attack_id":"S0198","tidal_id":"671df562-51d0-50d2-a910-c76813a9b0bf","created":"2018-04-18T17:59:24.739000Z","modified":"2021-10-12T11:21:09.567000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cylance Shaheen Nov 2018](https://app.tidalcyber.com/references/57802e46-e12c-4230-8d1c-08854a0de06a)]</sup>","group_attack_id":"G0089","group_id":"830079fe-9824-405b-93e0-c28592155c49","name":"The White Company","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit42 SilverTerrier 2018](https://app.tidalcyber.com/references/59630d6e-d034-4788-b418-a72bafefe54e)]</sup>","group_attack_id":"G0083","group_id":"e47ae2a7-d34d-4528-ba67-c9c07daa91ba","name":"SilverTerrier","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)]</sup><sup>[[FireEye APT33 Webinar Sept 2017](https://app.tidalcyber.com/references/9b378592-5737-403d-8a07-27077f5b2d61)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup><sup>[[FireEye NETWIRE March 2019](https://app.tidalcyber.com/references/404d4f7e-62de-4483-9320-a90fb255e783)]</sup>\n","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b8a6fb95-e260-4f9a-9671-3c4048fe8811","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"36445950-9f53-499f-a3c3-3b32f9d1716e","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"56018455-7644-4e59-845a-986f55efcad4","name":"Network Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3118","tidal_id":"1e29e055-bdb1-50c5-a820-6d83ba3b68f8","created":"2024-03-07T21:01:09.148580Z","modified":"2024-03-07T21:01:09.148584Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b3878754-3dc6-4f51-9c5f-a214768a425d","name":"NS.exe","description":"","source":"Tidal Cyber","associated_software_id":"63740335-2ae1-4285-b0ea-aa3bd1e5725f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Talos Phobos November 17 2023](/references/c049d198-efd0-40e2-a675-cf099b8211b3)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9921ae00-0636-42c4-a205-4e8c03c77434","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a174c802-4794-4647-8b25-a1fa699d5d6c","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8c39cb37-018d-44ed-9ddb-9f9feef33a42","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2b76bf2d-d379-43ba-82e1-3cb6cb44b0f3","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"8f1e741a-d6b8-46c3-98e6-391b08e0259a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"5de0ae18-0a1e-445f-a2ab-485ce1d20df0","name":"New Tab - Customized Dashboard","type":"malware","source":"Tidal Cyber","software_attack_id":"S3890","tidal_id":"bb7e8b68-9a79-5f3c-b57a-58306816c110","created":"2026-01-06T18:05:08.945977Z","modified":"2026-01-06T18:05:08.945980Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.koi.ai January 05 2026](/references/5da3facd-7bd9-4a02-843a-ad4b3fa273d7)]</sup>","group_attack_id":"G3190","group_id":"d2ed88a2-5514-4336-bda7-770dbe4fd451","name":"DarkSpectre","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"56dfc8f2-cd2f-4c05-99ba-a9d1270aa89a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"f83495ca-6750-4304-91c0-ed4021af51ed","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"58012e8c-3620-4cae-81b3-20b8e103a547","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"0a5db13c-00c0-4454-ad51-fee6c56228c4","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"69c02af2-ab9f-45d2-9a93-606f27648bb9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5c0d228a-461e-481f-81f1-1d05efb45a11","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4f5bded1-97bd-4f97-82f7-1df5d4e6bbda","name":"nex","type":"tool","source":"Trellix TIG","software_attack_id":"S3472","tidal_id":"6e67297a-282c-5cb6-be47-698aa4125c12","created":"2025-04-11T15:06:54.400699Z","modified":"2025-04-11T15:06:54.400702Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"607224a5-a851-49ae-a9d6-1f5f581a0518","name":"nexe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3850","tidal_id":"6df12f02-2f41-5dd9-a4ed-f163737074a4","created":"2025-12-29T17:41:08.797130Z","modified":"2025-12-29T17:41:08.797133Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f2f2957a-42ff-4cd6-87ed-71f780658485","tag":"166581ec-09a6-40b2-abfb-c3f5c733f89f"},{"id":"1b375f09-3bd1-4e5c-bf00-7297608366d3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ac25459d-4584-4e7b-b99d-eb97a4d7cae4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"dd2c12f9-c561-42c0-99bc-7c8ccdbae991","name":"NexShield","type":"malware","source":"Tidal Cyber","software_attack_id":"S3982","tidal_id":"cc622a51-60d1-591d-b4c5-752ef0162add","created":"2026-01-23T20:31:11.820934Z","modified":"2026-01-23T20:31:11.820937Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","group_attack_id":"G3213","group_id":"a0202bc8-abe6-42c1-ac84-1dc27b9e322f","name":"KongTuke","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fa24f8d9-1ca6-4b01-a06a-23454d126ea4","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"08947e5b-50c1-413c-a9dc-94f9ac761179","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"acaa7e91-57a1-4b8e-8aa4-d9f44a2e478e","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"6ca3a067-7d32-48ec-a8aa-00356d1a0ccf","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"39244f66-21d4-439b-9768-1098d48a4ded","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0b7a1dfa-eee9-4812-9d90-ebcf57fd5c96","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d9aee874-29a7-416e-9983-bc08be82cd4d","name":"Nezha","type":"tool","source":"Tidal Cyber","software_attack_id":"S3592","tidal_id":"50e796ef-f43c-53b2-bb03-41f2eabc0e1d","created":"2025-10-13T17:29:25.137565Z","modified":"2025-10-13T17:29:25.137569Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"bd6c9523-b990-44a0-8388-f648cd337518","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e68f9ebf-ac58-4452-9e58-ae7c1d964b43","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ac1013ba-b128-42dc-b93f-76754f83ce55","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"699a0608-c566-4e15-95c5-b8d27f6b16fe","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"cafbf0b9-ac61-4ec0-bfed-1c2898edcf09","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3c60371c-0967-4dab-bc15-2992d224d9a0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"aa3b4aa9-f944-44ba-a032-b63dda78951c","name":"Ngen","type":"tool","source":"Tidal Cyber","software_attack_id":"S3477","tidal_id":"e9c21961-2ff3-508b-a91f-1ae68c82815d","created":"2025-05-20T16:19:08.715139Z","modified":"2025-05-20T16:19:08.715142Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ad852a33-3de5-482c-b8cc-db4f21fe9240","name":"Ngen.exe","description":"<sup>[[Ngen.exe - LOLBAS Project](/references/98e9f234-6ea9-4e2a-8828-2e6e6916d7f1)]</sup>","source":"Tidal Cyber","associated_software_id":"0ef602e9-60cd-4936-a3e4-10a3eeede100","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4858036d-d4af-48be-be8b-fb1b8cb441fb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"87b73bc7-f7af-41d7-8157-a5545dc885a4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"48b161fe-3ae1-5551-9f26-d6f2d6b5afb9","name":"NGLite","type":"malware","source":"MITRE","software_attack_id":"S1106","tidal_id":"56b3ad52-01e5-52fb-9c40-59716de4a645","created":"2024-04-25T13:28:19.489641Z","modified":"2024-04-25T13:28:19.489644Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"316ecd9d-ac0b-58c7-8083-5d9214c770f6","name":"ngrok","type":"tool","source":"MITRE","software_attack_id":"S0508","tidal_id":"2087798d-a5f7-5920-a6c0-abd01a00ebc6","created":"2023-11-07T00:35:50.608117Z","modified":"2023-11-07T00:35:50.608122Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has used [ngrok](https://app.tidalcyber.com/software/316ecd9d-ac0b-58c7-8083-5d9214c770f6) to create secure tunnels to remote web servers.<sup>[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup><sup>[[CrowdStrike Scattered Spider JUL 2025](https://app.tidalcyber.com/references/1112ac30-b1cc-5507-a1c1-35c6ac573b95)]</sup><sup>[[Check Point Scattered Spider JUL 2025](https://app.tidalcyber.com/references/276a2ed6-d532-51ee-9066-83145b7506c5)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro Earth Simnavaz October 2024](https://app.tidalcyber.com/references/aff9097b-43ea-50aa-88ed-62b98f2d58ce)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Www.recordedfuture.com January 09 2026](/references/fb8ee1dd-bf96-4d28-9d9f-807cc351190b)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]</sup>","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CrowdStrike PIONEER KITTEN August 2020](https://app.tidalcyber.com/references/4fce29cc-ddab-4b96-b295-83c282a87564)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) used [ngrok](https://app.tidalcyber.com/software/316ecd9d-ac0b-58c7-8083-5d9214c770f6) during intrusions against Ukrainian victims.<sup>[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Daixin Team October 2022](/references/cbf5ecfb-de79-41cc-8250-01790ff6e89b)]</sup>","group_attack_id":"G3007","group_id":"07bdadce-905e-4337-898a-13e88cfb5a61","name":"Daixin Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[BianLian Ransomware Gang Gives It a Go! | [redacted]](/references/fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"775414b6-72fe-4f67-ae29-2c4954da1482","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"e10a4ec9-2e27-482f-90cb-a6b6cec7e8da","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"78eb57a1-8c78-412e-bd40-4b38e21f2c70","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b840813d-6917-46bc-808c-0ba58f6a492c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c805e791-e2ee-4703-ab5b-e3dbaa8e8616","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ede21e23-0e96-402e-a694-89b7f92ffb5c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"6f78a195-bb0c-4e7c-bb6b-d643ce80e0bf","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"0657faea-6051-4c20-acde-b671585bf7a4","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"a688cb44-946a-4d98-b110-794df00caeb8","tag":"d75c1a80-0cb8-4a64-8379-10514cd44b1e"},{"id":"55afd745-308e-4d8a-9084-8c0e982a677c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"17528a6a-db48-48db-a910-2532639c0756","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"08991e84-18c9-4651-a6e8-730fbb1c7c76","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"eb86067d-80b4-45a5-a4cc-e52561dc27b6","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"02f750bc-ab10-4e5e-a3dd-7250834dd9bf","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"18aa5e44-3dd8-4fad-8ecc-104a120daeb0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7813bae2-eeef-4154-b047-d597e6006bde","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2dee4ddb-0673-45cc-8043-e09c23a9e221","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"98b223ca-b7f9-5ed2-8348-3a4caaced031","name":"NICECURL","type":"malware","source":"MITRE","software_attack_id":"S1192","tidal_id":"98b223ca-b7f9-5ed2-8348-3a4caaced031","created":"2025-04-22T20:46:56.170069Z","modified":"2025-04-22T20:46:56.170073Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT42-untangling](https://app.tidalcyber.com/references/64b19eab-8190-5e22-89a0-f7555f9f7fa2)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bdf0a860-8035-4bad-b8c8-58104ed5112f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9d3fd630-1ba8-4d14-907f-f3bdc5a13fa3","name":"NICECURL (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3148","tidal_id":"9139295e-fa4c-5729-bb43-31d5eafca64c","created":"2024-08-30T18:12:52.464539Z","modified":"2024-08-30T18:12:52.464546Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]</sup>","group_attack_id":"G3050","group_id":"ce126445-6984-45bb-9737-35448f06f27b","name":"APT42 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"dcb30f45-cdb3-4579-9e18-39dd38b83448","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e7257b68-c77f-4051-a637-9ec3b1f6d66f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a613610f-5649-4245-906b-f85ec961f1fd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3ae9acd7-39f8-45c6-b557-c7d9a40eed2c","name":"Nidiran","type":"malware","source":"MITRE","software_attack_id":"S0118","tidal_id":"85b689b7-c820-5f0f-bad4-2b00a2c23e61","created":"2017-05-31T21:33:09.842000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6a4dcb7d-9358-4331-a127-d0dc5c15260b","name":"Backdoor.Nidiran","description":"","source":"MITRE","associated_software_id":"69d00742-0a78-44e9-ae0e-98d09f52d81d","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Suckfly March 2016](https://app.tidalcyber.com/references/8711c175-e405-4cb0-8c86-8aaa471e5573)]</sup><sup>[[Symantec Suckfly May 2016](https://app.tidalcyber.com/references/59fd16cd-426f-472d-a5df-e7c1484a6481)]</sup>","group_attack_id":"G0039","group_id":"06549082-ff70-43bf-985e-88c695c7113c","name":"Suckfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b1963876-dbdc-5beb-ace3-acb6d7705543","name":"NightClub","type":"malware","source":"MITRE","software_attack_id":"S1090","tidal_id":"e6a8ea44-3f35-5288-be14-8fdf91317b61","created":"2023-11-07T00:35:47.941741Z","modified":"2023-11-07T00:35:47.941747Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MoustachedBouncer ESET August 2023](https://app.tidalcyber.com/references/9070f14b-5d5e-5f6d-bcac-628478e01242)]</sup>","group_attack_id":"G1019","group_id":"f31df12e-66ea-5a49-87bc-2bc1756a89fc","name":"MoustachedBouncer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"858084e7-41ba-53f8-b530-0286bf4ea764","name":"Nightdoor","type":"malware","source":"MITRE","software_attack_id":"S1147","tidal_id":"858084e7-41ba-53f8-b530-0286bf4ea764","created":"2024-10-31T16:28:03.818948Z","modified":"2024-10-31T16:28:03.818951Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) uses [Nightdoor](https://app.tidalcyber.com/software/858084e7-41ba-53f8-b530-0286bf4ea764) as a backdoor mechanism for Windows hosts.<sup>[[ESET EvasivePanda 2024](https://app.tidalcyber.com/references/07e6b866-7119-50ad-8a6e-80c4e0d594bf)]</sup><sup>[[Symantec Daggerfly 2024](https://app.tidalcyber.com/references/1dadd09e-e7b0-50a1-ba3d-413780dbeb80)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0ff47c3d-440a-4e17-8d18-4eb3c6f5fb31","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2dd26ff0-22d6-591b-9054-78e84fa3e05c","name":"Ninja","type":"malware","source":"MITRE","software_attack_id":"S1100","tidal_id":"70b0765f-c04f-5ed9-a80a-fbe332e745d9","created":"2024-04-25T13:28:17.103243Z","modified":"2024-04-25T13:28:17.103247Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky ToddyCat June 2022](https://app.tidalcyber.com/references/285c038b-e5fc-57ef-9a98-d9e24c52e2cf)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"72373c4f-32f9-4780-84c7-458eece354f2","name":"NinjaRMM","type":"tool","source":"Tidal Cyber","software_attack_id":"S3394","tidal_id":"26a4a30b-1087-5579-a6a7-8d28dae1391a","created":"2024-10-04T20:33:22.888237Z","modified":"2024-10-04T20:33:22.888241Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"99b3b266-64cc-4245-a356-584df6c36ede","name":"NinjaOne","description":"","source":"Tidal Cyber","associated_software_id":"2fcd8339-381b-4ade-b1ae-ebe35861165c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a16a64d3-a3f2-4c20-bca5-efed0b1082b2","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"b2d6b691-be36-41b2-88eb-6af9934d8424","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"efa5fff4-f6db-4719-91c7-97dbe93099a8","name":"NirSoft","type":"tool","source":"Tidal Cyber","software_attack_id":"S3112","tidal_id":"70c68043-f7c3-5166-846f-2534eca1f76a","created":"2024-03-07T21:01:06.554695Z","modified":"2024-03-07T21:01:06.554699Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8a522a6f-b3cf-4c71-ae9f-7fad6c55a88d","name":"NirSoft password recovery utilities","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"a56a0295-5e4e-4584-86c9-72589c03cf2f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8523d395-d80a-470e-a178-574c5b9c478e","name":"netpass.exe","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"e9a214bf-7c36-4dfd-b510-126f75439379","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c388a86c-e7b0-42f0-a72d-dbf180438727","name":"WebBrowserPassView.exe","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"fe9b06ec-3987-4ca3-9555-86433bcfdf61","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"885d2912-b6e0-42ab-9b6a-7fe79821fd3b","name":"PassView","description":"","source":"Tidal Cyber","associated_software_id":"ae37cbee-ca58-4b1c-8ea4-eaf4857fcc5e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"af54513a-f262-456d-b76e-020a23f0e3d3","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"2e76fbb6-a360-4823-a3e8-87677b275381","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ebf291e7-6963-40cb-89eb-b0d33bbf0df0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"80e0a199-0279-4c00-8bbb-7a79f0d79272","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0f89b191-2c35-47da-808f-8af628e0a6fd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"afb0061f-505c-4107-a3a4-f4dff9630adc","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"18e058fb-e3c5-4fc0-983d-2493d2a6015d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"82996f6f-0575-45cd-8f7c-ba1b063d5b9f","name":"njRAT","type":"malware","source":"MITRE","software_attack_id":"S0385","tidal_id":"6c404eec-d99d-53ab-ab1e-95fe5c52813f","created":"2019-06-04T17:52:28.806000Z","modified":"2022-09-16T19:33:56.130000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9ee2bbd7-0b0b-4dbe-a49c-12a69c564560","name":"Njw0rm","description":"Some sources have discussed Njw0rm as a later variant of [njRAT](https://app.tidalcyber.com/software/82996f6f-0575-45cd-8f7c-ba1b063d5b9f), where Njw0rm adds the ability to spread via removable devices such as USB drives.<sup>[[FireEye Njw0rm Aug 2013](https://app.tidalcyber.com/references/062c31b1-7c1e-487f-8340-11f4b3faabc4)]</sup> Other sources contain that functionality in their description of [njRAT](https://app.tidalcyber.com/software/82996f6f-0575-45cd-8f7c-ba1b063d5b9f) itself.<sup>[[Fidelis njRAT June 2013](https://app.tidalcyber.com/references/6c985470-a923-48fd-82c9-9128b6d59bcb)]</sup><sup>[[Trend Micro njRAT 2018](https://app.tidalcyber.com/references/d8e7b428-84dd-4d96-b3f3-70e7ed7f8271)]</sup>","source":"MITRE","associated_software_id":"f6269ef2-ec83-41f6-9c86-4d507070c7d7","owner_id":null,"owner_name":null},{"id":"629eccba-abc2-42c1-90fd-d47334ccc1fa","name":"Bladabindi","description":"<sup>[[Fidelis njRAT June 2013](https://app.tidalcyber.com/references/6c985470-a923-48fd-82c9-9128b6d59bcb)]</sup><sup>[[Trend Micro njRAT 2018](https://app.tidalcyber.com/references/d8e7b428-84dd-4d96-b3f3-70e7ed7f8271)]</sup>","source":"MITRE","associated_software_id":"77fe7b25-a1a1-488f-b0af-08e6e1508301","owner_id":null,"owner_name":null},{"id":"c79396f7-6018-401e-9410-9ffffc6d219d","name":"LV","description":"<sup>[[Fidelis njRAT June 2013](https://app.tidalcyber.com/references/6c985470-a923-48fd-82c9-9128b6d59bcb)]</sup>","source":"MITRE","associated_software_id":"abeccf73-8340-44ca-93eb-4fbd98050cb6","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup><sup>[[Cisco Operation Layover September 2021](https://app.tidalcyber.com/references/f19b4bd5-99f9-54c0-bffe-cc9c052aea12)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Citizen Lab Group5](https://app.tidalcyber.com/references/ffbec5e8-947a-4363-b7e1-812dfd79935a)]</sup>","group_attack_id":"G0043","group_id":"fcc6d937-8cd6-4f2c-adb8-48caedbde70a","name":"Group5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Proofpoint Operation Transparent Tribe March 2016](https://app.tidalcyber.com/references/8e39d0da-114f-4ae6-8130-ca1380077d6a)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]</sup>","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CrowdStrike AQUATIC PANDA December 2021](https://app.tidalcyber.com/references/fd095ef2-6fc2-4f6f-9e4f-037b2a9217d2)]</sup>","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Check Point Research Blind Eagle March 10 2025](/references/4a9b874a-8ed3-476d-8da2-d59e081c4b40)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"55d21b50-e048-43c1-bab9-882d3ee01da9","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"b0c87fc0-35a2-44c1-abff-8a5f09df25d4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e26988e0-e755-54a4-8234-e8f961266d82","name":"NKAbuse","type":"malware","source":"MITRE","software_attack_id":"S1107","tidal_id":"e21d4982-65e8-5376-9810-95ee7af31579","created":"2024-04-25T13:28:21.204396Z","modified":"2024-04-25T13:28:21.204399Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ea88cc5c-741e-4784-b76b-900264f821ff","tag":"62bde669-3020-4682-be68-36c83b2588a4"}],"owner_name":null},{"id":"77a7d127-7a75-460d-b981-acfa1b936193","name":"nlsport.dll (Bof loader)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3790","tidal_id":"ea3e3433-a26d-5dd0-9122-10d0b28b6f36","created":"2025-12-24T14:57:25.364641Z","modified":"2025-12-24T14:57:25.364645Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c64a6233-717b-4e27-aa20-703f81de3a82","name":"Bof loader","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"c5b00b8e-010a-4070-9840-286a3e3be04f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6f04f94e-70cb-46ae-95ab-3bcdfb8fd127","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"37c069f6-c917-400f-800d-722da981090c","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"6f626f77-6f4d-4916-8618-2d3b962ab2f4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c417c78d-4311-4318-9f2f-ed78c1f8c3dc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fbb1546a-f288-4e43-9e5c-14c94423c4f6","name":"Nltest","type":"tool","source":"MITRE","software_attack_id":"S0359","tidal_id":"1759ca0c-6b3e-5ff6-9841-74c2855ad078","created":"2019-02-14T17:08:55.176000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5515d847-4327-410d-af40-cd4315021df2","name":"nltest.exe","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"d8259d49-28f7-43fa-90b9-4619be1de112","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)]</sup><sup>[[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)]</sup><sup>[[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup><sup>[[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress INC Ransom Group August 2023](https://app.tidalcyber.com/references/d315547d-26e3-5130-a794-658eecf1e0df)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Bitdefender FIN8 July 2021](https://app.tidalcyber.com/references/aee3179e-1536-40ab-9965-1c10bdaa6dff)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) has used Windows native utility [Nltest](https://app.tidalcyber.com/software/fbb1546a-f288-4e43-9e5c-14c94423c4f6), e.g. `nltest.exe`, for discovery.<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c6b216ef-d7fa-44e3-bf31-8dfcd141d5fe","tag":"51006447-540b-4b9d-bdba-1cbff8038ae9"},{"id":"e48bbde8-804f-434d-a164-07984d87c3a2","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"de266ea9-c61d-41ab-9207-a03aa76688bc","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a751f5df-600f-4745-9cf1-4e8cda36a71d","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"b28692cc-f523-4d5d-8b0c-30b6efe98d75","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"8b244384-c5a0-411c-95cf-516529f3208d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"e6aa580b-a05c-4369-96cb-5c0d690409bf","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"0901aee8-a2e3-46a9-817c-1fbd35dcb98a","tag":"24f6ba0e-9230-4410-a9fb-b0f3b55de326"},{"id":"5bbc14c4-7f3a-4889-97fb-f95541711c20","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"211d1ba2-f6d8-4953-adb0-42d0988b74b2","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"d563560d-0c22-4751-bf13-0d2b09a6eed2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"042e61cf-a8e1-42ec-8974-a3b2e2037c08","name":"Nmap","type":"tool","source":"Tidal Cyber","software_attack_id":"S3074","tidal_id":"ddca8f08-3dda-59f8-b1af-076e2fe5b371","created":"2023-09-08T15:49:57.522759Z","modified":"2023-09-08T15:49:57.522763Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ef864bc2-81b9-476a-a65a-3da4e87c366b","name":"nmap.exe","description":"","source":"Tidal Cyber","associated_software_id":"b1dc73c7-6591-430b-9802-5b66758f787c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3006","group_id":"7c1a627e-7ea8-4919-a590-7637f1c887f3","name":"NoName057(16)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3035","group_id":"411e005e-95a4-4805-8296-0accf902d08d","name":"Cyber Army of Russia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky DeftTorero October 3 2022](/references/f6b43988-4d8b-455f-865e-3150e43d4f11)]</sup>","group_attack_id":"G0123","group_id":"7c3ef21c-0e1c-43d5-afb0-3a07c5a66937","name":"Volatile Cedar","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3168","group_id":"11cc9126-532c-4c37-944f-d4585840ead8","name":"Sector16","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3169","group_id":"34358e71-38c5-44e3-8467-6c84ab9eba4a","name":"Z-Pentest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Unit 29155 September 5 2024](/references/9631a46d-3e0a-4f25-962b-0b2501c47926)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky ThreatNeedle Feb 2021](/references/ba6a5fcc-9391-42c0-8b90-57b729525f41)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Group IB Silence Sept 2018](/references/10d41d2e-44be-41a7-84c1-b8f39689cb93)]</sup>","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[U.S. CISA APT40 July 8 2024](/references/3bf90a48-caf6-4b9d-adc2-3d1176f49ffc)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f6b3fa13-2418-4a14-81f5-857ce20c6051","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"0a71366c-e76b-423e-9ee7-5b7e47128c2e","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"799357df-2ea0-416e-8a9b-5ac7d3e8c62d","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"d5a0f167-eaba-4ac7-bd3e-7456fdf2dee3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"d15bb198-71cc-47b0-ad9a-3eb933653dc8","tag":"96d58ca1-ab18-4e53-8891-d8ba62a47e5d"},{"id":"cd29df6b-956f-43a8-865b-3682d80c03f9","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"48f96f2b-b3b9-477c-a830-d5e09879df4e","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"b04221bc-79d5-468f-a317-2352061d6fb8","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6e2edb56-e298-4517-869c-8064b97cc814","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"86e92638-0267-4b99-b983-1a3b852090ad","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"ac613be5-fc6c-46f6-96ad-40d0629bf70f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b55e4087-8f15-4306-a06a-f6854d27d3e0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e581063f-cb81-4a11-bf1c-0954c47e61e8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"524ee04d-65c7-47a4-b782-05f738a65a80","tag":"6ff40d11-214a-434b-b137-993e4ff5e34e"},{"id":"5dbc4ccf-b55d-4034-8bd3-3cfda2bd0585","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2596d975-0d71-4d51-8e91-d3f8ba9c65e6","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"5fe5f2f3-acc8-4667-8871-7438fb884160","name":"NodeCordRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3939","tidal_id":"eebc3d9a-569a-5b7e-b507-a57b606698ae","created":"2026-01-14T13:31:38.854104Z","modified":"2026-01-14T13:31:38.854108Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3dd1f583-2099-4e0a-b2e5-726d6ee8482f","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"3ba8fb4d-68a3-4efd-ab32-3e5d732cd1e4","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"e8d11d31-3793-4b39-96ef-d1f67d8224e6","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"aded6c60-2229-4619-94f1-4bca7d1b69ab","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"04f7b0a2-4e51-4078-89cd-039811f9fe64","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"5c52cde4-debb-4d1c-a64c-5051e04eb17f","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"51642515-a0ae-45f4-9fa0-f50e0393292c","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"2fb97124-ccae-4adb-8937-3f338575a461","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"7adf02e1-111b-4d0e-a5df-00bf25da07ec","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"68387cbb-5595-47b3-8fe8-417ca60581f2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3449bf43-c0ed-4114-9180-194820c74ac9","name":"Node.js","type":"tool","source":"Tidal Cyber","software_attack_id":"S3845","tidal_id":"41de0874-1783-5995-83de-2b32da8fae27","created":"2025-12-29T17:41:08.010804Z","modified":"2025-12-29T17:41:08.010809Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b750e25a-0555-42cb-88c7-0f258abb0807","name":"node.exe","description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","source":"USER","associated_software_id":"31df426b-2971-43a6-92f2-0f8817c48a9c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G3187","group_id":"e396b406-57df-4260-bb75-b337ff726785","name":"Weaxor ransomware operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8184c3af-763d-42cf-ac0a-58b30d6669f0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1a8b6f72-a81d-42c6-af32-507451ce90e7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"31aa0433-fb6b-4290-8af5-a0d0c6c18548","name":"NOKKI","type":"malware","source":"MITRE","software_attack_id":"S0353","tidal_id":"1c414a9c-4094-5d52-a6f7-4e4903c7bda0","created":"2019-01-30T19:50:45.307000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"dc814d7e-7a5e-4498-b55f-c04e88d13537","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"871a73ea-1ac9-4cc0-976c-541b14eece8f","name":"Non-Sucking Service Manager","type":"tool","source":"Tidal Cyber","software_attack_id":"S3769","tidal_id":"16250597-4d05-5738-92cf-160a5c4a7ccf","created":"2025-12-17T14:18:52.231244Z","modified":"2025-12-17T14:18:52.231247Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d417fcda-8df9-4f59-b110-abd6399ecbdb","name":"NSSM","description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","source":"USER","associated_software_id":"28736845-8861-41c5-9a8e-109f8f73fea9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9091445c-18b6-45df-a118-e25ac4c627b0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"93ae5d02-88b4-47ce-90d0-6b622a79cfa8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1b93e8e5-7737-40a6-8a57-ad628311ae76","name":"Noodle RAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3746","tidal_id":"1b55b6aa-f830-5b88-a246-029c9b0a2b63","created":"2025-12-17T14:18:48.713682Z","modified":"2025-12-17T14:18:48.713686Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"dacfaf75-44c6-4ff0-8af0-0277498d48b4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"943e86fe-1248-4c07-a6b9-e707eb5241c5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"eabad101-c691-4f69-8825-18b3d2c7e623","name":"NOROBOT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3602","tidal_id":"8acc50b0-8007-5eb1-8f84-b7d261399e67","created":"2025-10-24T16:13:47.684378Z","modified":"2025-10-24T16:13:47.684381Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"16b154c0-6ff6-47d0-ab6c-02aff4941c3f","name":"BAITSWITCH","description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","source":"USER","associated_software_id":"b01bcefa-f782-47e8-9af3-f55f34364e52","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"86e2cbe4-98c0-400c-87e8-0f78b955d31d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"05ec19a1-7080-44dc-8e7d-47f3bf37752e","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"41269488-5fe1-42f9-ad41-665f92a2f6fb","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"97ce422c-4a42-44fd-9041-4945ab56c2eb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4893f2f4-8dc7-4875-a220-646d1d778d60","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0032c33f-eccc-42ef-a02c-fb75ebf96fc3","name":"NosyDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3819","tidal_id":"f1766591-8e52-5ab5-b0bd-ff7cdaea0260","created":"2025-12-24T14:57:29.670254Z","modified":"2025-12-24T14:57:29.670257Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"80193b71-c7e2-4e2e-9c9e-89ca0937ac0b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a9fabfa8-9dd2-4b6f-b343-649158343e36","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"bd6db450-4cfc-4954-aeef-1eb624e6e602","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"98e00da0-f1c8-4e3e-baf8-5d2fa1a71ad8","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"a1f86780-a16e-4307-a8da-52ce4c235920","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fd374b18-50d9-4677-9cfe-cbc832e1f660","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"571ddb10-eef0-4365-841d-624e5cd1e4e3","name":"NosyDownloader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3820","tidal_id":"87f28448-d3d4-5f3b-93b5-9f87ea2c8649","created":"2025-12-24T14:57:29.819569Z","modified":"2025-12-24T14:57:29.819572Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d23808d0-9051-4c0c-b58c-6993925c3e68","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"503c0964-3934-448c-9d5b-8e6c4b5f25d3","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"3d36e30a-ce32-4dee-97b7-5f35663a8772","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"87132e7e-51c9-4f1f-89a1-bc7ac99a73b6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fcd28155-de8a-424b-b0b2-986bab361e17","name":"NosyHistorian","type":"malware","source":"Tidal Cyber","software_attack_id":"S3821","tidal_id":"ae085f88-197b-562f-9a8f-42f563298675","created":"2025-12-24T14:57:29.965478Z","modified":"2025-12-24T14:57:29.965481Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3ffe32c6-153a-4851-824c-5c29df2ab3d6","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"139c8039-f696-4762-b923-d9112830d873","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"fa69fded-87c8-423f-b2a6-eb6c52f3b2a0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8e8da377-5cb6-4216-8466-dab5ee3fe30f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"94af7626-0ee5-4b5a-8836-20a47f40a385","name":"NosyLogger","type":"malware","source":"Tidal Cyber","software_attack_id":"S3822","tidal_id":"edb001bd-96ff-59ac-8d41-9d87153a39c7","created":"2025-12-24T14:57:30.133325Z","modified":"2025-12-24T14:57:30.133328Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9a909364-d876-4310-a15e-715f09c29778","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"4d88daf0-6659-4345-b527-dd443a336d8b","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"83d9c9d6-f851-4e40-9f0b-e5d3be1cf9cb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"48ce3869-3056-4fe5-94ea-c3db87b8278c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6062a9f4-a474-408e-9d0c-b5283d427794","name":"NosyStealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3823","tidal_id":"e20e20e4-d1da-5d8e-a5ec-416b6219c84b","created":"2025-12-24T14:57:30.276271Z","modified":"2025-12-24T14:57:30.276274Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7a1e650c-da41-4840-a7b3-4f96dbd2be2b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"92adc5c8-821f-478d-82b1-323c3decdfc5","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"11ff9503-4b46-43d4-8c78-3bc0874b6c8f","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"8d7804ae-80a5-4d06-8a56-b491e6851239","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7717bbd0-795b-4e6f-a69b-c9306282bf0e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9c855818-8228-5812-9b22-5ebc41d3e33f","name":"NotCompatible","type":"malware","source":"Mobile","software_attack_id":"S0299","tidal_id":"9c855818-8228-5812-9b22-5ebc41d3e33f","created":"2026-01-28T13:08:09.937758Z","modified":"2026-01-28T13:08:09.937760Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"0acc6f71-d073-44e3-b45b-b91127128015","name":"NotDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3658","tidal_id":"134a1dfc-cf4c-5d01-bd3e-ca6740a1c986","created":"2025-11-26T19:38:18.684856Z","modified":"2025-11-26T19:38:18.684860Z","platforms":[{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None September 03 2025](/references/fd78818b-2d33-4dd8-93a1-4263e8ceeec9)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1f457747-2e45-453e-a64a-5da560305b5a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9a59677d-4927-4a7f-b38f-97324eaf095a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d5d844c0-4bdb-478c-a1d7-160f5dd03f6d","name":"Notepad","type":"tool","source":"Tidal Cyber","software_attack_id":"S3579","tidal_id":"ef9d0650-f293-560a-90ad-930a84a2c3a1","created":"2025-10-13T17:29:23.287400Z","modified":"2025-10-13T17:29:23.287404Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d40b7f02-66e9-4f23-b15a-5a40306c92ba","name":"notepad.exe","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"0a9ad20d-dfb4-4bb7-9f15-9e20b6e4fb89","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e750c920-31ca-4b5f-8486-9b13e2bec53b","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"b3841187-9ca0-4b01-a3ce-852385d08032","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"76783b8e-b345-43e6-b797-b6c11bd827dc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c5495093-bf37-414f-a85f-a7d2f9e9cf4e","name":"Notepad++","type":"tool","source":"Tidal Cyber","software_attack_id":"S3580","tidal_id":"137e216b-252c-510d-a7c2-ef97e8d6f0c6","created":"2025-10-13T17:29:23.429910Z","modified":"2025-10-13T17:29:23.429914Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fbc806cf-e4ac-49e7-b27d-4c71f58d2482","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"10ee59eb-18e7-42f9-8f97-2bbb8a8e08b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3ff889cb-dd25-43a9-be02-b31987eba589","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2538e0fe-1290-4ae1-aef9-e55d83c9eb23","name":"NotPetya","type":"malware","source":"MITRE","software_attack_id":"S0368","tidal_id":"03c04de0-9ec7-5602-ade7-0b87eb1e6722","created":"2019-03-26T15:02:14.907000Z","modified":"2022-05-24T14:00:00.188000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"190a400c-3de7-4725-805f-1516a57c84d8","name":"GoldenEye","description":"<sup>[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]</sup>","source":"MITRE","associated_software_id":"2f3dc4fc-1f8c-40e2-a241-9edd349e24d6","owner_id":null,"owner_name":null},{"id":"edd91a94-94d5-4bb7-9fc3-dbb34ea38f16","name":"Nyetya","description":"<sup>[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]</sup>","source":"MITRE","associated_software_id":"2b7f9965-810d-4018-905d-8530af166fb6","owner_id":null,"owner_name":null},{"id":"fd4b1b2f-6cd1-47a8-8aee-bf80fb785c09","name":"ExPetr","description":"<sup>[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]</sup>","source":"ICS","associated_software_id":"544d9871-b68a-4bb1-99a4-c56777ce208e","owner_id":null,"owner_name":null},{"id":"99acbefe-2d0b-4176-8eae-d3effbf17cf2","name":"Diskcoder.C","description":"<sup>[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]</sup>","source":"ICS","associated_software_id":"f9b55f54-e33d-4df3-987e-fc10919f9a4d","owner_id":null,"owner_name":null},{"id":"cbf0623a-599f-4b84-8aca-4754bcd49b6c","name":"GoldenEye","description":"<sup>[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]</sup>","source":"ICS","associated_software_id":"2f3dc4fc-1f8c-40e2-a241-9edd349e24d6","owner_id":null,"owner_name":null},{"id":"90c5fae4-6467-4953-9f12-9776c0e2872e","name":"Nyetya","description":"<sup>[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]</sup>","source":"ICS","associated_software_id":"2b7f9965-810d-4018-905d-8530af166fb6","owner_id":null,"owner_name":null},{"id":"a9d3998d-b4ee-4acc-b60e-cf8df2bef4a2","name":"Petrwrap","description":"<sup>[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]</sup><sup>[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]</sup>","source":"ICS","associated_software_id":"cfd041ef-c3f4-4a5e-92dc-4fd9b627983f","owner_id":null,"owner_name":null},{"id":"a83fbd63-c2eb-4c8e-9f57-8d35ab2f8867","name":"ExPetr","description":"<sup>[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]</sup>","source":"MITRE","associated_software_id":"544d9871-b68a-4bb1-99a4-c56777ce208e","owner_id":null,"owner_name":null},{"id":"6309a91c-96ef-4993-8189-6fe613df2f3c","name":"Diskcoder.C","description":"<sup>[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]</sup>","source":"MITRE","associated_software_id":"f9b55f54-e33d-4df3-987e-fc10919f9a4d","owner_id":null,"owner_name":null},{"id":"8744cf46-0c4c-4ff4-aa56-a3e215f33b42","name":"Petrwrap","description":"<sup>[[Talos Nyetya June 2017](https://app.tidalcyber.com/references/c76e806c-b0e3-4ab9-ba6d-68a9f731f127)]</sup><sup>[[ESET Telebots June 2017](https://app.tidalcyber.com/references/eb5c2951-b149-4e40-bc5f-b2630213eb8b)]</sup>","source":"MITRE","associated_software_id":"cfd041ef-c3f4-4a5e-92dc-4fd9b627983f","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[NCSC Sandworm Feb 2020](https://app.tidalcyber.com/references/d876d037-9d24-44af-b8f0-5c1555632b91)]</sup><sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup><sup>[[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)]</sup><sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup><sup>[[Trend Micro Cyclops Blink March 2022](https://app.tidalcyber.com/references/64e9a24f-f386-4774-9874-063e0ebfb8e1)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCSC Sandworm Feb 2020](https://app.tidalcyber.com/references/d876d037-9d24-44af-b8f0-5c1555632b91)]</sup><sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup><sup>[[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)]</sup><sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup><sup>[[Trend Micro Cyclops Blink March 2022](https://app.tidalcyber.com/references/64e9a24f-f386-4774-9874-063e0ebfb8e1)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"ICS"}],"tags":[{"id":"fdd0b5a0-eee5-4fdb-a9b3-bc1b008945a7","tag":"88cd6603-5b4e-4d0c-9097-051d3a90cb80"},{"id":"f569b5cb-4935-42c6-848c-416d5416afab","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"0f859f3b-934d-412b-b8ab-d9ec2ea3c572","tag":"09de661e-60c4-43fb-bfef-df017215d1d8"},{"id":"c34fd1a8-6eff-4cac-9df9-ce5d78c0a67a","tag":"5a463cb3-451d-47f7-93e4-1886150697ce"},{"id":"bd80ace3-a8df-41dc-8d35-476943537e75","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"c91f1618-78af-4b9e-a384-795b550e193f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"f59e74d1-8368-406b-b55a-30a6d6d9b304","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"d1817595-9186-4749-aeab-26c774c1885d","name":"Npcap","type":"tool","source":"Tidal Cyber","software_attack_id":"S3075","tidal_id":"37b5e8d6-7fca-50b0-89a9-0b4a3fee0c95","created":"2023-09-08T15:49:57.772728Z","modified":"2023-09-08T15:49:57.772732Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"398de5c7-6134-4602-9bff-5a5c02e307e4","name":"npcap.exe","description":"","source":"Tidal Cyber","associated_software_id":"ed19a544-699c-43c2-a3bb-4503b220354f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0a285eef-ca6d-4027-b859-6520b37219f3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5228c345-be89-4373-9f89-d5717449da64","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"609092a4-11c8-4fa3-8173-d243b667030a","name":"Nping","type":"tool","source":"Tidal Cyber","software_attack_id":"S3548","tidal_id":"21c9e8ed-18e3-5717-9e88-6e24767a5545","created":"2025-09-15T19:14:00.993976Z","modified":"2025-09-15T19:14:00.993979Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"56348038-3bfb-4e7d-b7e3-5c8a0f11bbe3","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f92d4661-f315-49d2-b0e3-625ca7aeb7ea","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"5d5b8a3b-5228-40b9-bc88-ec69e65756cd","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fec15e48-90aa-4432-9d34-ed0ff9a3f297","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d28ac865-35d2-5522-8454-d0f2178b3078","name":"NPPSPY","type":"tool","source":"MITRE","software_attack_id":"S1131","tidal_id":"d28ac865-35d2-5522-8454-d0f2178b3078","created":"2024-10-31T16:28:08.644185Z","modified":"2024-10-31T16:28:08.644189Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"38ea87b8-5bec-4082-a14b-590b905ae1ca","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":null},{"id":"495d3500-1730-4eb4-b4ad-24192113541b","name":"nslookup","type":"tool","source":"Tidal Cyber","software_attack_id":"S3660","tidal_id":"895b2cf6-079b-5ab9-954d-e0e63985bd43","created":"2025-11-26T19:38:18.998911Z","modified":"2025-11-26T19:38:18.998915Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None September 03 2025](/references/fd78818b-2d33-4dd8-93a1-4263e8ceeec9)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"685f5922-d524-4292-a941-11663c92dc12","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"25d2a7f4-16ba-4841-aa9d-ec811fc57820","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9af571bb-f3c7-434b-8187-3e4ceb0ec6fc","name":"Ntdsutil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3057","tidal_id":"71660b05-a225-5fa3-8776-d4c02290b7b6","created":"2023-07-14T12:56:41.514615Z","modified":"2023-07-14T12:56:41.514621Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"62444fc5-9c72-4a6c-b1ae-90bc0b63bf0a","name":"ntdsutil.exe","description":"","source":"Tidal Cyber","associated_software_id":"39494b87-38c0-4b84-89c9-3bcd45f3bc3f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Prestige ransomware October 2022](/references/b57e1181-461b-5ada-a739-873ede1ec079)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MSTIC DEV-0537 Mar 2022](/references/a9ce7e34-6e7d-4681-9869-8e8f2b5b0390)]</sup>","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Symantec Cicada November 2020](/references/28a7bbd8-d664-4234-9311-2befe0238b5b)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"74629ccd-ae30-4fd4-ae46-2a3e8f1a7534","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"da0727c4-47d2-4548-b84e-3e5bb2597c12","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"5b897642-a5f0-4bf0-9cf4-0254875dba82","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"0abe1c88-6541-4d76-832c-2bdd5fa64de4","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"baa5c8cb-4804-437c-a24c-12b96aaad734","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"02dfd3a2-2f09-4c42-86eb-7f0bfeea6c64","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"8d81282c-6acb-4674-8021-e52d19326c59","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"77ad15c7-b1fc-4ba0-b6eb-eab03306859a","tag":"1da5eb1e-7ac5-4284-99cb-ce227cad8983"},{"id":"186a004b-54d0-4e15-9e44-99c2f7281c8f","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"25221501-b8a9-4ce6-b594-db22bd838c48","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"16186700-ca2f-4e6d-9474-3eed8e56456b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d4606e52-ab3d-4185-873f-4013afb2fb68","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"05ddfce4-966f-41f7-b6f9-e94bdfd4cad3","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"70d8a1b9-f7ec-43ba-96e5-2777aa31f24e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e2922414-dcb4-4ae8-82c3-081e492b5057","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9ae251f9-bef0-4f1e-94ce-51af9b3e6d76","name":"Ntsd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3868","tidal_id":"57ac572e-ed13-5646-babf-9208b03fe518","created":"2026-01-06T18:05:05.380984Z","modified":"2026-01-06T18:05:05.380989Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1cb6bdc5-454d-4d5d-9562-3beaad04fc68","name":"Ntsd.exe","description":"<sup>[[Ntsd.exe - LOLBAS Project](/references/0cbc515d-6799-477e-b831-d2caf9ad155e)]</sup>","source":"USER","associated_software_id":"ddc09c22-1131-4e62-a7da-95630e2eb8c3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"1dbff0ca-67b3-4eff-9370-888482ad9c9d","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"4fdf1219-df4e-4066-9015-0893483229dd","name":"Nuitka","type":"tool","source":"Trellix TIG","software_attack_id":"S3410","tidal_id":"82c078a2-dda8-5655-ad59-6ce61d18ecb8","created":"2025-04-11T15:06:42.948033Z","modified":"2025-04-11T15:06:42.948036Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"087a41a7-64a1-4cfb-a2d9-87faba66f6e3","name":"nvidia-smi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3694","tidal_id":"0a6baf5b-4043-5335-b6a2-cdae2aa84c6c","created":"2025-12-10T14:14:55.373078Z","modified":"2025-12-10T14:14:55.373082Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"0f5e9564-a3b4-46c9-bcb9-6d7923f39ef4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2d49ff8b-ec25-407c-bd99-17f47bbdf949","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cb883310-4f0a-52f5-a770-1dbf1e605a51","name":"OBAD","type":"malware","source":"Mobile","software_attack_id":"S0286","tidal_id":"cb883310-4f0a-52f5-a770-1dbf1e605a51","created":"2026-01-28T13:08:09.938927Z","modified":"2026-01-28T13:08:09.938930Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ab2f9cd8-f6a1-4de5-ad1b-2c8296c8c631","name":"obf-io","type":"tool","source":"Tidal Cyber","software_attack_id":"S3706","tidal_id":"84db3d68-9c3f-5260-b90d-032c38cd4cab","created":"2025-12-10T14:14:57.243891Z","modified":"2025-12-10T14:14:57.243895Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8a89b923-58d9-446b-8ed3-e646b92e9697","name":"obfuscator-io","description":"<sup>[[Arctic Wolf November 25 2025](/references/24a1832e-ffc5-4504-8e47-32ba0be97b0c)]</sup>","source":"USER","associated_software_id":"949e6c28-21f4-4d0f-8690-f0b88a71a6eb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Arctic Wolf November 25 2025](/references/24a1832e-ffc5-4504-8e47-32ba0be97b0c)]</sup>","group_attack_id":"G1020","group_id":"0898e7cb-118e-5eeb-b856-04e56ed18182","name":"Mustard Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2a26182b-98d3-4413-974d-f3247a3ef066","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"12913f36-5081-4b01-b5d0-9e03ffb37765","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"97e8148c-e146-444c-9de5-6e2fdbda2f9f","name":"ObliqueRAT","type":"malware","source":"MITRE","software_attack_id":"S0644","tidal_id":"3cf503b9-4b54-5d16-af4e-f761dbdc74ac","created":"2021-09-08T19:53:27.937000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Talos Oblique RAT March 2021](https://app.tidalcyber.com/references/20e13efb-4ca1-43b2-83a6-c852e03333d7)]</sup><sup>[[Cisco Talos Transparent Tribe Education Campaign July 2022](https://app.tidalcyber.com/references/acb10fb6-608f-44d3-9faf-7e577b0e2786)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5c1aa0cc-cb10-4cbb-b234-bffb52656d9d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"cd4e31ce-f27a-4a9f-ad5f-4d85510adcfe","name":"OBS Browser Page Executable (obs-browser-page.exe)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3796","tidal_id":"df00ca10-dc3f-5ea2-880e-c76524ef341a","created":"2025-12-24T14:57:26.253398Z","modified":"2025-12-24T14:57:26.253401Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","group_attack_id":"G3178","group_id":"3be36063-6383-42b5-ad7e-f41abf84f1ae","name":"Autumn Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"30cc4a08-1202-4776-9bd4-2e258177485d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"05c3a62c-ed4d-4f6b-aebe-fd0bd6549e37","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"31a1c577-963d-412b-b3dd-a5bfd15715eb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f1723994-058b-4525-8e11-2f0c80d8f3a4","name":"OceanSalt","type":"malware","source":"MITRE","software_attack_id":"S0346","tidal_id":"86f1271b-33e6-54a8-a533-52331def0ba1","created":"2019-01-30T15:43:19.105000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8f04e609-8773-4529-b247-d32f530cc453","name":"Octopus","type":"malware","source":"MITRE","software_attack_id":"S0340","tidal_id":"17f660d1-61ad-568a-8e39-1734bd0c3e7a","created":"2019-01-30T13:24:08.616000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Security Affairs DustSquad Oct 2018](https://app.tidalcyber.com/references/0e6b019c-cf8e-40a7-9e7c-6a7dc5309dc6)]</sup><sup>[[Securelist Octopus Oct 2018](https://app.tidalcyber.com/references/77407057-53f1-4fde-bc74-00f73d417f7d)]</sup><sup>[[ESET Nomadic Octopus 2018](https://app.tidalcyber.com/references/50dcb3f0-1461-453a-aab9-38c2e259173f)]</sup> ","group_attack_id":"G0133","group_id":"5f8c6ee0-f302-403b-b712-f1e3df064c0c","name":"Nomadic Octopus","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"cbfbd3c1-15ec-51a2-92f8-4d71bb7dc28e","name":"ODAgent","type":"malware","source":"MITRE","software_attack_id":"S1170","tidal_id":"cbfbd3c1-15ec-51a2-92f8-4d71bb7dc28e","created":"2025-04-22T20:46:57.401445Z","modified":"2025-04-22T20:46:57.401451Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig Downloaders DEC 2023](https://app.tidalcyber.com/references/7f2e0dcb-43a6-59e6-bc44-d01ace24b154)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"99253cf7-4ad5-41a7-8722-571d6d21f61d","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"5adf778a-9175-4054-a147-92d09c7e7fd0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0dd8fad0-9f4a-487d-b3f7-570bd2046e8a","name":"ODAgent (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3155","tidal_id":"6210bc69-40ac-5b5a-829c-e9b33e4797f4","created":"2024-09-04T12:51:11.163064Z","modified":"2024-09-04T12:51:11.163068Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6505fee8-9d34-4781-b494-416f5558b278","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"08a45eb6-5a09-40bf-921e-934ac4643d6f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8898f4de-b392-48f7-8314-f1e4184d09b2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"07805ac7-98f8-49f7-aabc-da816024fd1a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5e434819-7f4a-440c-a9bd-7675c0218be1","name":"Odbcconf","type":"tool","source":"Tidal Cyber","software_attack_id":"S3253","tidal_id":"31cb0807-b428-5319-a1e7-2bdcb438f713","created":"2024-01-12T14:48:01.020637Z","modified":"2024-01-12T14:48:01.020641Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"32c878f9-f44c-48e6-bf26-b2da2a287c76","name":"Odbcconf.exe","description":"<sup>[[LOLBAS Odbcconf](/references/febcaaec-b535-4347-a4c7-b3284b251897)]</sup>","source":"Tidal Cyber","associated_software_id":"b227bbff-8291-4e0d-950d-93785e4058ee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[TrendMicro Cobalt Group Nov 2017](/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9e742294-9065-40d7-b111-4f1cabfea7d1","tag":"64825d12-3cd6-4446-a93c-ff7d8ec13dc8"},{"id":"d89b04e8-2a87-4836-9231-dd54901bd444","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"bf3ac405-3dcf-4619-9f4b-1971dadfd93d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8bc7c62a-110d-451b-9ca6-bc48a13e72d4","name":"OfflineScannerShell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3254","tidal_id":"35f15591-f690-5eb2-aed0-d4fe89db80d4","created":"2024-01-12T14:48:01.415648Z","modified":"2024-01-12T14:48:01.415653Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ea846251-ed63-43b6-a37b-871179b84bce","name":"OfflineScannerShell.exe","description":"<sup>[[OfflineScannerShell.exe - LOLBAS Project](/references/8194442f-4f86-438e-bd0c-f4cbda0264b8)]</sup>","source":"Tidal Cyber","associated_software_id":"bc428876-7d48-4a33-a080-77916fc66ebc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0f2e6876-ef36-42d3-ab69-fd171cb8966e","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"730a0a6b-965b-446b-a76f-4cde057335ea","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9c16bf00-c22b-593d-8653-445722a16c5d","name":"OilBooster","type":"malware","source":"MITRE","software_attack_id":"S1172","tidal_id":"9c16bf00-c22b-593d-8653-445722a16c5d","created":"2025-04-22T20:47:00.318204Z","modified":"2025-04-22T20:47:00.318207Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig Downloaders DEC 2023](https://app.tidalcyber.com/references/7f2e0dcb-43a6-59e6-bc44-d01ace24b154)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d4ca16d0-602f-43e8-ad57-6bcaaeef4da0","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"d978dbe7-b910-4f9e-9963-c48f253291ba","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"01f8ef57-5c22-4dad-9300-12c0b0d63c1f","name":"OilBooster (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3153","tidal_id":"df7731f6-252d-5a26-9798-9f35ae41d20e","created":"2024-09-04T12:51:10.712483Z","modified":"2024-09-04T12:51:10.712487Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4bb0dafd-410a-4e4a-95f7-b6d51185d9d5","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"08231882-1be4-4d8f-a511-3018c969db40","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"bc57d831-4aaf-4ef2-bf68-50b065bc0ae7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"562f3fe3-bca0-416f-ab8c-46dd567b935d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"694f53b5-a54e-5bc6-b58a-0c22771ea3a6","name":"OilCheck","type":"malware","source":"MITRE","software_attack_id":"S1171","tidal_id":"694f53b5-a54e-5bc6-b58a-0c22771ea3a6","created":"2025-04-22T20:46:59.915290Z","modified":"2025-04-22T20:46:59.915293Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig Downloaders DEC 2023](https://app.tidalcyber.com/references/7f2e0dcb-43a6-59e6-bc44-d01ace24b154)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b194b013-410d-446c-9006-b6a57ce4c674","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"ef57450b-5643-498b-b308-7d3f0c9c5e82","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"f41dcc5a-017d-4e79-86c1-c7055bd3b513","name":"OilCheck (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3154","tidal_id":"e9f26216-08a6-501d-8710-d6244a092c16","created":"2024-09-04T12:51:10.940174Z","modified":"2024-09-04T12:51:10.940178Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b4242d0c-3fb3-47c7-b3ee-08f023735bfc","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"c17ef057-8399-4e54-ac13-2788ac6f4537","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a86f5b3f-861f-400e-bded-80a92e52d862","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4260a508-9a66-48ef-825f-810f6bacccd6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f9bcf0a1-f287-44ec-8f53-6859d41e041c","name":"Okrum","type":"malware","source":"MITRE","software_attack_id":"S0439","tidal_id":"03611e4d-e70e-50eb-8fea-06480bd456a5","created":"2020-05-06T21:12:31.535000Z","modified":"2020-05-14T21:17:53.756000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Okrum July 2019](https://app.tidalcyber.com/references/197163a8-1a38-4edd-ba73-f44e7a329f41)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"013f068a-3b31-4003-ac84-a41fe6ef48c9","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"479814e2-2656-4ea2-9e79-fcdb818f703e","name":"OLDBAIT","type":"malware","source":"MITRE","software_attack_id":"S0138","tidal_id":"7541af4a-97ed-5e3d-9cdf-555abd8c0dba","created":"2017-05-31T21:33:18.946000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ec4beff7-13ea-4090-bf36-c8724774e223","name":"Sasfis","description":"","source":"MITRE","associated_software_id":"b710376a-55b9-44c5-8200-c43d2753e16a","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT28](https://app.tidalcyber.com/references/c423b2b2-25a3-4a8d-b89a-83ab07c0cd20)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"846f1c35-3dbd-4a86-8ae7-3093e09d13bd","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"6722d96b-ddcd-5789-9438-035bd2b67271","name":"OldBoot","type":"malware","source":"Mobile","software_attack_id":"S0285","tidal_id":"6722d96b-ddcd-5789-9438-035bd2b67271","created":"2026-01-28T13:08:09.937649Z","modified":"2026-01-28T13:08:09.937651Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"073b5288-11d6-4db0-9f2c-a1816847d15c","name":"Olympic Destroyer","type":"malware","source":"MITRE","software_attack_id":"S0365","tidal_id":"f28e51f6-63e7-54e4-b039-c03ba0da952e","created":"2019-03-25T14:07:22.547000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike GTR 2019](https://app.tidalcyber.com/references/d6aa917e-baee-4379-8e69-a04b9aa5192a)]</sup><sup>[[Secureworks IRON VIKING ](https://app.tidalcyber.com/references/900753b3-c5a2-4fb5-ab7b-d38df867077b)]</sup><sup>[[US District Court Indictment GRU Unit 74455 October 2020](https://app.tidalcyber.com/references/77788d05-30ff-4308-82e6-d123a3c2fd80)]</sup><sup>[[UK NCSC Olympic Attacks October 2020](https://app.tidalcyber.com/references/93053f1b-917c-4573-ba20-99fcaa16a2dd)]</sup><sup>[[Trend Micro Cyclops Blink March 2022](https://app.tidalcyber.com/references/64e9a24f-f386-4774-9874-063e0ebfb8e1)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7f8dcfb4-bbf8-4d89-a974-5d747eca7b70","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"49ef42bc-0958-4b61-9593-a4af69432410","name":"OneDriveStandaloneUpdater","type":"tool","source":"Tidal Cyber","software_attack_id":"S3255","tidal_id":"e028c75b-bec8-52b3-ad73-aa69fceabcbc","created":"2024-01-12T14:48:01.811914Z","modified":"2024-01-12T14:48:01.811919Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8833926e-499b-4d7a-a0b5-cbe512a958df","name":"OneDriveStandaloneUpdater.exe","description":"<sup>[[OneDriveStandaloneUpdater.exe - LOLBAS Project](/references/3d7dcd68-a7b2-438c-95bb-b7523a39c6f7)]</sup>","source":"Tidal Cyber","associated_software_id":"b893fa8c-a561-4e33-b1f5-fb2b176530df","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"acd079d9-d3bf-437c-b7d9-cf352ccf87c6","tag":"b6116080-8fbf-4e9f-9206-20b025f2cf23"},{"id":"5f3a3608-3bf9-477e-9e7a-b71dc4172df9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"23213d66-563f-4d21-af2a-6a1a2f8024e5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6056bf36-fb45-498d-a285-5f98ae08b090","name":"OnionDuke","type":"malware","source":"MITRE","software_attack_id":"S0052","tidal_id":"a8c1bc20-3f94-5df7-b9d4-bb168ce783c2","created":"2017-05-31T21:32:37.341000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"dc69ca10-72bd-43ea-88f1-b4ecaa396641","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"33efea8d-c7fe-4384-93b9-a1ea556a77da","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"4f1894d4-d085-4348-af50-dfda257a9e18","name":"OopsIE","type":"malware","source":"MITRE","software_attack_id":"S0264","tidal_id":"1b972e0d-7b66-507b-b6f6-efee796a290a","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 OopsIE! Feb 2018](https://app.tidalcyber.com/references/d4c2bac0-e95c-46af-ae52-c93de3d92f19)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6b55a334-762d-4c92-a67d-73b558dea0d0","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"54030309-671d-4e4b-b9c0-619cd07f5e05","name":"OpenConsole","type":"tool","source":"Tidal Cyber","software_attack_id":"S3351","tidal_id":"ae450be2-393b-50b1-a8e3-66c879a9e7dc","created":"2024-01-12T14:48:36.795752Z","modified":"2024-01-12T14:48:36.795755Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aac485ed-3b0e-4981-b734-3d4f35bd3117","name":"OpenConsole.exe","description":"<sup>[[OpenConsole.exe - LOLBAS Project](/references/e597522a-68ac-4d7e-80c4-db1c66d2da04)]</sup>","source":"Tidal Cyber","associated_software_id":"a3c7988f-9ac2-4f7a-ab9d-eb91e905e7a0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"163b5ffb-0d79-44c0-a978-a9667a60840d","tag":"1dd2d703-fed1-41d2-9843-7b276ef3d6f2"},{"id":"52c93210-c164-44b7-ae3f-f76eb7a82936","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"26ca2901-1342-4b8c-9403-aa7b18f0d422","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5edec691-d2f1-4928-a12d-1ff59ba959a6","name":"OpenSSH","type":"tool","source":"Tidal Cyber","software_attack_id":"S3017","tidal_id":"a6fd9131-bc9d-5fdc-8ed3-cc300ce17322","created":"2024-03-07T21:01:07.280870Z","modified":"2024-03-07T21:01:07.280874Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dbe5f2c1-aaad-4dea-a683-7efc71efc5e5","name":"ssh.msi","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"44b7f1ba-9c4d-48b2-bf9f-2f0c4fd5703f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rapid7 Blog 5 10 2024](/references/ba749fe0-1ac7-4767-85df-97e6351c37f9)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"59c3d436-bd87-4877-87e8-b0f85fd77695","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"2f3c74b7-ea65-42f0-9c25-2c096e3dcb3f","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"198ac6a4-69ee-4b4f-8678-e38e40916fbb","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"13d24554-1dee-4b04-9d6f-87c6dc1de394","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"81c0fc35-5716-4aa2-b7f7-6d5ed248c5a9","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"07ad9e7f-e268-47c9-b041-1758b739e677","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"408964a4-a6b6-438c-85cf-cadda6ad77a5","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"0f425bdc-9cb3-4291-83b0-f6e947900f82","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"f9312aae-1b35-4647-a4c7-5604dc024dca","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9c9b597c-6804-4919-8494-2355a085a9c7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"51a9aba5-6744-4eb9-83a2-fb5bac5d432b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ae0df40e-d8cf-42ae-9cc3-b50ea9ea6193","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"51083ce7-2db6-4367-a538-17ec72c579b1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"ef587c8b-f3b1-4346-b7bb-68dd2630969a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"ecdae0c5-7b4f-408a-afe9-1a16ba0781e2","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"f40f119f-2924-48cb-a6b7-55941e8fbf1d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"c92f1b0c-f0f4-491e-ab52-72b44f82fde0","name":"OpenSSL","type":"tool","source":"Tidal Cyber","software_attack_id":"S3549","tidal_id":"6828d10d-d660-525a-8684-d48146153e9f","created":"2025-09-15T19:14:01.194568Z","modified":"2025-09-15T19:14:01.194573Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b43879e3-000e-48d9-837e-5130ab23cf8f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"dbd65a94-2279-4183-8256-a4c3387ace5c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"9136f6e2-f300-49bc-b3e5-c7d6ebf77735","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4f3ea544-77f9-4f1d-a3d7-86bdf68c7726","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"40d8c99d-c580-4248-8abe-90cc3228cfc1","name":"OPENVAS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3760","tidal_id":"9b251ffb-e0f4-52a0-84a0-225112d2e00f","created":"2025-12-17T14:18:50.831067Z","modified":"2025-12-17T14:18:50.831071Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3006","group_id":"7c1a627e-7ea8-4919-a590-7637f1c887f3","name":"NoName057(16)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3035","group_id":"411e005e-95a4-4805-8296-0accf902d08d","name":"Cyber Army of Russia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3168","group_id":"11cc9126-532c-4c37-944f-d4585840ead8","name":"Sector16","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3169","group_id":"34358e71-38c5-44e3-8467-6c84ab9eba4a","name":"Z-Pentest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"752d880d-a3e1-47cf-b652-6f4477b93daf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"53680a70-736c-4dd7-98b0-1f6b3304237b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"45a52a29-00c0-458a-b705-1040e06a43f2","name":"Orz","type":"malware","source":"MITRE","software_attack_id":"S0229","tidal_id":"3540edec-57e1-5905-8874-b680b7ee6068","created":"2018-04-18T17:59:24.739000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c12c69fa-49ac-402f-b67c-2d9581a6d873","name":"AIRBREAK","description":"<sup>[[FireEye Periscope March 2018](https://app.tidalcyber.com/references/8edb5d2b-b5c4-4d9d-8049-43dd6ca9ab7f)]</sup>","source":"MITRE","associated_software_id":"aa558e34-f3ca-443e-b067-a6a88ee46cf6","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Proofpoint Leviathan Oct 2017](https://app.tidalcyber.com/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)]</sup><sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup><sup>[[Accenture MUDCARP March 2019](https://app.tidalcyber.com/references/811d433d-27a4-4411-8ec9-b3a173ba0033)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d8004e8e-c2c2-44cf-9197-9f3a585da2aa","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"be0465d7-ec51-49ff-a537-81eac01c3897","name":"osascript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3780","tidal_id":"a1d9318e-75ca-5fb2-844b-6fcf0a9f01d8","created":"2025-12-17T14:18:53.892360Z","modified":"2025-12-17T14:18:53.892364Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro September 04 2025](/references/a8f04ece-adbd-4319-b62f-2554d287a61e)]</sup>","group_attack_id":"G3177","group_id":"29243321-228e-4d45-99a3-848c7fc1dbd1","name":"Water Daruanak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f27b518f-1df0-4bc8-b1c9-5e8abb28abe0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8eeedaa5-ba86-49ca-82c0-d0fa60ba46d6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fa1e13b8-2fb7-42e8-b630-25f0edfbca65","name":"OSInfo","type":"malware","source":"MITRE","software_attack_id":"S0165","tidal_id":"ccf3aa4b-30ee-5f64-aa1f-5bee01ce4fd0","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Buckeye](https://app.tidalcyber.com/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]</sup>","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a45904b5-0ada-4567-be4c-947146c7f574","name":"OSX_OCEANLOTUS.D","type":"malware","source":"MITRE","software_attack_id":"S0352","tidal_id":"cb931aad-9e9d-56e4-af04-18cd98cc7577","created":"2019-01-30T19:18:19.667000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"de23bf36-160a-42cc-9971-eb157ca839a2","name":"Backdoor.MacOS.OCEANLOTUS.F","description":"<sup>[[Trend Micro MacOS Backdoor November 2020](https://app.tidalcyber.com/references/43726cb8-a169-4594-9323-fad65b9bae97)]</sup>","source":"MITRE","associated_software_id":"f89703da-6631-4e60-be1c-0ecbe5a6f738","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[TrendMicro MacOS April 2018](https://app.tidalcyber.com/references/e18ad1a7-1e7e-4aca-be9b-9ee12b41c147)]</sup><sup>[[Amnesty Intl. Ocean Lotus February 2021](https://app.tidalcyber.com/references/a54a2f68-8406-43ab-8758-07edd49dfb83)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"259f66b7-5971-4f17-8949-58fcf16c1cfd","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4d91d625-21d8-484a-b63f-0a3daa4ed434","name":"OSX/Shlayer","type":"malware","source":"MITRE","software_attack_id":"S0402","tidal_id":"78a8ada5-508b-5b05-9615-86f5aa97ef4e","created":"2019-08-29T18:52:20.879000Z","modified":"2022-10-19T16:35:18.493000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"f8142c74-2903-484a-a367-d8d93f678e00","name":"Crossrider","description":"<sup>[[Intego Shlayer Apr 2018](https://app.tidalcyber.com/references/3ca1254c-db51-4a5d-8242-ffd9e4481c22)]</sup><sup>[[Malwarebytes Crossrider Apr 2018](https://app.tidalcyber.com/references/80530288-26a3-4c3e-ace1-47510df10fbd)]</sup>","source":"MITRE","associated_software_id":"1420094e-351e-4294-b59b-52d2da2724b8","owner_id":null,"owner_name":null},{"id":"1dffb83e-06ed-4ee8-8084-f972c8bdf5f6","name":"Zshlayer","description":"<sup>[[sentinelone shlayer to zshlayer](https://app.tidalcyber.com/references/17277b12-af29-475a-bc9a-0731bbe0bae2)]</sup>","source":"MITRE","associated_software_id":"b7c33058-21b0-46df-988c-88dfab53e83a","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"c07e8c88-5361-4506-9f00-b321b366941a","name":"OtterCandy","type":"malware","source":"Tidal Cyber","software_attack_id":"S3673","tidal_id":"3a414e38-1016-5c78-8e6f-ce0ce933943e","created":"2025-12-10T14:14:51.949453Z","modified":"2025-12-10T14:14:51.949457Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None October 15 2025](/references/7b7e55d7-7f17-4433-8972-737007c4b734)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8db10a7c-7192-4f60-a744-749933adb83e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"adb52146-21ee-42aa-9f77-75997a36ce18","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5cfd9a5e-34dd-4cd3-9c52-c44b5223dbac","name":"OtterCookie","type":"malware","source":"Tidal Cyber","software_attack_id":"S3489","tidal_id":"6d3bf5fd-a534-5be2-9c0c-e74fdba7f754","created":"2025-06-03T14:14:46.538701Z","modified":"2025-06-03T14:14:46.538706Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[NTT Security Holdings May 8 2025](/references/e42d25ec-c31d-41e4-8d86-d46a7bccd0c8)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"483457d6-ea3b-4c65-9530-c329aee27c04","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"db126735-59c3-4a44-a157-b3486e5f18b9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5efff2ba-e465-411a-99e8-9eb0e7a04852","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"273b1e8d-a23d-4c22-8493-80f3d6639352","name":"Out1","type":"tool","source":"MITRE","software_attack_id":"S0594","tidal_id":"a17b5526-3f9d-5de4-a902-53bf2962f9d4","created":"2021-03-19T13:11:50.666000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Muddy Water March 2021](https://app.tidalcyber.com/references/16b4b834-2f44-4bac-b810-f92080c41f09)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"042fe42b-f60e-45e1-b47d-a913e0677976","name":"OutSteel","type":"malware","source":"MITRE","software_attack_id":"S1017","tidal_id":"74763dcf-d09a-51f9-94e4-c9e4c4005170","created":"2022-06-09T16:07:23.821000Z","modified":"2022-06-09T18:53:30.145000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[OutSteel](https://app.tidalcyber.com/software/042fe42b-f60e-45e1-b47d-a913e0677976) is uniquely associated with [Saint Bear](https://app.tidalcyber.com/groups/eb64ce69-f106-5e8e-8efd-a29385a05973) as a post-exploitation document collection and exfiltration tool.<sup>[[Palo Alto Unit 42 OutSteel SaintBot February 2022 ](https://app.tidalcyber.com/references/b0632490-76be-4018-982d-4b73b3d13881)]</sup>","group_attack_id":"G1031","group_id":"eb64ce69-f106-5e8e-8efd-a29385a05973","name":"Saint Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9863f875-3217-4b00-8f48-7b186e937a75","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"0c645029-ad8b-4152-a5ae-e3fd51f8ec0d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"6d8a8510-e6f1-49a7-b3a5-bd4664937147","name":"OwaAuth","type":"malware","source":"MITRE","software_attack_id":"S0072","tidal_id":"68afd00e-5176-5dbe-ac41-d3369233bfb2","created":"2017-05-31T21:32:47.412000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"79f299bb-46dc-4a02-aba9-f6cc2ad3d59b","name":"OysterLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3624","tidal_id":"7bd2409c-1ea1-5d2a-96ae-8b24b6dccac8","created":"2025-11-11T13:26:34.470588Z","modified":"2025-11-11T13:26:34.470594Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9c578a8e-43d0-495a-b62b-4c4530a54da8","name":"CleanUpLoader","description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","source":"USER","associated_software_id":"2f007730-1eda-4a56-9224-91b2414d5b6d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"61e1b4bf-3d92-4161-b159-29a5ba996e9e","name":"Broomstick","description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","source":"USER","associated_software_id":"af5fdeb5-4701-4558-b7db-15fd59d8c2af","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Expel October 31 2025](/references/ce92580a-66f0-431c-9ee8-7efec2bd4585)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"bd94d8c5-4bff-46f9-a761-7127f9748b26","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"14480f60-7b70-4c94-9183-ff14bcf95009","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"94b23fcc-da50-44e8-9c7d-55edc1b53374","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"916f8a7c-e487-4446-b6ee-c8da712a9569","name":"P2P ZeuS","type":"malware","source":"MITRE","software_attack_id":"S0016","tidal_id":"521eea88-bdf4-5263-b899-f94d48e77a6a","created":"2017-05-31T21:32:16.715000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0be03191-fd13-4d31-b7b3-128c37e9e774","name":"Peer-to-Peer ZeuS","description":"","source":"MITRE","associated_software_id":"a9205e41-8ef6-4b3a-9477-f6b673668d11","owner_id":null,"owner_name":null},{"id":"f7872aaf-38e2-46a6-af91-805e19096d3b","name":"Gameover ZeuS","description":"","source":"MITRE","associated_software_id":"af301e1b-5252-41eb-8802-9c5129d40091","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"1933ad3d-3085-4b1b-82b9-ac51b440e2bf","name":"P8RAT","type":"malware","source":"MITRE","software_attack_id":"S0626","tidal_id":"142771f4-a468-502e-b707-a33766510ec9","created":"2021-06-21T15:02:47.928000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed0a3867-3af0-4687-aa35-2484bd705527","name":"GreetCake","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"d1748d73-27f8-4bf1-a8cf-fcc82cebffbc","owner_id":null,"owner_name":null},{"id":"f6ef8ff8-913c-470d-b669-a2a1aab38312","name":"HEAVYPOT","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"42353f34-77f6-4928-ae59-e3c9518ef1ba","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"13856c51-d81c-5d75-bb6a-0bbdcc857cdd","name":"PACEMAKER","type":"malware","source":"MITRE","software_attack_id":"S1109","tidal_id":"f4e154b1-f6d1-5e1e-8a30-52fb46e5cdd8","created":"2024-04-25T13:28:19.209466Z","modified":"2024-04-25T13:28:19.209469Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e90eb529-1665-5fd7-a44e-695715e4081b","name":"Pacu","type":"tool","source":"MITRE","software_attack_id":"S1091","tidal_id":"ece187ab-2a4a-59ac-b7c5-f093116f4a1f","created":"2023-11-07T00:35:50.553250Z","modified":"2023-11-07T00:35:50.553255Z","platforms":[{"id":"69826802-7b16-5c4e-92f5-72f9354e29e5","name":"GCP"},{"id":"996aa968-bd71-5b30-9b76-eaab9a19a1c8","name":"AWS"},{"id":"6724c79a-34f2-51ed-8644-a6c106ccadd2","name":"Azure"},{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sysdig Scarleteel February 28 2023](/references/18931f81-51bf-44af-9573-512ccb66c238)]</sup>","group_attack_id":"G3032","group_id":"788ffbf6-1a36-481a-a504-bbcd9f907886","name":"SCARLETEEL","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"62c88c5a-1ce8-4cf1-8274-b9ad85458a95","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"},{"id":"4d8074cf-5e0f-466e-8f93-e63e78d735a2","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"7786ec1e-83d7-4456-8a21-afabcc3007eb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"17b4ad2e-9ed8-4a9f-a66e-fe8e2d5f91c3","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"abc727ea-62a6-4562-9aa9-8154c64445fc","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"d85de01c-f27a-419f-b8f7-fae44b302994","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"d47685c2-3852-5725-8ea1-6b7ec4b60079","name":"PAKLOG","type":"malware","source":"MITRE","software_attack_id":"S1233","tidal_id":"d47685c2-3852-5725-8ea1-6b7ec4b60079","created":"2025-10-29T21:08:48.110534Z","modified":"2025-10-29T21:08:48.110536Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Zscaler PAKLOG CorkLog SplatCloak Splatdropper April 2025](https://app.tidalcyber.com/references/499c7ced-17e7-592b-ad58-5e3a40328554)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a4cf9986-9fb2-518c-bd1b-24785108c5ff","name":"Pallas","type":"malware","source":"Mobile","software_attack_id":"S0399","tidal_id":"a4cf9986-9fb2-518c-bd1b-24785108c5ff","created":"2026-01-28T13:08:09.938812Z","modified":"2026-01-28T13:08:09.938813Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[Lookout Dark Caracal Jan 2018](https://app.tidalcyber.com/references/c558f5db-a426-4041-b883-995ec56e7155)]</sup>","group_attack_id":"G0070","group_id":"7ad94dbf-9909-42dd-8b62-a435481bdb14","name":"Dark Caracal","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"320b0784-4f0f-46ea-99e9-c34bfcca1c2e","name":"Pandora","type":"malware","source":"MITRE","software_attack_id":"S0664","tidal_id":"5027c8c4-9197-51a5-9a33-a0ab54969553","created":"2021-11-29T19:53:06.360000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":" <sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup><sup>[[SecureWorks BRONZE STARLIGHT Ransomware Operations June 2022](https://app.tidalcyber.com/references/0b275cf9-a885-58cc-b859-112090a711e3)]</sup><sup>[[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)]</sup><sup>[[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]</sup>","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"24b8d4f4-f53e-474f-8829-386ff69c5675","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"02072754-a9fd-4f7c-a273-cba98d13183a","name":"PanicBotnet","type":"malware","source":"Tidal Cyber","software_attack_id":"S3516","tidal_id":"8a9a40be-e303-5372-9ec7-0fe5e61b55da","created":"2025-08-06T14:57:16.889474Z","modified":"2025-08-06T14:57:16.889477Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Intel471 Pro-Russian Hacktivism July 2 2025](/references/eebfb4d2-883e-4456-8e3a-79627471022f)]</sup>","group_attack_id":"G3118","group_id":"3ab35de9-6daa-4a69-9f0d-76ba1624883d","name":"IT Army of Russia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9f6820e1-875b-4edb-ab74-7773515dff48","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"6c97d524-2edc-47c5-b54c-5ae6905ac392","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e3277ec2-85c1-47b4-ad4f-ab1f0bff9edc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3f018e73-d09b-4c8d-815b-8b2c8faf7055","name":"Pasam","type":"malware","source":"MITRE","software_attack_id":"S0208","tidal_id":"a3751570-76ee-5b21-a165-f93f2957dc9f","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8d007d52-8898-494c-8d72-354abd93da1e","name":"Pass-The-Hash Toolkit","type":"tool","source":"MITRE","software_attack_id":"S0122","tidal_id":"21cbf6b8-a6b3-5961-907c-3e3c3026fed4","created":"2017-05-31T21:33:11.426000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e12e1de8-a0d9-4602-8264-5952106bd53c","name":"PasswordFox","type":"tool","source":"Tidal Cyber","software_attack_id":"S3039","tidal_id":"a3f604bd-41b2-50a9-adce-fbf6f98a0364","created":"2023-08-18T18:56:22.272289Z","modified":"2023-08-18T18:56:22.272297Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"64a4a1d4-1ee7-46a1-8772-49e4f0880dbe","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6cd9630e-7a0f-496f-84ea-cde37650fa08","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"3f910bc9-48be-4a01-83ce-65c8d0d98289","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"89e99fae-eac3-4844-9b77-7191d980d785","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"c1b7c2e6-d463-4e1e-beb6-5b82f85efe1e","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f3e3bf47-59f7-48d9-9c1d-babfe7ec5294","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"fde56359-ad77-453f-a8a9-6b22a6f4eac7","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f7363d19-b15b-494c-bdab-7e3e581b9666","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"1a71b9fe-c5a1-4554-b9c9-a3aa5c14d5e5","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d745d427-222d-4580-b8cd-fd588cf84b93","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"dca3834c-57d4-425c-98ae-3eb34d65a750","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4d79530c-2fd9-4438-a8da-74f42119695a","name":"P.A.S. Webshell","type":"malware","source":"MITRE","software_attack_id":"S0598","tidal_id":"61f31b9d-dd74-59a9-8023-cf3e67487418","created":"2021-04-13T12:46:58.579000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"36b3f358-eef6-486a-a1a3-f5847161ea83","name":"Fobushell","description":"<sup>[[NCCIC AR-17-20045 February 2017](https://app.tidalcyber.com/references/b930e838-649b-42ab-86dc-0443667276de)]</sup>","source":"MITRE","associated_software_id":"0d76d9ee-8696-42f9-9f34-52f3ad265995","owner_id":null,"owner_name":null}],"groups":[{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [P.A.S. Webshell](https://app.tidalcyber.com/software/4d79530c-2fd9-4438-a8da-74f42119695a) during intrusions.<sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ANSSI Sandworm January 2021](https://app.tidalcyber.com/references/5e619fef-180a-46d4-8bf5-998860b5ad7e)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"950bdbe2-aa63-4794-9752-0e8c492c8d09","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"9aa21e50-726e-4002-8b7b-75697a03eb2b","name":"Pay2Key","type":"malware","source":"MITRE","software_attack_id":"S0556","tidal_id":"b9a6aa1f-0064-57bf-ad3b-6c9a88afc66c","created":"2021-01-04T15:12:14.805000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ClearkSky Fox Kitten February 2020](https://app.tidalcyber.com/references/a5ad6321-897a-4adc-9cdd-034a2538e3d6)]</sup><sup>[[Check Point Pay2Key November 2020](https://app.tidalcyber.com/references/e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c057795c-32a9-4910-a4b7-a8d04cb96fee","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"714bdcb2-6971-4bb4-aec4-955b17606241","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"baf91f9d-3ff7-4daa-a069-c1b79bb63ff4","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"00daafc4-8bf1-4447-b24f-1580263124f5","name":"Pcalua","type":"tool","source":"Tidal Cyber","software_attack_id":"S3256","tidal_id":"7ecb390f-d70a-5b79-af7f-0ea970f50882","created":"2024-01-12T14:48:02.215254Z","modified":"2024-01-12T14:48:02.215258Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"55d4ab86-c70c-4493-9f20-2077490175e8","name":"Program Compatibility Assistant","description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","source":"USER","associated_software_id":"8b7490ca-baa1-4911-b8d3-0a5ba8b5f5df","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"82d71795-9826-4ab2-b6d7-37c902cc0b50","name":"Pcalua.exe","description":"<sup>[[Pcalua.exe - LOLBAS Project](/references/958064d4-7f9f-46a9-b475-93d6587ed770)]</sup>","source":"Tidal Cyber","associated_software_id":"4a3504d3-5ff3-4aa1-8894-74fabf92d922","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[www.trellix.com October 22 2025](/references/a14fa007-b9de-4bc5-9431-d416bdc7b24d)]</sup>","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"d4ca709c-ebfe-4090-9621-638fc1d8a614","tag":"074533ec-e14a-4dc3-98ae-c029904e3d6d"},{"id":"caac5dd8-5b59-48a6-8bff-721b484e51bd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"11bbcb97-6dd3-4f03-8e5b-02711b4bf2f4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"873ede85-548b-5fc0-a29e-80bd5afc5bf4","name":"Pcexter","type":"malware","source":"MITRE","software_attack_id":"S1102","tidal_id":"811a3466-cc29-522d-8f40-152b13a75984","created":"2024-04-25T13:28:22.001575Z","modified":"2024-04-25T13:28:22.001578Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"591acc39-1218-4710-aadc-150ae6475ee3","name":"PCHunter","type":"tool","source":"Tidal Cyber","software_attack_id":"S3040","tidal_id":"de32363c-ab04-5214-b8da-00c5af1ad3a0","created":"2023-08-18T18:56:22.524880Z","modified":"2023-08-18T18:56:22.524888Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b62cabf0-04bd-4852-86fa-9a34e346e7ea","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"bb904c9e-2b3a-4fb6-bac6-9664629380ff","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"ea53fb8b-2052-4c3d-bf2a-f22e103d788d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"6777331e-d88d-4363-896e-ac53d12881cb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"beadc0db-3b09-4aaa-a983-003802badc47","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"b728a521-72f2-4252-a6e9-f5d2046e6266","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"ddc63a57-ac5f-4ce2-862b-785f63c84642","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"6cee8bc0-2e12-40f2-98ed-cb104413c4f8","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"88693d3d-8be6-459b-9349-762d8d2d2199","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"73135084-d3c0-4e09-9f0a-1606e5f92056","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f411b686-7945-40ee-9ed0-bb48b1b8c24c","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"c65e92c0-2b10-4210-a2a9-c2e683fb96be","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"12100253-5284-4d53-8697-6bfc99f60fa1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f899f5c9-de67-42d9-8613-7508120437e4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"71eb2211-39aa-4b89-bd51-9dcabd363149","name":"PcShare","type":"tool","source":"MITRE","software_attack_id":"S1050","tidal_id":"34387b0d-69d9-5ffd-8e0d-eeee9961c895","created":"2022-10-13T14:07:52.541000Z","modified":"2022-10-13T14:12:41.582000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Secureworks BRONZE FLEETWOOD Profile](https://app.tidalcyber.com/references/4fbb113c-94b4-56fd-b292-1ccf84e1c8f3)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"585f1b59-7fa1-4d45-b0c4-f87a3c9e7074","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"7babb537-ec29-425a-9108-43d1619e02b5","name":"Pcwrun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3257","tidal_id":"e7e001eb-7854-51d3-acc5-e5fef3b77ebe","created":"2024-01-12T14:48:02.646774Z","modified":"2024-01-12T14:48:02.646778Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"abcc649b-45a1-4c46-b6a7-8e7954e244a8","name":"Pcwrun.exe","description":"<sup>[[Pcwrun.exe - LOLBAS Project](/references/b5946ca4-1f1b-4cba-af2f-0b99d6fff8b0)]</sup>","source":"Tidal Cyber","associated_software_id":"3bc797f7-59bc-4ce6-8cf9-e533e317aaa8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dc61a965-345e-4817-b520-a432f0257dd2","tag":"62496b72-7820-4512-b3f9-188464bb8161"},{"id":"1becf3ba-630d-436f-bd6a-f900351d7819","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b56699e6-71e7-45ca-bec5-d84afda4773c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"47ba2c2c-b4f3-48dc-878f-b8cab6d97f65","name":"Pcwutl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3314","tidal_id":"50335706-9593-5819-8b58-f8f870b5dba9","created":"2024-01-12T14:48:22.831994Z","modified":"2024-01-12T14:48:22.831998Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c59ec19a-7478-4186-9ba6-81728661f265","name":"Pcwutl.dll","description":"<sup>[[Pcwutl.dll - LOLBAS Project](/references/1050758d-20da-4c4a-83d3-40aeff3db9ca)]</sup>","source":"Tidal Cyber","associated_software_id":"f464e0cd-7a76-4924-9473-90f334f886ce","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8e9f61a0-1ffd-4b8a-9975-f6f18a152690","tag":"ff5c357e-6b9b-4ef3-a7ed-e5d4c0091c0c"},{"id":"d9d847a8-2966-4db5-b4f8-fc911c1a432d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"61e177ed-65fd-4066-b4e2-508fa9aef74c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3658625d-b63b-4ec7-804f-5f2e7369cbc5","name":"PDQ Deploy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3447","tidal_id":"2e087b8f-bd6a-5f9e-b8d6-4a5ba6a2fe3a","created":"2025-03-17T18:33:48.322963Z","modified":"2025-03-17T18:33:48.322967Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a7906883-23fd-40bd-b645-43ee4fcadb5c","name":"PDQ","description":"<sup>[[Huntress December 18 2025](/references/990fe0c2-253d-467c-a16f-0f006cdeb618)]</sup>","source":"USER","associated_software_id":"e02c354e-0371-480e-bce4-6ee5ebed4de2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0b666907-251e-43d5-a205-9b6687031116","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a9fe3f2d-6b38-48fe-aac6-a893dbab722a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f48a2d1f-b498-4e22-8840-e61bb07e1af4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"36744d5a-47ce-4446-b358-bf61df48330a","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"545d5c70-fdd6-46c3-b870-5fbb83582148","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"33e29797-390c-464e-acb4-ab0991bb2576","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9de5451a-791a-4db5-a3ed-996f02ea821c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c9320712-1e90-4699-bf24-31d8091e22d2","name":"PDQ Inventory","type":"tool","source":"Tidal Cyber","software_attack_id":"S3448","tidal_id":"46639db9-c50a-540b-9079-a4b4a05155e6","created":"2025-03-17T18:33:48.496675Z","modified":"2025-03-17T18:33:48.496679Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"55f42ba4-2a38-47dc-8502-d1a540bbbd0e","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"bfe27e7e-abaa-4984-9e59-cb30407d01e7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"42f697eb-1f92-4d9f-bb03-a5e3d608b78a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"8bf0cfea-250a-4f0b-a412-faea27c938d8","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"5a688360-16e4-4860-b9b1-626b41e547dd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8e15a6a5-8bcc-4201-b010-c1b3af96a074","name":"PEAKLIGHT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3424","tidal_id":"a7713233-64fd-5c0e-8ed6-cf949cfcc1eb","created":"2025-02-11T18:20:39.431354Z","modified":"2025-02-11T18:20:39.431358Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7ad7f820-87f6-4dd7-afaa-d91c2a4933d6","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"ddaf1ee8-1306-4846-8008-d1574b0ebc5f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"872f1dbd-264d-4b18-a979-3026b33968b2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"17f9bc8e-6ceb-4345-83b9-1252804344b3","name":"PeaZip","type":"tool","source":"Tidal Cyber","software_attack_id":"S3492","tidal_id":"4974a48f-32d9-54ef-9a4f-addfe8ef8f69","created":"2025-06-10T15:50:59.287040Z","modified":"2025-06-10T15:50:59.287043Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3ea325a6-05d0-48d0-956a-5d330805aeca","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"d2dabd34-68c0-4944-9e37-3cda6447dcb1","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"546b8571-bbc7-4c11-8bff-ae54fcd9ebe5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"6b8d2440-972b-405b-bd06-3745e3c9d0a5","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"2794d8ab-5422-405b-88de-0218b71433e2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c4073a03-dc39-4e03-9438-d609dcdca7d4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd0f53e2-b7a6-48a6-9bf4-612c5bd749dc","name":"PebbleDash","type":"malware","source":"Tidal Cyber","software_attack_id":"S3425","tidal_id":"81bc690c-391e-5968-bcb1-67bd4790d2d4","created":"2025-02-11T18:20:39.674138Z","modified":"2025-02-11T18:20:39.674142Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Blogger June 1 2020](/references/13b1769f-e845-4465-8911-234d8737a617)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ASEC PebbleDash December 21 2021](/references/cd71395a-9b7f-4b38-9ca7-337f9bcf1598)]</sup><sup>[[AhnLab February 3 2025](/references/c40f03ac-5df2-44c4-975a-86e6282da359)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"94552444-3c84-476e-9f44-c7dedfe8e8e7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8fb0a83f-868e-4dcc-b77a-d1d5e11b64a4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"29c5416e-bd02-40a4-b405-a21fbd034b86","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"56668d87-83a9-4697-a015-5d352def0a07","name":"PeerBlight","type":"malware","source":"Tidal Cyber","software_attack_id":"S3754","tidal_id":"ecfeec96-7573-5d51-959d-47a4610380b5","created":"2025-12-17T14:18:49.911496Z","modified":"2025-12-17T14:18:49.911499Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"3f113fd9-cb77-4dd5-b89a-d7e463c96786","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"46883d63-d1fc-4ba5-90bd-e02675830bab","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"de214908-7840-5167-8dba-88254ba4a460","name":"Pegasus for Android","type":"malware","source":"Mobile","software_attack_id":"S0316","tidal_id":"de214908-7840-5167-8dba-88254ba4a460","created":"2026-01-28T13:08:09.938489Z","modified":"2026-01-28T13:08:09.938491Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"4bc633f7-e057-4ea4-a0fa-204b3d4531fe","name":"Chrysaor","description":"<sup>[[Lookout-PegasusAndroid](https://app.tidalcyber.com/references/fff4625a-69de-5c06-89b2-8284936b8438)]</sup> <sup>[[Google-Chrysaor](https://app.tidalcyber.com/references/b921567d-1d36-57a7-abcd-514bf21446bb)]</sup>","source":"Mobile","associated_software_id":"046f1e96-b7d7-58e2-9a1e-890fa9bd0f94","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"3c0e0655-a53a-506a-bd0d-84821137aa18","name":"Pegasus for iOS","type":"malware","source":"Mobile","software_attack_id":"S0289","tidal_id":"3c0e0655-a53a-506a-bd0d-84821137aa18","created":"2026-01-28T13:08:09.937947Z","modified":"2026-01-28T13:08:09.937948Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"52a19c73-2454-4893-8f84-8d05c37a9472","name":"Peirates","type":"tool","source":"MITRE","software_attack_id":"S0683","tidal_id":"2111679f-c9ac-5ed8-b28b-7c65dd2f1f29","created":"2022-02-08T16:11:38.528000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[{"description":"<sup>[[TeamTNT Cloud Enumeration](https://app.tidalcyber.com/references/a672b74f-1f04-4d3a-84a6-1dd50e1a9951)]</sup>","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Sysdig Scarleteel February 28 2023](/references/18931f81-51bf-44af-9573-512ccb66c238)]</sup>","group_attack_id":"G3032","group_id":"788ffbf6-1a36-481a-a504-bbcd9f907886","name":"SCARLETEEL","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4c65065d-eccc-4bfc-add9-c977a873af38","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"e4c601ab-fcfb-4249-ac59-b5a0a6412c30","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"},{"id":"416b2fcf-5788-46e3-b832-60742fbd8ad5","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"951fad62-f636-4c01-b924-bb0ce87f5b20","name":"Penquin","type":"malware","source":"MITRE","software_attack_id":"S0587","tidal_id":"51055d89-e034-50a6-81b8-e4599d5fab6a","created":"2021-03-11T15:06:57.934000Z","modified":"2022-10-20T04:12:29.037000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"811dc1ed-6ce8-494c-80fa-16836aab6f42","name":"Penquin_x64","description":"<sup>[[Leonardo Turla Penquin May 2020](https://app.tidalcyber.com/references/09d8bb54-6fa5-4842-98aa-6e9656a19092)]</sup>","source":"MITRE","associated_software_id":"42c40368-672c-4118-bd35-9935208978e1","owner_id":null,"owner_name":null},{"id":"5932da92-3695-4121-8b20-d4c7df200a67","name":"Penquin 2.0","description":"<sup>[[Leonardo Turla Penquin May 2020](https://app.tidalcyber.com/references/09d8bb54-6fa5-4842-98aa-6e9656a19092)]</sup>","source":"MITRE","associated_software_id":"e7c7c852-6196-49e9-b883-ccfd5ae47aca","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Leonardo Turla Penquin May 2020](https://app.tidalcyber.com/references/09d8bb54-6fa5-4842-98aa-6e9656a19092)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"1f080577-c002-4b49-a342-fa70983c1d58","name":"Peppy","type":"malware","source":"MITRE","software_attack_id":"S0643","tidal_id":"cbc1e7b5-2609-55b2-bcc4-eddb55c02978","created":"2021-09-07T15:11:17.444000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 ProjectM March 2016](https://app.tidalcyber.com/references/adee82e6-a74a-4a91-ab5a-97847b135ca3)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"5028ed72-8e6b-48bd-b4f4-e42df926893d","name":"Pester","type":"tool","source":"Tidal Cyber","software_attack_id":"S3385","tidal_id":"32efc32a-ee35-5c23-a9c3-fc701aa9ed98","created":"2024-01-12T14:48:49.519878Z","modified":"2024-01-12T14:48:49.519882Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"18fa1f56-f4b5-447e-ac86-26f17d9f2bd1","name":"Pester.bat","description":"<sup>[[Pester.bat - LOLBAS Project](/references/93f281f6-6fcc-474a-b222-b303ea417a18)]</sup>","source":"Tidal Cyber","associated_software_id":"3c004ca1-7436-44e9-85e4-33d55fc74f5e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e7569a31-97a9-4498-9f6a-ddde5fe37952","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2783d08f-1905-4067-b162-b02e1a2aef41","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"30ca44b9-8645-4b51-af77-58e85897f7f9","name":"Phemedrone","type":"malware","source":"Tidal Cyber","software_attack_id":"S3398","tidal_id":"7952a756-b424-5bce-8ad8-705fb17faa43","created":"2024-10-14T19:20:45.708601Z","modified":"2024-10-14T19:20:45.708604Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"854d8703-69db-4d79-92fc-6020d6e2820e","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"a63da2d4-5750-441c-b7da-9aeaf9d72a84","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"71602d81-0812-4f77-83b0-ee58e3ea6961","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e1b7cc37-c1ef-588c-8e96-eb458d756f39","name":"Phenakite","type":"malware","source":"Mobile","software_attack_id":"S1126","tidal_id":"e1b7cc37-c1ef-588c-8e96-eb458d756f39","created":"2026-01-28T13:08:09.939286Z","modified":"2026-01-28T13:08:09.939287Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[{"description":"<sup>[[sentinelone_israel_hamas_war](https://app.tidalcyber.com/references/8fa21bad-0186-5181-b52e-32f7f116695c)]</sup><sup>[[fb_arid_viper](https://app.tidalcyber.com/references/1dca5e73-0b6e-51cd-867c-927d081f228d)]</sup>","group_attack_id":"G1028","group_id":"e3c5164e-49cf-5bb1-955d-6775585abb14","name":"APT-C-23","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"d7015696-0aa1-4c13-a0e6-b9d8e027dabf","name":"Phobos Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3119","tidal_id":"f0203b04-1657-58fa-9788-59ea5e4a127e","created":"2024-03-07T21:01:09.497171Z","modified":"2024-03-07T21:01:09.497174Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3d0d0a9c-da94-4d59-8ca4-b4adfc0e290e","tag":"1d06c2ad-3f16-44e4-908c-d6a3191aa29c"},{"id":"574b0dca-74e4-4c02-a86a-d9434f996cc0","tag":"c306a190-d66a-43f0-befd-b7c3249cc8d5"},{"id":"5c438968-3471-4c95-98d7-c19d43f359da","tag":"288f845a-9683-4bd7-a7a7-b25cbf297532"},{"id":"339b052b-e07a-4e7c-bd2e-a556104b93e5","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"597c4f66-c7ef-4fc9-b951-a250f1f07be6","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"eb050de8-5a42-47f4-b856-ece9ee31ab33","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"e8097ac7-352c-4557-82c6-72d94014eb4c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"02816f9e-1209-4fff-8884-0b38d9c6eab5","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"46323054-92ca-4ceb-a47f-c22b444d126e","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"c6fc073b-fa8a-4fff-a066-3fd788d3ac85","name":"PhonyC2","type":"malware","source":"Tidal Cyber","software_attack_id":"S3086","tidal_id":"a5fbbdce-a74f-5a8e-b81a-3529a66d9325","created":"2024-06-13T20:12:30.884110Z","modified":"2024-06-13T20:12:30.884113Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Deep Instinct PhonyC2 June 2023](/references/fd42ac0b-eae5-41bb-b56c-cb1c6d19857b)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f5973107-3a54-424c-9201-aaf125243c77","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b83ef0fa-9a48-4c40-bd50-b8c326f08be5","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"f14bf61d-691c-4239-a54e-d6caaea074eb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"413f5e4a-f0f5-49f9-85c4-52047f6b1d50","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd63cec1-9f72-4ed0-9926-2dbbb3d9cead","name":"PHOREAL","type":"malware","source":"MITRE","software_attack_id":"S0158","tidal_id":"77d8b94b-0769-5d6f-b3ef-0b0d2f6e6bf3","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"75c6b7ce-60aa-4328-9bf2-51c3000aef35","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b64eeef3-ed2d-4b1b-8aee-066f93d5d2af","name":"PhotoViewer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3862","tidal_id":"a03d6433-ae7a-5e74-90af-5e5af8feff01","created":"2026-01-06T18:05:04.269395Z","modified":"2026-01-06T18:05:04.269401Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8d0c80cf-3214-4368-b0a6-ea52ea61a5b2","name":"PhotoViewer.dll","description":"<sup>[[PhotoViewer.dll - LOLBAS Project](/references/f866ba71-dd24-4041-89bf-d0ac0587a12d)]</sup>","source":"USER","associated_software_id":"e189de6e-db2e-423e-84a5-f98070888b14","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d47d0ef2-ef64-47ab-a90a-4cf413e69fd9","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"0d675f91-ddc3-4eb6-b3fe-8e239d8110f3","name":"PHPMailer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3719","tidal_id":"883586d4-59f4-50d8-b3f2-2b93d34b4a76","created":"2025-12-10T14:14:59.470055Z","modified":"2025-12-10T14:14:59.470058Z","platforms":[{"id":"f075422c-4a28-4a88-8ac3-76bf3ff24499","name":"PRE"}],"associated_software":[],"groups":[{"description":"<sup>[[ENKI Kimsuky KimJongRAT November 21 2025](/references/e060d834-1dfa-4451-b921-7aa26a2ffa30)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a17d49e0-7335-4c9d-97c9-8dbc5780434e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c51894f2-2639-436a-bf7d-85c7008a2d27","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"62b19c81-29bd-409d-a098-00ad3f97050a","name":"PHP Web Shell (SHA256: de7994277a81cf48f575f7245ec782c82452bb928a55c7fae11c2702cc308b8b)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3946","tidal_id":"8ed32b8a-b7d3-5e21-bc74-0ece22f2e3df","created":"2026-01-14T13:31:39.986309Z","modified":"2026-01-14T13:31:39.986313Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"69bfa5e9-4455-423a-8177-e3ad634f03c5","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"68533638-fdd9-44f7-96f5-a589d49b5f26","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"0e0f58b5-52e3-41b1-aa9a-012d05f7b643","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c3536f83-43bd-487a-bf6e-83ef0d8e3a41","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fb1b0624-3290-5977-abbc-bc9609b51f8d","name":"Pikabot","type":"malware","source":"MITRE","software_attack_id":"S1145","tidal_id":"fb1b0624-3290-5977-abbc-bc9609b51f8d","created":"2024-10-31T16:28:01.871374Z","modified":"2024-10-31T16:28:01.871379Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"a84d9fa4-a0d4-4592-baff-53ec87d687eb","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"2fe4c2da-a3cc-4c61-b279-79d62c8e21d2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d0f04bc1-a270-4c4a-8636-4979e04b7582","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"db5d718b-1344-4aa2-8e6a-54e68d8adfb1","name":"Pillowmint","type":"malware","source":"MITRE","software_attack_id":"S0517","tidal_id":"8910ea0b-bffd-5e51-979c-5cac908a18f3","created":"2020-07-27T14:06:29.560000Z","modified":"2022-07-29T19:50:27.063000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trustwave Pillowmint June 2020](https://app.tidalcyber.com/references/31bf381d-a0fc-4a4f-8d39-832480891685)]</sup><sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5085df3a-4800-4d89-8924-8d1974bc5a0b","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"ba2208c8-5e1e-46cd-bef1-ffa7a2be3be4","name":"PinchDuke","type":"malware","source":"MITRE","software_attack_id":"S0048","tidal_id":"33d2e44a-7f4b-53af-a8a6-83aded1ca9bc","created":"2017-05-31T21:32:35.780000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ab3ec588-19bd-4c53-a53d-3a895aef503d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"4ea12106-c0a1-4546-bb64-a1675d9f5dc7","name":"Ping","type":"tool","source":"MITRE","software_attack_id":"S0097","tidal_id":"ba4c362d-8f51-5fba-bf12-28118b5d86f0","created":"2017-05-31T21:33:01.483000Z","modified":"2022-10-13T18:56:52.195000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)]</sup><sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup><sup>[[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup><sup>[[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) has used [Ping](https://app.tidalcyber.com/software/4ea12106-c0a1-4546-bb64-a1675d9f5dc7) to verify connectivity to remote hosts.<sup>[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Alperovitch 2014](https://app.tidalcyber.com/references/72e19be9-35dd-4199-bc07-bd9d0c664df6)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[ClearSky Siamesekitten August 2021](https://app.tidalcyber.com/references/9485efce-8d54-4461-b64e-0d15e31fbf8c)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Shuckworm January 2022](https://app.tidalcyber.com/references/3abb9cfb-8927-4447-b904-6ed071787bef)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[Kaspersky ToddyCat Check Logs October 2023](https://app.tidalcyber.com/references/dbdaf320-eada-5bbb-95ab-aaa987ed7960)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Volt Typhoon May 2023](https://app.tidalcyber.com/references/8b74f0b7-9719-598c-b3ee-61d734393e6f)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup><sup>[[Group IB APT 41 June 2021](https://app.tidalcyber.com/references/a2bf43a0-c7da-4cb9-8f9a-b34fac92b625)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Bitdefender Sardonic Aug 2021](https://app.tidalcyber.com/references/8e9d05c9-6783-5738-ac85-a444810a8074)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup><sup>[[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"966faed1-9bbf-4a10-a6d6-0f1e39e5175d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f655b0ae-aaa5-4ef7-8cef-70a11a761580","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"5bb653a2-7ae6-4094-95ea-359dfa56e16e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c838708c-2247-4416-a8af-232bc7453d86","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"bdbc3ef7-d184-4a14-aa50-23eaa4d591b5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"1debf242-3c91-4bdb-932c-27d61fe17474","name":"PingCastle","type":"tool","source":"Tidal Cyber","software_attack_id":"S3012","tidal_id":"4e9cc41c-0f28-5c74-b833-af10fa8e4ab9","created":"2023-07-14T12:56:37.731140Z","modified":"2023-07-14T12:56:37.731144Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b487c982-554b-456e-9e85-b0acc7e273af","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e829cd9a-ff25-4c4b-8a16-9bf11d28d8e8","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"2dd50cf9-86d9-4f6d-8402-157c6b2b5d51","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a6058d6f-2da3-4ecb-8912-72df0e8456f0","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a4b14e2d-7924-48bc-b9ff-499a26e77d08","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d816d380-5cc3-44cc-a9c4-d5f394c13acc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4360cc62-7263-48b2-bd2a-a7737563545c","name":"PingPull","type":"malware","source":"MITRE","software_attack_id":"S1031","tidal_id":"9c56033d-62f5-5c61-aec8-48cd3a922e9f","created":"2022-08-09T18:21:24.739000Z","modified":"2022-10-21T20:13:44.744000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 PingPull Jun 2022](https://app.tidalcyber.com/references/ac6491ab-6ef1-4091-8a15-50e2cbafe157)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"97fa941a-825e-4274-966b-d3617088624e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"92744f7b-9f1a-472c-bae0-2d4a7ce68bb4","name":"PipeMon","type":"malware","source":"MITRE","software_attack_id":"S0501","tidal_id":"3be34b1a-4254-5c19-b1e7-d0f32af23b92","created":"2020-08-24T13:15:51.706000Z","modified":"2020-10-16T21:01:16.880000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET PipeMon May 2020](https://app.tidalcyber.com/references/cbc09411-be18-4241-be69-b718a741ed8c)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"14e65c5d-5164-41a3-92de-67fdd1d529d2","name":"Pisloader","type":"malware","source":"MITRE","software_attack_id":"S0124","tidal_id":"0836a923-d891-52dd-937b-a2dd336767b1","created":"2017-05-31T21:33:12.388000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Palo Alto DNS Requests](https://app.tidalcyber.com/references/4a946c3f-ee0a-4649-8104-2bd9d90ebd49)]</sup>","group_attack_id":"G0026","group_id":"a0c31021-b281-4c41-9855-436768299fe7","name":"APT18","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"dbfd1b38-f599-4c8a-bc08-4b9e4afff105","name":"PitDog","type":"malware","source":"Trellix TIG","software_attack_id":"S3425","tidal_id":"243409d3-7ebd-5412-85a0-5b5c790233ac","created":"2025-04-11T15:06:45.853979Z","modified":"2025-04-11T15:06:45.853982Z","platforms":[],"associated_software":[{"id":"fa1c1337-15ef-45f5-b583-30d1f1c4afac","name":"PITDOG SparkGateway plugin","description":"","source":"Trellix TIG","associated_software_id":"39e4541a-037d-4a46-a3b8-ade6998e465f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f23c556a-00be-49b3-97c0-9995d3e29e8d","name":"PitDog Plugin","description":"","source":"Trellix TIG","associated_software_id":"1cfb6bfb-4a6f-441a-8127-ccc8ddeabee2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"6f438a2e-bd54-4457-adea-fd09e54e95f9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"615e7a59-fcd8-4127-98ed-360f2b5341ed","name":"PitFuel","type":"malware","source":"Trellix TIG","software_attack_id":"S3447","tidal_id":"6dc39ef3-0b99-54ce-a6c1-e055be373c1d","created":"2025-04-11T15:06:50.036850Z","modified":"2025-04-11T15:06:50.036853Z","platforms":[],"associated_software":[{"id":"44bce584-fd01-4641-ae0e-0a7ed9666d98","name":"PITFUEL SparkGateway plugin","description":"","source":"Trellix TIG","associated_software_id":"eaee58b7-d183-4289-9e35-2a15d1ee361f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8598deb8-0490-46cc-a5d2-d93ebc08c166","name":"PitFuel Plugin","description":"","source":"Trellix TIG","associated_software_id":"2ccf6c88-225c-4723-95ee-cb985ff5f3e9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"0ed35278-4a85-4ec7-9b54-3bcf51f46fba","name":"PitHook","type":"malware","source":"Trellix TIG","software_attack_id":"S3397","tidal_id":"5c28709d-76b8-55e3-8de4-a21c37df7f8b","created":"2025-04-11T15:06:35.883489Z","modified":"2025-04-11T15:06:35.883493Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9c2a2042-8950-4f81-b8e8-49561540e9b3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"4fe6de12-eaea-4632-8ddb-63899a20cc2c","name":"PitSock","type":"malware","source":"Trellix TIG","software_attack_id":"S3435","tidal_id":"d8da1cab-2cb1-55c4-a98f-6d5abcf7f783","created":"2025-04-11T15:06:47.567335Z","modified":"2025-04-11T15:06:47.567338Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"0486790c-bb74-4538-b4a1-d7c33a355ee7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"c0e56f14-9768-5547-abcb-aa3f220d0e40","name":"PITSTOP","type":"malware","source":"MITRE","software_attack_id":"S1123","tidal_id":"10fc13ca-14b9-5150-a372-9fee49084e69","created":"2024-04-25T13:28:21.712963Z","modified":"2024-04-25T13:28:21.712966Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"55d68f45-7a05-4cd5-adf6-8efad78e575b","name":"Pixtool","type":"tool","source":"Tidal Cyber","software_attack_id":"S3869","tidal_id":"633c6f49-5ef8-5c00-99cb-5aeee450014b","created":"2026-01-06T18:05:05.529281Z","modified":"2026-01-06T18:05:05.529284Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d548dc32-3767-40d0-847c-e3ba126b5ba8","name":"Pixtool.exe","description":"<sup>[[Pixtool.exe - LOLBAS Project](/references/5c80dfe7-800b-4890-bf98-da3d2b6782a7)]</sup>","source":"USER","associated_software_id":"c123d1af-ab1e-4229-8150-720c74359d48","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"35b65bdc-c64a-40f4-9bef-7e2ee9231d84","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"417001a0-7dd6-5003-88fe-7640c4642fd6","name":"PJApps","type":"malware","source":"Mobile","software_attack_id":"S0291","tidal_id":"417001a0-7dd6-5003-88fe-7640c4642fd6","created":"2026-01-28T13:08:09.938859Z","modified":"2026-01-28T13:08:09.938860Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"0b0ae21a-987c-44c5-93db-3b228544eb99","name":"Pktmon","type":"tool","source":"Tidal Cyber","software_attack_id":"S3258","tidal_id":"ac644a53-c90a-57c3-b84e-7f1ad2641ccb","created":"2024-01-12T14:48:03.027885Z","modified":"2024-01-12T14:48:03.027889Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e1d6b68d-7d2e-409b-909a-31807a46bc5d","name":"Pktmon.exe","description":"<sup>[[Pktmon.exe - LOLBAS Project](/references/8f0ad4ed-869b-4332-b091-7551262cff29)]</sup>","source":"Tidal Cyber","associated_software_id":"c29799e7-8d70-4312-890d-39eff939af8c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"91ac2db4-a023-449a-9d3a-beedd5670892","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b59aa7ef-f143-403c-bbe9-68200765aa76","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9445f18a-a796-447a-a35f-94a9fb72411c","name":"PLAINTEE","type":"malware","source":"MITRE","software_attack_id":"S0254","tidal_id":"d17a3cc9-1143-51b3-9da6-8895bcc45222","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]</sup>","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"2d3d6034-21f7-5211-ab8a-338dada7082f","name":"Playcrypt","type":"malware","source":"MITRE","software_attack_id":"S1162","tidal_id":"2d3d6034-21f7-5211-ab8a-338dada7082f","created":"2024-10-31T16:28:02.665094Z","modified":"2024-10-31T16:28:02.665098Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9512334f-b1ed-5a45-824f-cbef6d1647ff","name":"Play","description":"<sup>[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)]</sup><sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","source":"MITRE","associated_software_id":"169ac4af-3d1d-488b-ac03-64c5c2c5742c","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)]</sup><sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7d28a90a-db62-43b9-bf0f-5c41e0852541","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"5d30873b-022c-41b1-85ad-934ad67a953f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"460f9da8-7cef-404d-ae94-26d1882e6515","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fa553e2f-e78f-49eb-aa07-c137eedd24c9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ac5a0040-1228-4690-bb1c-c9c016efb05e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0fa9e34a-b9aa-4662-80da-b61ee0bc786f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"adc4a5e0-7f48-48ee-9a9d-79ecd3db35aa","name":"Playcrypt (ESXi variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3493","tidal_id":"cc328dfe-3e24-514f-9732-8ad8abb5332a","created":"2025-06-10T15:50:59.485350Z","modified":"2025-06-10T15:50:59.485352Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e2b09972-e472-4f3a-bd2c-e07f56a353ff","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"143c80e7-b1e3-483a-b3d1-b473b2593491","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"47b9975b-025d-429e-b3ef-d7abf0e92abc","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b33de16e-d929-44fa-9178-6f46f3fc6508","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"30e609f0-22ef-4a7c-9af0-79853db6d7cb","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"1c9e2058-4e90-400e-b007-96c446668d0b","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"bdca2310-bd2f-46dc-b7ae-ff217e468e4a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5519135a-2940-4436-931c-d7f5c5c75904","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bc6c73ef-6ee0-4c98-9663-25c7457f6442","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7bd570b1-8fe2-5d89-8724-9fafb21e973d","name":"PLC-Blaster","type":"malware","source":"ICS","software_attack_id":"S1006","tidal_id":"7bd570b1-8fe2-5d89-8724-9fafb21e973d","created":"2026-01-28T13:08:18.118904Z","modified":"2026-01-28T13:08:18.118908Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9a890a85-afbe-4c35-a3e7-1adad481bdf7","name":"PLEAD","type":"malware","source":"MITRE","software_attack_id":"S0435","tidal_id":"5d6fd090-6f9d-57c6-a0f7-e6268779a698","created":"2020-05-06T12:55:10.969000Z","modified":"2022-04-15T11:32:25.173000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro BlackTech June 2017](https://app.tidalcyber.com/references/abb9cb19-d30e-4048-b106-eb29a6dad7fc)]</sup><sup>[[JPCert PLEAD Downloader June 2018](https://app.tidalcyber.com/references/871f4af2-ed99-4256-a74d-b8c0816a82ab)]</sup><sup>[[Trend Micro Waterbear December 2019](https://app.tidalcyber.com/references/bf320133-3823-4232-b7d2-d07da9bbccc2)]</sup><sup>[[Symantec Palmerworm Sep 2020](https://app.tidalcyber.com/references/84ecd475-8d3f-4e7c-afa8-2dff6078bed5)]</sup>","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6117e2b5-140b-49d2-89b7-76d91e6c798c","name":"Plink","type":"tool","source":"Tidal Cyber","software_attack_id":"S3043","tidal_id":"02ccc10d-ae4f-55d8-970f-c1180f17a042","created":"2023-08-18T18:56:23.240676Z","modified":"2023-08-18T18:56:23.240684Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e5b7959d-1bdf-4ee4-ae5b-1b8261017301","name":"PuTTY Link","description":"","source":"Tidal Cyber","associated_software_id":"d7602f4b-ebea-466b-9e7f-17fe5e7238d6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog November 10 2025](/references/343dab24-9d2e-4269-ab54-3dba4d684a9c)]</sup>","group_attack_id":"G3147","group_id":"ad1251f6-9d49-46ae-ac8e-27cefd099b26","name":"UNC6485","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog May 12 2025](/references/8fb1a0ff-2977-4f50-aba9-e5f5c2b63647)]</sup>","group_attack_id":"G1041","group_id":"a511f4e7-9a04-5f37-a599-0d0eee85cfec","name":"Sea Turtle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"390b4185-f493-40cc-b04e-51f6ea748993","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"244eb01f-52c0-4cfa-9e78-2972ccea0834","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6ddc66b3-cff2-4bfa-ba85-85bbb4864402","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"efdd5a4b-8ead-4593-8712-d1e79a565d20","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ab2eabc6-0a71-4ec1-8c9c-77837934fe42","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c639df89-cdc0-4a04-9090-938ca31a1832","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"0a5d7631-520f-4462-a75a-b769428043e9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"54dbd483-4eb9-44e6-aa7c-11b9d67e3932","tag":"a1427c89-2ebd-440f-b7e0-9728e3ef2096"},{"id":"6ee0145b-304b-4f51-8c9c-1263ffbf1b60","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"bdd8e86f-3fcc-4b67-bf25-fb37fa4f67c9","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3c31bc19-a997-4b3c-8053-908bee6f4d5d","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5b07a42e-7bd0-4058-821c-bd2c772e2da5","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"a8ee50ac-0689-4c68-9bfd-43767dc915fc","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"3b32d0d6-47a8-4473-9613-30098154f305","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"6db59bf0-3fbe-4ae3-b88b-89ccee619ab7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d7eed0f2-4824-4e9d-985a-d0f2399da851","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"6e5cb7c1-8cbc-4e38-8ce1-593433362a02","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"070b56f4-7810-4dad-b85f-bdfce9c08c10","name":"PlugX","type":"malware","source":"MITRE","software_attack_id":"S0013","tidal_id":"752d471d-217c-5c38-a58d-6b439707320b","created":"2017-05-31T21:32:15.638000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1ca41d56-b493-485e-8be7-8df56bbd6a64","name":"Sogu","description":"<sup>[[Lastline PlugX Analysis](https://app.tidalcyber.com/references/9f7fa262-cede-4f47-94ca-1534c65c86e2)]</sup><sup>[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]</sup><sup>[[CIRCL PlugX March 2013](https://app.tidalcyber.com/references/8ab89236-6994-43a3-906c-383e294f65d1)]</sup>","source":"MITRE","associated_software_id":"c3f88c02-a063-443a-a555-c582639f648c","owner_id":null,"owner_name":null},{"id":"0a70c7f8-48c1-40b3-bbd5-6309f5fbc39f","name":"Kaba","description":"<sup>[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]</sup>","source":"MITRE","associated_software_id":"6fb9ef48-3016-4f37-8254-1ae52022b6da","owner_id":null,"owner_name":null},{"id":"845347f6-c3a2-4518-a7a4-629a1424f622","name":"Korplug","description":"<sup>[[Lastline PlugX Analysis](https://app.tidalcyber.com/references/9f7fa262-cede-4f47-94ca-1534c65c86e2)]</sup><sup>[[CIRCL PlugX March 2013](https://app.tidalcyber.com/references/8ab89236-6994-43a3-906c-383e294f65d1)]</sup>","source":"MITRE","associated_software_id":"7ae0cf0a-daad-490c-90da-fe0e1f09a31c","owner_id":null,"owner_name":null},{"id":"72732cf8-e171-4c4c-8125-d1ecbc35c7d5","name":"TVT","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"cca25e4e-d315-49e2-bfc1-be1ee4fac071","owner_id":null,"owner_name":null},{"id":"7af22b0e-4908-433d-867b-f7e656730c83","name":"DestroyRAT","description":"<sup>[[CIRCL PlugX March 2013](https://app.tidalcyber.com/references/8ab89236-6994-43a3-906c-383e294f65d1)]</sup>","source":"MITRE","associated_software_id":"c0090129-1ec8-46c2-94da-7094a1d1e8ca","owner_id":null,"owner_name":null},{"id":"54d00c23-dac1-4ec8-afd3-336ee81a5f6e","name":"Thoper","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"6795a6c5-8701-4fbd-b8f4-ff0b5bd04cc2","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup><sup>[[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]</sup><sup>[[DOJ APT10 Dec 2018](https://app.tidalcyber.com/references/3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]</sup><sup>[[SecureWorks BRONZE UNION June 2017](https://app.tidalcyber.com/references/42adda47-f5d6-4d34-9b3d-3748a782f886)]</sup><sup>[[Nccgroup Emissary Panda May 2018](https://app.tidalcyber.com/references/e279c308-fabc-47d3-bdeb-296266c80988)]</sup><sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup><sup>[[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Eset PlugX Korplug Mustang Panda March 2022](https://app.tidalcyber.com/references/9fca64ae-e272-5849-b9e4-82c5578cafba)]</sup><sup>[[Anomali MUSTANG PANDA October 2019](https://app.tidalcyber.com/references/70277fa4-60a8-475e-993a-c74241b76127)]</sup><sup>[[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)]</sup><sup>[[EclecticIQ Mustang Panda PlugX](https://app.tidalcyber.com/references/6ac53a1f-42ea-525e-a795-4d7535bbb62f)]</sup><sup>[[Avira Mustang Panda January 2020](https://app.tidalcyber.com/references/bc7755a0-5ee3-477b-b8d7-67174a59d0e2)]</sup><sup>[[Recorded Future REDDELTA July 2020](https://app.tidalcyber.com/references/e2bc037e-d483-4670-8281-70e51b16effe)]</sup><sup>[[Crowdstrike MUSTANG PANDA June 2018](https://app.tidalcyber.com/references/35e72170-b1ec-49c9-aefe-a24fc4302fa6)]</sup><sup>[[Proofpoint TA416 Europe March 2022](https://app.tidalcyber.com/references/5731d7e4-dd19-4d08-b493-7b1a467599d3)]</sup><sup>[[Sophos PlugX September 2022](https://app.tidalcyber.com/references/fe21fcdf-ddd9-5a92-9b49-c4e536703460)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[APT41](https://app.tidalcyber.com/groups/502223ee-8947-42f8-a532-a3b3da12b7d9) used a variant of [PlugX](https://app.tidalcyber.com/software/070b56f4-7810-4dad-b85f-bdfce9c08c10) to connect to Windows and Linux systems via SSH and Samba/CIFS.<sup>[[apt41_mandiant](https://app.tidalcyber.com/references/599f4411-6829-5a2d-865c-ac59e80afe83)]</sup><sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Velvet Ant](https://app.tidalcyber.com/groups/f1c80880-e3ed-5223-90f5-840a3b89fe39) heavily relies on variants of [PlugX](https://app.tidalcyber.com/software/070b56f4-7810-4dad-b85f-bdfce9c08c10) for various phases of operations.<sup>[[Sygnia VelvetAnt 2024A](https://app.tidalcyber.com/references/daa0360d-8a50-5256-8c95-cf68a3e7bb90)]</sup>","group_attack_id":"G1047","group_id":"f1c80880-e3ed-5223-90f5-840a3b89fe39","name":"Velvet Ant","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Malwarebytes Higaisa 2020](https://app.tidalcyber.com/references/6054e0ab-cf61-49ba-b7f5-58b304477451)]</sup>","group_attack_id":"G0126","group_id":"f1477581-d485-403f-a95f-c56bf88c5d1e","name":"Higaisa","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]</sup><sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]</sup>","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]</sup>","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell SecureWorks BRONZE STARLIGHT Profile](https://app.tidalcyber.com/references/d2e8cd95-fcd5-58e4-859a-c4724ec94ab4)]</sup>","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]</sup>","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky LuminousMoth July 2021](https://app.tidalcyber.com/references/e21c6931-fba8-52b0-b6f0-1c8222881fbd)]</sup><sup>[[Bitdefender LuminousMoth July 2021](https://app.tidalcyber.com/references/6b1ce8bb-4e77-59f3-87ff-78f4a1a10ad3)]</sup>","group_attack_id":"G1014","group_id":"b10aa4c0-10a1-5e08-8d9d-82ce95d45e6a","name":"LuminousMoth","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) has used [PlugX](https://app.tidalcyber.com/software/070b56f4-7810-4dad-b85f-bdfce9c08c10) loaders as part of intrusions.<sup>[[Symantec Daggerfly 2023](https://app.tidalcyber.com/references/cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Winnti April 2013](https://app.tidalcyber.com/references/2d4834b9-61c4-478e-919a-317d97cd2c36)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[New DragonOK](https://app.tidalcyber.com/references/82c1ed0d-a41d-4212-a3ae-a1d661bede2d)]</sup>","group_attack_id":"G0017","group_id":"f2c2db08-624c-46b9-b7ed-b22c21b81813","name":"DragonOK","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 September 30 2025 09 30 2025](/references/257d2f0e-d60c-4317-b9ab-ed6e76b90d2d)]</sup>","group_attack_id":"G3136","group_id":"bff61144-4f48-4cbe-8371-96d77098eca1","name":"Phantom Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog September 10 2024](/references/c8ea888b-c87c-49eb-a1be-3a269292c414)]</sup>","group_attack_id":"G3075","group_id":"2ee8f401-679c-455e-bc19-511bacdbffff","name":"DragonRank","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Envoy Panda Profile](/references/44879a86-9eda-4934-bfc4-cbc643ab113a)]</sup>","group_attack_id":"G3086","group_id":"ff71ddce-9e70-4aeb-b7df-9d1637be72bc","name":"ENVOY PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d8deb982-1a55-4950-bb89-3df99e1fe789","tag":"76195cff-8fc9-41a0-9914-86c2e258b284"},{"id":"74dfb711-389f-42b7-8b22-ef854d23eda9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d7d9f0d7-8a41-4e3c-86ed-1d853d7ad43c","name":"PM2","type":"tool","source":"Tidal Cyber","software_attack_id":"S3940","tidal_id":"9066ff89-a8fc-5a43-9dc4-bf5130fe1be2","created":"2026-01-14T13:31:39.019275Z","modified":"2026-01-14T13:31:39.019279Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"4b19fa03-08b4-4632-b5a7-73e61bc0bcf9","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"6796bdfb-695f-4bb1-adc2-82197617179d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"8700cf4a-e8a2-45de-aa75-2d43e2693644","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ff8211ad-8fe9-4f29-a49d-2ab085669b21","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"95c273d2-3081-4cb5-8d41-37eb4e90264d","name":"pngdowner","type":"malware","source":"MITRE","software_attack_id":"S0067","tidal_id":"a53f58ba-ac20-5ec2-883c-7bf5725155d1","created":"2017-05-31T21:32:44.700000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Putter Panda](https://app.tidalcyber.com/references/413962d0-bd66-4000-a077-38c2677995d1)]</sup>","group_attack_id":"G0024","group_id":"6005f4a9-fe26-4237-a44e-3f6cbb1fe75c","name":"Putter Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"dd1e8b57-4900-4823-b194-1526c1e00099","name":"Pnputil","type":"tool","source":"Tidal Cyber","software_attack_id":"S3259","tidal_id":"d844b416-76cb-599b-a006-b4df444ca7d3","created":"2024-01-12T14:48:03.440203Z","modified":"2024-01-12T14:48:03.440207Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ff437c05-711f-4f45-9746-8a8106d794fa","name":"Pnputil.exe","description":"<sup>[[Pnputil.exe - LOLBAS Project](/references/21d0419a-5454-4808-b7e6-2b1b9de08ed6)]</sup>","source":"Tidal Cyber","associated_software_id":"6f09dbde-ae7a-4781-b317-286da2c88003","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f0b466f3-53e6-4cac-814a-0777aade06cd","tag":"6d924d43-5de3-45de-8466-a8c47a5b9e68"},{"id":"aedc9163-128f-45f1-8091-ec5e793c3aa4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f5531b1d-9f01-4e3a-aea3-5d9dec64fd75","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"79b4f277-3b18-4aa7-9f96-44b35b23166b","name":"PoetRAT","type":"malware","source":"MITRE","software_attack_id":"S0428","tidal_id":"7c46538e-2f6f-527e-abc7-46aafa3d837d","created":"2020-04-27T20:21:16.487000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"1d87a695-7989-49ae-ac1a-b6601db565c3","name":"PoisonIvy","type":"malware","source":"MITRE","software_attack_id":"S0012","tidal_id":"e18bdce6-5951-561c-b469-79f93ef8e234","created":"2017-05-31T21:32:15.263000Z","modified":"2022-09-30T21:02:39.862000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f8e1f3a1-648c-4439-956c-1e2503451292","name":"Poison Ivy","description":"<sup>[[FireEye Poison Ivy](https://app.tidalcyber.com/references/c189447e-a903-4dc2-a38b-1f4accc64e20)]</sup> <sup>[[Symantec Darkmoon Sept 2014](https://app.tidalcyber.com/references/3362a507-03c3-4236-b484-8144248b5cac)]</sup>","source":"MITRE","associated_software_id":"5f9d7b30-b187-4437-8214-e6e966958553","owner_id":null,"owner_name":null},{"id":"543d46b9-9205-4fb6-b4ab-890f15894f94","name":"Breut","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"76cb912d-02e3-4f99-8cde-6f9b3f75f752","owner_id":null,"owner_name":null},{"id":"1c9529d5-8187-42ab-901e-e6810946fb36","name":"Darkmoon","description":"<sup>[[Symantec Darkmoon Sept 2014](https://app.tidalcyber.com/references/3362a507-03c3-4236-b484-8144248b5cac)]</sup>","source":"MITRE","associated_software_id":"69b67620-b26e-42d3-bb65-b9a3fc734d19","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Unit 42 Tropic Trooper Nov 2016](https://app.tidalcyber.com/references/cad84e3d-9506-44f8-bdd9-d090e6ce9b06)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Eset PlugX Korplug Mustang Panda March 2022](https://app.tidalcyber.com/references/9fca64ae-e272-5849-b9e4-82c5578cafba)]</sup><sup>[[Recorded Future REDDELTA July 2020](https://app.tidalcyber.com/references/e2bc037e-d483-4670-8281-70e51b16effe)]</sup><sup>[[Crowdstrike MUSTANG PANDA June 2018](https://app.tidalcyber.com/references/35e72170-b1ec-49c9-aefe-a24fc4302fa6)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]</sup>","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup><sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]</sup>","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Operation Quantum Entanglement](https://app.tidalcyber.com/references/c94f9652-32c3-4975-a9c0-48f93bdfe790)]</sup>","group_attack_id":"G0017","group_id":"f2c2db08-624c-46b9-b7ed-b22c21b81813","name":"DragonOK","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Villeneuve 2014](https://app.tidalcyber.com/references/a156e24e-0da5-4ac7-b914-29f2f05e7d6f)]</sup>","group_attack_id":"G0011","group_id":"60936d3c-37ed-4116-a407-868da3aa4446","name":"PittyTiger","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]</sup><sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Advanced Persistent Threats](https://app.tidalcyber.com/references/2d16615b-09fc-5925-8f59-6d20f334d236)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DustySky](https://app.tidalcyber.com/references/b9e0770d-f54a-4ada-abd1-65c45eee00fa)]</sup><sup>[[DustySky2](https://app.tidalcyber.com/references/4a3ecdec-254c-4eb4-9126-f540bb21dffe)]</sup><sup>[[FireEye Operation Molerats](https://app.tidalcyber.com/references/6b24e4aa-e773-4ca3-8267-19e036dc1144)]</sup>","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Securelist APT Trends Q2 2017](https://app.tidalcyber.com/references/fe28042c-d289-463f-9ece-1a75a70b966e)]</sup>","group_attack_id":"G0136","group_id":"988f5312-834e-48ea-93b7-e6e01ee0938d","name":"IndigoZebra","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Haq 2014](https://app.tidalcyber.com/references/4e10228d-d9da-4ba4-bca7-d3bbdce42e0d)]</sup>","group_attack_id":"G0002","group_id":"4510ce41-27b9-479c-9bf3-a328b77bae29","name":"Moafee","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup><sup>[[District Court of NY APT10 Indictment December 2018](https://app.tidalcyber.com/references/79ccbc74-b9c4-4dc8-91ae-1d15c4db563b)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3aac567a-d205-4831-9ac6-c973b8f8e54f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3d88ff8f-3a33-43d4-9733-fc4143c9d041","name":"POLLBLEND","type":"malware","source":"Tidal Cyber","software_attack_id":"S3644","tidal_id":"c21242cf-b839-50fb-825d-f0493391af3b","created":"2025-11-19T17:45:41.029842Z","modified":"2025-11-19T17:45:41.029846Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e730a37a-83ca-4683-ba7d-706845fb970b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c40010ec-a3a6-4dbd-be09-3fd973587485","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3b7179fa-7b8b-4068-b224-d8d9c642964d","name":"PolyglotDuke","type":"malware","source":"MITRE","software_attack_id":"S0518","tidal_id":"b4a759b4-a0ec-5c2c-b01d-3e8815983001","created":"2020-09-23T15:42:59.822000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"db46a5df-dfe9-4eed-a8ad-a5aba90fe15c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"555b612e-3f0d-421d-b2a7-63eb2d1ece5f","name":"Pony","type":"malware","source":"MITRE","software_attack_id":"S0453","tidal_id":"995c5619-ca66-5c87-89c2-2e60a3650947","created":"2020-05-21T21:03:35.244000Z","modified":"2020-06-25T21:57:40.642000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"468bfb3a-56f7-4587-8083-cdf7149fd13f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"1353d695-5bae-4593-988f-9bd07a6fd1bb","name":"POORAIM","type":"malware","source":"MITRE","software_attack_id":"S0216","tidal_id":"feee033d-7a2b-5271-ba00-d2f0392c0363","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"439059e2-f756-4c38-8d87-1d3c534f2e16","name":"POORTRY","type":"malware","source":"Tidal Cyber","software_attack_id":"S3151","tidal_id":"e8da4cd0-aa1d-55cc-9128-0f94892e6c2e","created":"2024-08-30T18:12:53.147773Z","modified":"2024-08-30T18:12:53.147777Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e00f1b00-9c9a-4306-82f9-07d7edf9e95b","name":"BurntCigar","description":"<sup>[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]</sup>","source":"Tidal Cyber","associated_software_id":"f71dddac-ad96-4fcd-ac98-94d62678c5eb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News August 27 2024](/references/af1dfc7b-fdc2-448f-a4bf-34f8ee7d55bc)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f2515325-dc8d-4a34-8f60-6ee1acf1b299","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"13c4b853-513c-4628-ad03-40dc5fe7044f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7d2e0159-0e36-4da8-948f-524427c7685a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a3a03835-79bf-4558-8e80-7983aeb842fb","name":"PoshC2","type":"tool","source":"MITRE","software_attack_id":"S0378","tidal_id":"7f3dd898-8d57-5bd9-94fc-27931ea3cde1","created":"2019-04-23T12:31:58.125000Z","modified":"2022-06-03T17:45:36.186000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used multiple publicly available tools during operations, such as PoshC2.<sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]</sup><sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[SecureWorks August 2019](https://app.tidalcyber.com/references/573edbb6-687b-4bc2-bc4a-764a548633b5)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"42218045-89f6-432b-8675-657e156a29b2","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"ba57603e-95fd-45ed-b525-6d1bb1f56199","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"b92f28c4-cbc8-4721-ac79-2d8bdf5247e5","name":"POSHSPY","type":"malware","source":"MITRE","software_attack_id":"S0150","tidal_id":"c83501d2-565d-5759-a9ac-b670a5cf1d06","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye POSHSPY April 2017](https://app.tidalcyber.com/references/b1271e05-80d7-4761-a13f-b6f0db7d7e5a)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bc0c6b09-0714-4f5f-a9a2-39f1ba29b225","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"0552cdb4-5c89-4dd3-a75d-b7a6d9915132","name":"PowerCat","type":"tool","source":"Tidal Cyber","software_attack_id":"S3703","tidal_id":"c4380473-93c6-5bf7-9b32-0ba17341fcfc","created":"2025-12-10T14:14:56.709251Z","modified":"2025-12-10T14:14:56.709255Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"0128923c-3403-4eee-a013-8339056b5232","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b6b527b1-1a52-4033-88ab-38a25e384836","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d9e4f4a1-dd41-424e-986a-b9a39ebea805","name":"PowerDuke","type":"malware","source":"MITRE","software_attack_id":"S0139","tidal_id":"3abb3e6d-fad5-50d3-9775-504887df5a8c","created":"2017-05-31T21:33:19.746000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Volexity PowerDuke November 2016](https://app.tidalcyber.com/references/4026c055-6020-41bb-a4c8-54b308867023)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8451b1b0-d2dc-429d-8fc3-b8b6259c56c6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"7bea0cbb-83af-56e5-a88e-e450b8364d63","name":"PowerExchange","type":"malware","source":"MITRE","software_attack_id":"S1173","tidal_id":"7bea0cbb-83af-56e5-a88e-e450b8364d63","created":"2025-04-22T20:46:56.905223Z","modified":"2025-04-22T20:46:56.905226Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Crambus OCT 2023](https://app.tidalcyber.com/references/ecfdd6e1-caa0-5611-a1f5-d96873cf2222)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"79e528c9-eae4-469d-a7a3-7450e2cab842","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8b9159c1-db48-472b-9897-34325da5dca7","name":"PowerLess","type":"malware","source":"MITRE","software_attack_id":"S1012","tidal_id":"45ba2b7b-49d6-5f24-9882-f0f8c9d1e351","created":"2022-06-01T20:20:02.166000Z","modified":"2022-06-02T19:48:39.830000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason PowerLess February 2022](https://app.tidalcyber.com/references/095aaa25-b674-4313-bc4f-3227b00c0459)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"710a6b45-2869-49d8-8e4e-2bbdb61bd69c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"018ee1d9-35af-49dc-a667-11b77cd76f46","name":"Power Loader","type":"malware","source":"MITRE","software_attack_id":"S0177","tidal_id":"ca43d392-8b27-55d6-b289-016f004ab554","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"155053be-8a2c-4d5e-8206-36d992c5651d","name":"Powerpnt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3352","tidal_id":"6225a48d-324d-54a7-9222-c54e42c27c98","created":"2024-01-12T14:48:37.148640Z","modified":"2024-01-12T14:48:37.148644Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b38a5e4f-22db-4fd4-b115-ef384754f5ee","name":"Powerpnt.exe","description":"<sup>[[Powerpnt.exe - LOLBAS Project](/references/23c48ab3-9426-4949-9a35-d1b9ecb4bb47)]</sup>","source":"Tidal Cyber","associated_software_id":"6f48252d-3e86-415b-ab77-8c833d608b47","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6b6025f4-0b70-45df-b783-e2fc39057ad4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"15e2ad6d-1e6d-4b5e-ab83-796eccffe721","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7cdaf70-5e28-442a-b34d-894484788dc5","name":"PowerPunch","type":"malware","source":"MITRE","software_attack_id":"S0685","tidal_id":"3e53aa5c-1a38-5a4d-aef5-43885a6fb96f","created":"2022-02-18T15:50:16.715000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Actinium February 2022](https://app.tidalcyber.com/references/5ab658db-7f71-4213-8146-e22da54160b3)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"de1f9350-f1d3-478d-b598-f765bf65335a","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9244c824-3df9-44aa-b4df-e9cf798697f5","name":"PowerRun.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3597","tidal_id":"cf7c8d73-1a97-5b83-91f5-ef0d7b9495ce","created":"2025-10-17T17:09:54.136755Z","modified":"2025-10-17T17:09:54.136757Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"94870452-8327-4b1e-989c-c7dcf929ace9","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"73018e1c-ac42-474f-bc20-14b847d22c74","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"fa4b8bf0-4136-426c-bde6-d63b1ade9052","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1f2ecf49-77bc-4427-bc62-389dbedb5c79","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"acbc359f-5b4a-4ae1-ba35-67f1d89b2ac3","name":"PowerShell","type":"tool","source":"Trellix TIG","software_attack_id":"S3422","tidal_id":"a8450849-21d5-5fbe-8fb0-8fd463d0a5c6","created":"2025-04-11T15:06:45.175621Z","modified":"2025-04-11T15:06:45.175625Z","platforms":[],"associated_software":[{"id":"15b20ae7-3425-4412-bf8b-dd41ec7f8c96","name":"powershell.exe","description":"","source":"Trellix TIG","associated_software_id":"614ce025-6b8e-456c-844a-0caa0159b5eb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ANY.RUN's Cybersecurity Blog 10 01 2025](/references/87535fb7-8916-494e-94ff-cf28c125f0b4)]</sup>","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog October 09 2025](/references/06bee483-26fb-4cfc-a6a5-c8282a997946)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Intezer December 19 2025](/references/53d1f9b0-855f-4478-9e13-a15f2dcdec9f)]</sup>","group_attack_id":"G3186","group_id":"86a9fd02-00d4-40da-acb5-15c953cb126c","name":"Paper Werewolf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G3187","group_id":"e396b406-57df-4260-bb75-b337ff726785","name":"Weaxor ransomware operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ReliaQuest December 04 2025](/references/3eea040e-75fb-4e52-b9b6-9e1476f0ddcb)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Securonix January 05 2026](/references/314a9db4-8a16-4732-aa23-b24b38897943)]</sup>","group_attack_id":"G3197","group_id":"a28a00b1-dbee-448c-9f91-690dcca00de8","name":"PHALT#BLYX Threat Actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c9caa745-9133-41f8-920d-c8cbe8abf49d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2ca245de-77a9-4857-ba93-fd0d6988df9d","name":"PowerShower","type":"malware","source":"MITRE","software_attack_id":"S0441","tidal_id":"36dca2a3-aee0-5415-99aa-26bf0470d428","created":"2020-05-08T19:27:12.414000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 Inception November 2018](https://app.tidalcyber.com/references/5cb98fce-f386-4878-b69c-5c6440ad689c)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ba645d76-12f2-4089-88fd-971b88efd5a9","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"5e4840fd-7409-4b01-9ee2-e8e4642da05a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f99e59cb-4cf7-4659-a2b9-60c7c3206c5e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"bab9269b-0eb2-45d4-95aa-8b577c9b4aa7","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"a4700431-6578-489f-9782-52e394277296","name":"POWERSOURCE","type":"malware","source":"MITRE","software_attack_id":"S0145","tidal_id":"6a1fee05-22b1-5862-a655-535ff0fc6f43","created":"2017-05-31T21:33:24.739000Z","modified":"2022-07-20T20:06:44.707000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b92c79ab-39b6-46cd-9bd2-644df9632eed","name":"DNSMessenger","description":"Based on similar descriptions of functionality, it appears S0145, as named by FireEye, is the same as the first stages of a backdoor named DNSMessenger by Cisco's Talos Intelligence Group. However, FireEye appears to break DNSMessenger into two parts: S0145 and S0146. <sup>[[Cisco DNSMessenger March 2017](https://app.tidalcyber.com/references/49f22ba2-5aca-4204-858e-c2499a7050ae)]</sup> <sup>[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]</sup>","source":"MITRE","associated_software_id":"6812793e-6342-4da6-b77f-ed29fab1fd9a","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6c792c3b-02ff-436b-b3f8-d87edb57413d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"82fad10d-c921-4a87-a533-49def83d002b","name":"PowerSploit","type":"tool","source":"MITRE","software_attack_id":"S0194","tidal_id":"6834b187-b362-5155-a4e9-4dfb5cfa7115","created":"2018-04-18T17:59:24.739000Z","modified":"2022-09-27T18:18:15.392000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup><sup>[[Mandiant FIN7 Apr 2022](https://app.tidalcyber.com/references/be9919c0-ca52-593b-aea0-c5e9a262b570)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[X-Force BlackCat May 30 2023](/references/b80c1f70-9d05-4f4b-bdc2-6157c6837202)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group TA505](https://app.tidalcyber.com/references/45e0b869-5447-491b-9e8b-fbf63c62f5d6)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cymmetria Patchwork](https://app.tidalcyber.com/references/d4e43b2c-a858-4285-984f-f59db5c657bd)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"28d10648-c01c-445c-9979-9c2c795193d7","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"bb7eb391-44aa-4e2d-8cc9-d5c8b419d529","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f003c073-fc10-4a44-9ac7-9e0c532b23c8","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"837bcf97-37a7-4001-a466-306574fd7890","name":"PowerStallion","type":"malware","source":"MITRE","software_attack_id":"S0393","tidal_id":"a431bb65-d657-55c4-9dad-8e473cd5bc54","created":"2019-06-21T17:23:27.855000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Turla PowerShell May 2019](https://app.tidalcyber.com/references/68c0f34b-691a-4847-8d49-f18b7f4e5188)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"684f1ba8-81ed-4178-856f-e9bfde418b1f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"39fc59c6-f1aa-4c93-8e43-1f41563e9d9e","name":"POWERSTATS","type":"malware","source":"MITRE","software_attack_id":"S0223","tidal_id":"d1c853da-efe2-5d19-8252-ca6204c14c32","created":"2018-04-18T17:59:24.739000Z","modified":"2022-10-12T19:06:51.405000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a5fc5f97-9985-405d-81bb-fcc79f20f2f9","name":"Powermud","description":"<sup>[[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]</sup>","source":"MITRE","associated_software_id":"4aaf5b58-a6ca-4ec9-84fc-697469698130","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Unit 42 MuddyWater Nov 2017](https://app.tidalcyber.com/references/dcdee265-2e46-4f40-95c7-6a2683edb23a)]</sup><sup>[[FireEye MuddyWater Mar 2018](https://app.tidalcyber.com/references/82cddfa6-9463-49bb-8bdc-0c7d6b0e1472)]</sup><sup>[[ClearSky MuddyWater Nov 2018](https://app.tidalcyber.com/references/a5f60f45-5df5-407d-9f68-bc5f7c42ee85)]</sup><sup>[[Symantec MuddyWater Dec 2018](https://app.tidalcyber.com/references/a8e58ef1-91e1-4f93-b2ff-faa7a6365f5d)]</sup><sup>[[ClearSky MuddyWater June 2019](https://app.tidalcyber.com/references/9789d60b-a417-42dc-b690-24ccb77b8658)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"39f4e4d5-c37b-47c5-b440-864f54450480","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b3c28750-3825-4e4d-ab92-f39a6b0827dd","name":"POWERTON","type":"malware","source":"MITRE","software_attack_id":"S0371","tidal_id":"77d4f92e-9a11-5758-abd8-f17246c8caad","created":"2019-04-16T17:43:42.724000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]</sup><sup>[[Microsoft Holmium June 2020](https://app.tidalcyber.com/references/c249bfcf-25c4-4502-b5a4-17783d581163)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5519345d-7fbe-419e-9316-28e00d5e4bc7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"b8a101e4-e0d2-4002-94c6-18ea30da7aa7","name":"PowerTool","type":"tool","source":"Tidal Cyber","software_attack_id":"S3041","tidal_id":"5d0cbd72-a676-5ec3-9f1f-550b1162d366","created":"2023-08-18T18:56:22.760152Z","modified":"2023-08-18T18:56:22.760161Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d32d7dfc-a281-4a32-b5f8-cc0555775481","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"f91b0b40-a335-4a1b-bff6-849f30afac91","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"10632707-804b-422d-a342-b30231d5e0ad","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"7d0280f2-d88a-4ad3-97e6-a315834bd075","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"489198cd-e289-4bc1-9147-8c786d2210a5","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"50983051-6cfb-4c92-b999-1910da35c3a6","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"851d5c54-f3db-4185-9df3-f421826bf282","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"369674d4-c0ba-41f1-8f0f-04d6488f954a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"04a56d3b-d0a5-441d-a40c-305579125713","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"3b960761-ee4d-48ea-adbd-f2b77c274418","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"2af1343c-1493-41b5-be14-16675695d654","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"10456dbc-e285-447b-990c-c46779764af8","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"601b28b1-e64e-4fd7-aed6-c2134a72adf2","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fbeb76dc-1bcc-4225-b890-f5b9ac8f0d39","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9429ae35-9084-42b1-b60a-40a39fcc49f2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3192d79f-2a24-4461-b4c8-4b40ef7c163f","name":"POWERTRASH","type":"malware","source":"Tidal Cyber","software_attack_id":"S3016","tidal_id":"c4ee3085-9701-5cbe-9fe6-8393d24e408d","created":"2024-06-13T20:12:26.777014Z","modified":"2024-06-13T20:12:26.777017Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence Tweet May 18 2023](/references/b41e9f89-cd88-4483-bb86-9d88c555a648)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"04975824-50ec-48bb-8e03-1aa2a94ffb62","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cf16d1b9-6cd3-4a64-9e17-41733b37fefd","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"617e07dc-6d9b-467b-b3b8-e3148fcc1096","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7ed984bb-d098-4d0a-90fd-b03e68842479","name":"PowGoop","type":"malware","source":"MITRE","software_attack_id":"S1046","tidal_id":"e93baf6c-c6cb-5a8c-a1a4-c2fb34b9e113","created":"2022-09-29T15:44:58.517000Z","modified":"2022-10-17T14:40:59.636000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a2dd8b37-7f99-4235-86d0-3ab2a62b5fcb","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"67cdb7a6-5142-43fa-8b8d-d9bdd2a4dae4","name":"POWRUNER","type":"malware","source":"MITRE","software_attack_id":"S0184","tidal_id":"17885e4f-12d4-5213-b19f-b4398591677e","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"743ac359-bcca-4019-97fa-e35c06ac3fcc","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8127f51d-dce0-405a-a785-83883ba19c23","name":"Presentationhost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3260","tidal_id":"3be4f109-ccba-5103-8090-386cbd67ffb5","created":"2024-01-12T14:48:03.788096Z","modified":"2024-01-12T14:48:03.788100Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed47f984-aa6e-408f-8779-772efa509344","name":"Presentationhost.exe","description":"<sup>[[Presentationhost.exe - LOLBAS Project](/references/37539e72-18f5-435a-a949-f9fa5991149a)]</sup>","source":"Tidal Cyber","associated_software_id":"80b9a847-0d74-4c15-b86b-d34e43cfef21","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a0d0ef9e-c5f7-4905-8c07-979a8ed8253e","tag":"0661bf1f-76ec-490c-937a-efa3f02bc59b"},{"id":"2e99e9da-a547-464a-9695-c709390531b4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"3cb516ca-75ca-4cb0-ba19-ba8500ac8c79","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4fb5b109-5a5c-5441-a0f9-f639ead5405e","name":"Prestige","type":"malware","source":"MITRE","software_attack_id":"S1058","tidal_id":"bd5aafa1-3049-5691-a81f-4c0921cfa108","created":"2023-05-26T01:20:52.284880Z","modified":"2023-05-26T01:20:52.284884Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Prestige ransomware October 2022](https://app.tidalcyber.com/references/b57e1181-461b-5ada-a739-873ede1ec079)]</sup><sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c8294dd5-067d-4182-9431-488c7005d88f","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"9614ed28-f283-48f7-8d54-896e1ddb7f2f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"1da989a8-41cc-4e89-a435-a88acb72ae0d","name":"Prikormka","type":"malware","source":"MITRE","software_attack_id":"S0113","tidal_id":"3cf07b18-753c-5801-ad39-d3ac4feea2f5","created":"2017-05-31T21:33:07.943000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f2e4a702-5189-47f9-95ef-94a18e802026","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8ad4945d-6c54-4472-a476-906a9860fb82","name":"Print","type":"tool","source":"Tidal Cyber","software_attack_id":"S3261","tidal_id":"5ffdf4af-8cc2-5381-baed-c8b2307d5bba","created":"2024-01-12T14:48:04.160315Z","modified":"2024-01-12T14:48:04.160319Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5bc16a17-f5d8-41a8-95eb-855b19db8634","name":"Print.exe","description":"<sup>[[Print.exe - LOLBAS Project](/references/696ce89a-b3a1-4993-b30d-33a669a57031)]</sup>","source":"Tidal Cyber","associated_software_id":"5d8bd4c1-3ab5-4521-8ee8-5da3aad90b7d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8f968267-8e86-49b2-9ea3-1a192b8a4329","tag":"01aca077-8cfb-4d1d-9b83-3678cd26f050"},{"id":"a9e47517-496c-4cf0-a815-6ccc230ea848","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f5bcaaae-2650-42d3-8dc7-04b2f10f13d8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"93ec2323-f93b-4d21-9930-f367948187f0","name":"PrintBrm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3262","tidal_id":"f72d4783-ef92-5187-8c2c-b88f8e0a5232","created":"2024-01-12T14:48:04.520067Z","modified":"2024-01-12T14:48:04.520071Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"367a91cf-e761-4fc5-a0a9-177e8cf0f92f","name":"PrintBrm.exe","description":"<sup>[[PrintBrm.exe - LOLBAS Project](/references/a7ab6f09-c22f-4627-afb1-c13a963efca5)]</sup>","source":"Tidal Cyber","associated_software_id":"91a3db3c-53a5-4ee8-9586-af5d8f95ce4c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"66eddf67-985f-4eb4-8495-420327ca7f66","tag":"37a70ca8-a027-458c-9a48-7e0d307462be"},{"id":"f784e591-40fb-41b0-8b8d-47683fca2c1f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1b8d9fa5-74d7-4dfd-8dfa-91821ae498c8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"4f724555-7bd5-47ca-85de-70b5d6dc5281","name":"printf","type":"tool","source":"Trellix TIG","software_attack_id":"S3389","tidal_id":"8c30baec-270b-5402-aa87-0680af0b9162","created":"2025-04-11T15:06:34.680096Z","modified":"2025-04-11T15:06:34.680099Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"0d6e00a3-6237-458a-85e5-1128bd7f4f50","name":"ProcDump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3038","tidal_id":"b511d5b0-9a9b-53ba-9ca8-da9f0249aa3b","created":"2023-08-18T18:56:22.024170Z","modified":"2023-08-18T18:56:22.024178Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"59d90144-2fd0-40db-b320-8798ee1f7ddf","name":"procdump64.exe","description":"<sup>[[SecureList ToddyCat November 21 2025](/references/889c7685-43ce-4156-a142-4b4605d8fec9)]</sup>","source":"USER","associated_software_id":"82659cfd-be48-40e7-8465-994a4a1ca2e7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"68b33e23-ad45-467e-991f-0a2e949ef390","name":"Microsoft Sysinternals ProcDump","description":"","source":"Tidal Cyber","associated_software_id":"f2c150e6-f4dc-4766-8579-16e739a6ca9b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[SecureList ToddyCat November 21 2025](/references/889c7685-43ce-4156-a142-4b4605d8fec9)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]</sup><sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]</sup><sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c981c263-b8d7-4019-b79b-99130ef35558","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"653409a6-ee3f-4812-9f99-be430a107dcb","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"66154a51-45f6-4366-8374-17d8ca46df40","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a08d0bc8-5f62-410b-9548-837efc062d02","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"97f9b405-5eb1-4292-8434-ec53d42b88c9","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a8a358c2-8b85-4c8c-a623-1ecba4ab9e82","tag":"c3eaf8a7-06e5-4e3a-9615-36316d9e10a8"},{"id":"847dfdc8-d764-41ee-8fba-18b14dbd2820","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"270d04d4-4b73-44cf-a2e1-293daae8cfc3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"7a9ac0a8-6d3e-4423-90e7-c41546f3a409","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b644322c-6556-4e4b-bbd0-23ef3f26157d","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"461972a0-00fb-462d-bc04-300846ba77e8","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"30011f85-2379-4e46-9559-4e3246e45886","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"b25e6f18-9443-4ce6-b537-71b44a5da1a5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3506ef1c-c291-4b20-8b13-1b818a65aacc","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1d2332ba-2b5d-4456-8a9b-e4ddd6ef3873","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d390ea7d-0995-4069-924d-65d6c7c98e3c","name":"Process Hacker","type":"tool","source":"Tidal Cyber","software_attack_id":"S3042","tidal_id":"d3e10e06-18c7-538e-980b-0413c9041270","created":"2023-08-18T18:56:23.012549Z","modified":"2023-08-18T18:56:23.012557Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ec99592c-2c8b-40a6-a235-875981b5aa82","name":"ProcessHacker","description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","source":"USER","associated_software_id":"12ab2053-1f18-4602-b4cf-a894938e1e6c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro Play Spotlight July 21 2023](/references/6cf9c6f0-7818-45dd-9afc-f69e394c23e4)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6f4e7d89-68fb-423f-b750-38d95acd6686","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a7dd5ae9-b156-4be7-8985-a5743982c671","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"1518f989-7d0e-46c4-bf5f-70d158a27396","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d680f50d-42c7-4c8a-917a-77be12f33cdb","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f0e241d3-f2b6-4f92-afe6-3167d6775715","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"802256ea-128c-4c57-8106-62614c4dde68","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"18c90355-d45f-47fb-94e4-0d9a528f9c1e","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4bebf22d-28d5-4513-b6b1-51ee3a826041","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"8d0839ba-c15c-412c-973a-81cbb782cd62","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"0b4ad820-f47c-46b3-ae15-0856adc31b3c","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"977cff73-f5f3-470f-9a7f-00c24c3b2e7d","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9bdf2682-9fb2-4d84-98f1-6f7dde26846a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"65b2bbca-d263-4019-b0f6-11254a795efd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"9cec94fd-127d-43d4-907c-86bc04b574e9","name":"ProjectConfiguration.sys","type":"malware","source":"Tidal Cyber","software_attack_id":"S3881","tidal_id":"aac84aa2-db3a-5ca1-9f4d-9f367ca665e7","created":"2026-01-06T18:05:07.560041Z","modified":"2026-01-06T18:05:07.560045Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e59e199d-77a1-412f-8af8-e401116468d5","name":"AppvVStram_.sys","description":"<sup>[[Securelist December 29 2025](/references/efddf678-b17a-47f3-8750-602a82acac05)]</sup>","source":"USER","associated_software_id":"d931582f-0347-4027-8bda-0ff78675ac0d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist December 29 2025](/references/efddf678-b17a-47f3-8750-602a82acac05)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"169fdf4f-5e0b-48ac-b4aa-790db7c8fd31","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"f7f7338a-4645-4170-a558-95e51c9d8174","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"8783ec91-d842-4664-b0ef-37a69b360726","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"b21add15-3165-4392-a29a-85652d1cbdd1","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"aebfbc27-34e5-4c38-adcf-299863abcd04","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f92858f5-4439-4c61-87bd-97b5e42d572f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c8af096e-c71e-4751-b203-70c285b7a7bd","name":"ProLock","type":"malware","source":"MITRE","software_attack_id":"S0654","tidal_id":"96d266b4-0a4c-5ecb-b21f-e81fec72f5e6","created":"2021-09-30T19:47:47.136000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]</sup>","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6165b58a-cc1d-4774-98d5-d9bb64b21066","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ac485c5b-72d9-4456-aa13-bdabf2b3c287","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"2ecf8041-8069-41a0-b6e8-5b328ae69e31","name":"ProtocolHandler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3353","tidal_id":"b535ae10-57ee-5c73-8453-a6fbee879665","created":"2024-01-12T14:48:37.487575Z","modified":"2024-01-12T14:48:37.487579Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"13e2dec9-19c7-4364-98dc-af08542b3698","name":"ProtocolHandler.exe","description":"<sup>[[ProtocolHandler.exe - LOLBAS Project](/references/1f678111-dfa3-4c06-9359-816b9ca12cd0)]</sup>","source":"Tidal Cyber","associated_software_id":"e8e39cc1-349c-43ca-b45d-9e8f5ead6be4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a6b0b01b-508f-4d10-a73c-cc5469206187","tag":"77131d00-b8b2-42ef-afbd-1fbfc12729df"},{"id":"045754e9-b562-4c4c-ad40-d3179783cfab","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2650c5e4-07a2-4c0a-8f4f-f28835f560a6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d3bcdbc4-5998-4e50-bd45-cba6a3278427","name":"Proton","type":"malware","source":"MITRE","software_attack_id":"S0279","tidal_id":"61b143cd-3d6c-53b3-89a7-31428537414a","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"83e1ac24-3928-40ba-b701-d72549a9430c","name":"Provlaunch","type":"tool","source":"Tidal Cyber","software_attack_id":"S3263","tidal_id":"65154204-6672-59bc-8ae5-58bdd065a27a","created":"2024-01-12T14:48:04.874120Z","modified":"2024-01-12T14:48:04.874125Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5cae27fd-b63d-4bc8-940c-857f3d5a730d","name":"Provlaunch.exe","description":"<sup>[[Provlaunch.exe - LOLBAS Project](/references/56a57369-4707-4dff-ad23-431109f24233)]</sup>","source":"Tidal Cyber","associated_software_id":"7eaa281e-d584-46da-bf0a-abc1fd34f925","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e9ff6904-9422-408f-8e17-5ba462d0aa29","tag":"9e5ec91c-0d0f-4e40-846d-d7b7eb941e17"},{"id":"a0bf310b-d54a-467f-8779-8f88b19f34d7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ed67188c-f71a-4f3f-af78-03776f2aa554","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b62c13d5-729c-46a8-ae4d-98bc1ab919cb","name":"ProxyChains","type":"tool","source":"Tidal Cyber","software_attack_id":"S3168","tidal_id":"cccca235-e7b0-54a8-9bc3-1df4fbb2a906","created":"2024-09-09T19:59:10.677615Z","modified":"2024-09-09T19:59:10.677620Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Unit 29155 September 5 2024](/references/9631a46d-3e0a-4f25-962b-0b2501c47926)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]</sup>","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"60d2a0e9-a3ad-4faa-89a0-ccad2d451a1a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"6ede9888-77fd-4fd6-a774-e3e7fc7d9d2b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"aed326bd-bb29-4715-ad76-762ef58ac2f9","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"a0a90e11-1b4b-47e6-8a66-4ae14ce0176b","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"6b813d3f-a46b-429c-ab1a-dda8f09ea0f1","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f2e15fc7-1e3a-46cc-8875-df2e2e283757","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0da37029-d3e3-40d9-9d03-69f23e09299d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"76610681-8932-4a58-9f95-defb66e22cb6","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"}],"owner_name":"TidalCyberIan"},{"id":"94f43629-243e-49dc-8c2b-cdf4fc15cf83","name":"Proxysvc","type":"malware","source":"MITRE","software_attack_id":"S0238","tidal_id":"cb1627a4-6fa4-53ed-bae3-7a3b4ef06036","created":"2018-10-17T00:14:20.652000Z","modified":"2020-03-30T17:23:20.589000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[McAfee GhostSecret](https://app.tidalcyber.com/references/d1cd4f5b-253c-4833-8905-49fb58e7c016)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8cd401ac-a233-4395-a8ae-d75db9d5b845","name":"PS1","type":"malware","source":"MITRE","software_attack_id":"S0613","tidal_id":"b2aea616-221e-5797-94a3-4a0c7982fc5b","created":"2021-05-24T14:55:59.316000Z","modified":"2022-10-05T16:04:51.193000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"73eb32af-4bd3-4e21-8048-355edc55a9c6","name":"PsExec","type":"tool","source":"MITRE","software_attack_id":"S0029","tidal_id":"bb81ac00-781a-53fb-8216-fe0e5681e890","created":"2017-05-31T21:32:21.771000Z","modified":"2022-09-28T14:47:20.421000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3742cfe8-12a9-4648-b63e-06702cd6ba10","name":"PSEXESVC.exe","description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","source":"USER","associated_software_id":"fd7d8f28-fc34-4ff2-afad-bbe3ff2ea364","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason INC Ransomware November 2023](https://app.tidalcyber.com/references/ebe119d6-add3-5a1b-8e5f-b6419f246ba9)]</sup><sup>[[Huntress INC Ransom Group August 2023](https://app.tidalcyber.com/references/d315547d-26e3-5130-a794-658eecf1e0df)]</sup><sup>[[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)]</sup><sup>[[SOCRadar INC Ransom January 2024](https://app.tidalcyber.com/references/6c78b422-7d46-58a4-a403-421db0531147)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Thrip](https://app.tidalcyber.com/groups/a3b39b07-0bfa-4c69-9f01-acf7dc6033b4) used PsExec to move laterally between computers on the victim’s network.<sup>[[Symantec Thrip June 2018](https://app.tidalcyber.com/references/482a6946-b663-4789-a31f-83fb2132118d)]</sup>","group_attack_id":"G0076","group_id":"a3b39b07-0bfa-4c69-9f01-acf7dc6033b4","name":"Thrip","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[BlackByte](https://app.tidalcyber.com/groups/94f5c644-d36a-59b0-b7e2-7a1d3413443d) has used [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) to remotely execute payloads during wormable ransomware execution.<sup>[[Microsoft BlackByte 2023](https://app.tidalcyber.com/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) through frameworks such as [Impacket](https://app.tidalcyber.com/software/cf2c5666-e8ad-49c1-ac8f-30ed65f9e52c) for remote command execution.<sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup><sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]</sup><sup>[[BitDefender Chafer May 2020](https://app.tidalcyber.com/references/24ea6a5d-2593-4639-8616-72988bf2fa07)]</sup><sup>[[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Checkpoint MosesStaff Nov 2021](https://app.tidalcyber.com/references/d6da2849-cff0-408a-9f09-81a33fc88a56)]</sup>","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Symantec Waterbug Jun 2019](https://app.tidalcyber.com/references/ddd5c2c9-7126-4b89-b415-dc651a2ccc0e)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA AA20-259A Iran-Based Actor September 2020](https://app.tidalcyber.com/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]</sup><sup>[[Check Point Pay2Key November 2020](https://app.tidalcyber.com/references/e4ea263d-f70e-4f9c-92a1-cb0e565a5ae9)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PTSecurity Cobalt Group Aug 2017](https://app.tidalcyber.com/references/f4ce1b4d-4f01-4083-8bc6-931cbac9ac38)]</sup><sup>[[Group IB Cobalt Aug 2017](https://app.tidalcyber.com/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec FIN8 Jul 2023](https://app.tidalcyber.com/references/9b08b7f0-1a33-5d76-817f-448fac0d165a)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Secureworks IRON LIBERTY July 2019](https://app.tidalcyber.com/references/c666200d-5392-43f2-9ad0-1268d7b2e86f)]</sup><sup>[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]</sup><sup>[[Symantec Dragonfly Sept 2017](https://app.tidalcyber.com/references/11bbeafc-ed5d-4d2b-9795-a0a9544fb64e)]</sup><sup>[[Gigamon Berserk Bear October 2021](https://app.tidalcyber.com/references/06b6cbe3-8e35-4594-b36f-76b503c11520)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye FIN6 April 2016](https://app.tidalcyber.com/references/8c0997e1-b285-42dd-9492-75065eac8f8b)]</sup><sup>[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Securelist DarkVishnya Dec 2018](https://app.tidalcyber.com/references/da9ac5a7-c644-45fa-ab96-30ac6bfc9f81)]</sup> ","group_attack_id":"G0105","group_id":"d428f9be-6faf-4d57-b677-4a927fea5f7e","name":"DarkVishnya","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[FIN5](https://app.tidalcyber.com/groups/7902f5cc-d6a5-4a57-8d54-4c75e0c58b83) uses a customized version of PsExec.<sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup>","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Netscout Stolen Pencil Dec 2018](https://app.tidalcyber.com/references/6d3b31da-a784-4da0-91dd-b72c04fd520a)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec WastedLocker June 2020](https://app.tidalcyber.com/references/061d8f74-a202-4089-acae-687e4f96933b)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell TG-1314](https://app.tidalcyber.com/references/79fc7568-b6ff-460b-9200-56d7909ed157)]</sup>","group_attack_id":"G0028","group_id":"0f86e871-0c6c-4227-ae28-3f3696d6ae9d","name":"Threat Group-1314","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye TRITON 2019](https://app.tidalcyber.com/references/49c97b85-ca22-400a-9dc4-6290cc117f04)]</sup><sup>[[Dragos Xenotime 2018](https://app.tidalcyber.com/references/b20fe65f-df43-4a59-af3f-43afafba15ab)]</sup>","group_attack_id":"G0088","group_id":"3a54b8dc-a231-4db8-96da-1c0c1aa396f6","name":"TEMP.Veles","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>\n","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","group_attack_id":"G3134","group_id":"45a5d563-0e93-405a-ae8c-cca71e88f441","name":"J Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Symantec Palmerworm Sep 2020](https://app.tidalcyber.com/references/84ecd475-8d3f-4e7c-afa8-2dff6078bed5)]</sup>","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)]</sup><sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA Play Ransomware Advisory December 2023](https://app.tidalcyber.com/references/b47f5430-25d4-5502-9219-674daed4e2c5)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup><sup>[[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) has used [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) for remote process execution.<sup>[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Leafminer July 2018](https://app.tidalcyber.com/references/01130af7-a2d4-435e-8790-49933e041451)]</sup>","group_attack_id":"G0077","group_id":"b5c28235-d441-40d9-8da2-d49ba2f2568b","name":"Leafminer","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dragos Crashoverride 2018](https://app.tidalcyber.com/references/d14442d5-2557-4a92-9a29-b15a20752f56)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]</sup> ","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Carbanak](https://app.tidalcyber.com/references/2f7e77db-fe39-4004-9945-3c8943708494)]</sup>","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group Chimera January 2021](https://app.tidalcyber.com/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]</sup>","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Medusa Group](https://app.tidalcyber.com/groups/5dd29b96-60b6-5c98-8fc0-510502c700b0) has utilized [PsExec](https://app.tidalcyber.com/software/73eb32af-4bd3-4e21-8048-355edc55a9c6) to facilitate execution, lateral movement, defense evasion, and exfiltration.<sup>[[CISA Medusa Group Medusa Ransomware March 2025](https://app.tidalcyber.com/references/fe6f032e-11f3-5d6d-9a65-e5fc54cb2779)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Volexity Exchange Marauder March 2021](https://app.tidalcyber.com/references/ef0626e9-281c-4770-b145-ffe36e18e369)]</sup>","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Check Point Research Rhysida August 08 2023](/references/0d01416f-4888-4b68-be47-a3245549cec5)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[HC3 Analyst Note MedusaLocker Ransomware February 2023](/references/49e314d6-5324-41e0-8bee-2b3e08d5e12f)]</sup>","group_attack_id":"G3015","group_id":"55b20209-c04a-47ab-805d-ace83522ef6a","name":"MedusaLocker Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 Vice Society December 6 2022](/references/6abf7387-0857-4938-b36e-1374a66d4ed8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[BlackBerry BlackCat Threat Overview](/references/59f98ae1-c62d-460f-8d2a-9ae287b59953)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[redpiranha.net March 17 2025](/references/9399efb7-e91c-4acb-8b0f-6cde20592198)]</sup>","group_attack_id":"G3091","group_id":"1b76d6eb-ad30-4447-a32c-6e4ca9f28e63","name":"Stormous","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"21ef53d0-eadf-4172-9e84-b1970320dff4","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"4a276dc7-cd68-4f84-8524-829e72772433","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"7d9046b4-f490-481e-9ab8-9dcdc6bc25c8","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"977cddaa-5621-4b00-aed1-daaeef940e2c","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"5daf8667-56e9-4e1b-a67d-f0f74fb4a3e0","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"3f8d727a-1064-4c06-a252-174e952197ea","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"42835952-0d06-4a95-8efe-3b9209f8f19a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"64dbc312-d69b-4608-a82b-5f7c4e49fe19","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"b2b3b3c9-6a0d-4140-a7aa-9feb1ccbcb35","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"cb8f8571-ae6a-4012-852d-c429728e5616","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"bed26738-7dea-458b-ab9b-4da9047433cd","tag":"950e8d3a-044b-43e3-b5db-bba61f70ff51"},{"id":"349ccd22-c533-4632-9064-0705c60e8a2f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3a4373e2-1581-4e1d-ae52-4abb6ec759dc","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"1e9e65fb-f4f0-494e-88f0-2c53f747b4bc","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"714f26af-0490-4722-93f3-d8bde4a678ef","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"b4e892e4-2914-4876-8747-f6ad8ee5832a","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f53f9359-2f9e-4d90-afdc-e6b858ad6c07","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"61caed8a-3ad8-4fcc-aac0-5c66fafc3245","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f111c463-31cf-4e13-9ce7-a08a511252d7","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"aa2175da-3f64-4dea-b6a9-ddab181dfd47","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"1945584b-bb16-48a2-902d-2a1c9591efcd","name":"Psr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3264","tidal_id":"5fb17f5a-d3d6-5157-ac70-0574885eece3","created":"2024-01-12T14:48:05.276790Z","modified":"2024-01-12T14:48:05.276793Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1ff4ff25-6d92-4b1e-9e13-b463e4be35a0","name":"Psr.exe","description":"<sup>[[Psr.exe - LOLBAS Project](/references/a00782cf-f6b2-4b63-9d8d-97efe17e11c0)]</sup>","source":"Tidal Cyber","associated_software_id":"85383485-01f9-42a5-9b44-c45c03eae766","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8454e5e4-6059-4489-86eb-c1b4eca449c9","tag":"08f4ef8d-94bb-42f7-b76d-71bcc809bcc9"},{"id":"19145481-5a3e-4035-8112-af2560d39d8d","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b3811437-3083-4f8b-95f3-2dad0abf7820","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ac1c5d5d-b7e2-4ef4-84b6-75da47affb99","name":"PsSuspend","type":"tool","source":"Tidal Cyber","software_attack_id":"S3662","tidal_id":"810a2b8f-c3fa-53c9-aa74-e56970094fe7","created":"2025-11-26T19:38:19.294904Z","modified":"2025-11-26T19:38:19.294908Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9eb01e45-9387-43f8-b171-f94f302d6503","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bcc2d2ff-b2f3-49bf-aa0b-a0700c10a14f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8c35d349-2f70-4edb-8668-e1cc2b67e4a0","name":"Psylo","type":"malware","source":"MITRE","software_attack_id":"S0078","tidal_id":"5695c949-a9e2-58ee-b6ae-5a3473e677aa","created":"2017-05-31T21:32:53.268000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Scarlet Mimic Jan 2016](https://app.tidalcyber.com/references/f84a5b6d-3af1-45b1-ac55-69ceced8735f)]</sup>","group_attack_id":"G0029","group_id":"6c1bdc51-f633-4512-8b20-04a11c2d97f4","name":"Scarlet Mimic","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"7fed4276-807e-4656-95f5-90878b6e2dbb","name":"Pteranodon","type":"malware","source":"MITRE","software_attack_id":"S0147","tidal_id":"2e38c3ca-d24c-5605-ae4e-a15297e7ac0b","created":"2017-05-31T21:33:26.084000Z","modified":"2022-08-23T15:25:11.145000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a1cda810-73ac-4485-82af-6f01e0c71e97","name":"Pterodo","description":"<sup>[[Symantec Shuckworm January 2022](https://app.tidalcyber.com/references/3abb9cfb-8927-4447-b904-6ed071787bef)]</sup><sup>[[Secureworks IRON TILDEN Profile](https://app.tidalcyber.com/references/45969d87-02c1-4074-b708-59f4c3e39426)]</sup>","source":"MITRE","associated_software_id":"e3e379e2-1543-4794-9b89-852ba7f6eac7","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Palo Alto Gamaredon Feb 2017](https://app.tidalcyber.com/references/3f9a6343-1db3-4696-99ed-f22c6eabee71)]</sup><sup>[[Symantec Shuckworm January 2022](https://app.tidalcyber.com/references/3abb9cfb-8927-4447-b904-6ed071787bef)]</sup><sup>[[Microsoft Actinium February 2022](https://app.tidalcyber.com/references/5ab658db-7f71-4213-8146-e22da54160b3)]</sup><sup>[[Unit 42 Gamaredon February 2022](https://app.tidalcyber.com/references/a5df39b2-77f8-4814-8198-8620655aa79b)]</sup><sup>[[Secureworks IRON TILDEN Profile](https://app.tidalcyber.com/references/45969d87-02c1-4074-b708-59f4c3e39426)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e18614b3-cf46-4a02-9e2a-6c8f3e924cd7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"c1215fe3-95e4-49e1-9cb2-54d1827df0aa","name":"PTSOCKET","type":"malware","source":"Tidal Cyber","software_attack_id":"S3175","tidal_id":"a82e9868-d35b-58e2-9f05-b5f39230b3ba","created":"2024-09-13T19:21:24.609629Z","modified":"2024-09-13T19:21:24.609632Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1d1ed92c-3ae6-4482-8a77-283ad83ebd93","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"663e4ffe-5a3f-4c1b-87ae-41181c1322c2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d5731d6e-845b-48f3-9bfe-f671b6504318","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b95e5428-5d29-52a6-af4e-bed0acde4fe7","name":"PUBLOAD","type":"malware","source":"MITRE","software_attack_id":"S1228","tidal_id":"b95e5428-5d29-52a6-af4e-bed0acde4fe7","created":"2025-10-29T21:08:48.110632Z","modified":"2025-10-29T21:08:48.110633Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos MUSTANG PANDA PLUGX PUBLOAD MAY 2022](https://app.tidalcyber.com/references/5fdd102b-7677-5fdc-9c05-2432e2a35eb6)]</sup><sup>[[CSIRT CTI MUSTANG PANDA PUBLOAD TONESHELL JAN 2024](https://app.tidalcyber.com/references/28d9290f-de56-540e-9211-fa0a96f5d42d)]</sup><sup>[[Lab52 MUSTANG PANDA PUBLOAD MAY 2023](https://app.tidalcyber.com/references/26f0864f-3b2b-5538-87a1-ed85aa4cfe78)]</sup><sup>[[IBM MUSTANG PANDA PUBLOAD CLAIMLOADER JUNE 2025](https://app.tidalcyber.com/references/0ca87e7b-f32e-5265-9dba-c059d1ba92c6)]</sup><sup>[[2025_IBM_PUBLOAD_TONESHELL_HIUPAN_CLAIMLOADER_MUSTANG PANDA](https://app.tidalcyber.com/references/386af393-d4be-5590-9b9e-592d30d431f8)]</sup><sup>[[Trend Micro MUSTANG PANDA PUBLOAD HIUPAN SEPTEMBER 2024](https://app.tidalcyber.com/references/0e593cd3-19fd-597a-9788-2356c31bfa09)]</sup><sup>[[2022 November_TrendMicro_Earth Preta_Toneshell_Pubload](https://app.tidalcyber.com/references/0afb412d-45ea-5c50-99d9-d915d5796a60)]</sup><sup>[[Palo Alto Networks, Unit 42](https://app.tidalcyber.com/references/7428e855-a965-5c67-b6c5-4874e48f612f)]</sup><sup>[[PaloAlto MUSTANG PANDA PUBLOAD MARCH 2024](https://app.tidalcyber.com/references/365d02af-f696-5f9f-a993-df3ad20f5e0b)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8c37e916-d351-40ed-ae6a-0a919e10a262","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"13ee9058-0902-484e-8096-670c882cb18d","name":"PUBLOAD (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3176","tidal_id":"0d581842-487b-5181-bc6a-f0c46937719f","created":"2024-09-13T19:21:24.815146Z","modified":"2024-09-13T19:21:24.815149Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 9 2024](/references/0fdc9ee2-5be2-43e0-afb9-c9a94fde3867)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a003d108-da09-41b5-90af-fa41d91c30ab","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"445ede70-51fe-435b-b94d-93f77e2cd277","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cca0e692-707a-4ec9-a3a2-172fca136a4f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"58883c83-d5be-42fc-b4bd-9287e55cd499","name":"Pubprn","type":"tool","source":"Tidal Cyber","software_attack_id":"S3381","tidal_id":"90f2e6ff-8d4d-58bb-8290-b84da98c7085","created":"2024-01-12T14:48:48.085155Z","modified":"2024-01-12T14:48:48.085159Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ddb84c06-8f51-446c-ad1d-8c68c194a499","name":"Pubprn.vbs","description":"<sup>[[Pubprn.vbs - LOLBAS Project](/references/d2b6b9fd-5f80-41c0-ac22-06b78c86a9e5)]</sup>","source":"Tidal Cyber","associated_software_id":"a5f525c2-c9ad-4b97-be30-659bbc34107d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Twitter ItsReallyNick APT32 pubprn Masquerade](/references/731865ea-2410-40ac-85cf-75f768edd08a)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8d7b4378-d3e4-420c-a679-4ef6d4a37919","tag":"8177e8ac-f80d-477d-b0af-c2ea243ddf00"},{"id":"602392bc-cef8-479b-bc20-183bc8eaa4e4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6b518114-c8b0-4aa4-881d-21baa5304646","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d777204c-f93c-54d9-b80e-41641a3d55ce","name":"PULSECHECK","type":"malware","source":"MITRE","software_attack_id":"S1108","tidal_id":"d2e206ad-b5cb-5784-8b1b-24b69b5048d4","created":"2024-04-25T13:28:20.465016Z","modified":"2024-04-25T13:28:20.465020Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"74eb97b8-fc2c-41f0-b497-aad08a52777e","name":"Pulseway","type":"tool","source":"Tidal Cyber","software_attack_id":"S3093","tidal_id":"d066082d-34ac-5b04-8f87-bba1317c840d","created":"2023-11-17T17:09:25.945438Z","modified":"2023-11-17T17:09:25.945443Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"71241469-a022-4816-9ac3-f7ce87c348a4","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"a7b8b606-1ca6-4352-bcae-7749900013a6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1650af9c-c59d-4333-aa20-dfe42abab98d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"935a4578-62b1-47be-b723-9ba2343fddd6","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"d8999d60-3818-4d75-8756-8a55531254d8","name":"PUNCHBUGGY","type":"malware","source":"MITRE","software_attack_id":"S0196","tidal_id":"39449e15-966a-5622-9304-80d5aea94d08","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4403132d-1d58-43ac-a916-805983d9bd09","name":"ShellTea","description":"<sup>[[Morphisec ShellTea June 2019](https://app.tidalcyber.com/references/1b6ce918-651a-480d-8305-82bccbf42e96)]</sup>","source":"MITRE","associated_software_id":"8f1073b3-4371-488d-b299-7e6f6e6fcae9","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye Fin8 May 2016](https://app.tidalcyber.com/references/2079101c-d988-430a-9082-d25c475b2af5)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c49f7ecc-0b8e-400b-ba82-fc2062e93586","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"1638d99b-fbcf-40ec-ac48-802ce5be520a","name":"PUNCHTRACK","type":"malware","source":"MITRE","software_attack_id":"S0197","tidal_id":"c282d3c1-b4c8-5562-a336-4ddaa42d73e7","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b0f3c20b-987b-4c29-bb83-b047ea178d52","name":"PSVC","description":"<sup>[[FireEye Know Your Enemy FIN8 Aug 2016](https://app.tidalcyber.com/references/0119687c-b46b-4b5f-a6d8-affa14258392)]</sup>","source":"MITRE","associated_software_id":"b81c8997-5615-4fc9-a091-a5842cf69819","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye Fin8 May 2016](https://app.tidalcyber.com/references/2079101c-d988-430a-9082-d25c475b2af5)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6f67300c-da3d-4ff1-a852-eee34429ca6d","tag":"6c6c0125-9631-4c2c-90ab-cfef374d5198"}],"owner_name":null},{"id":"0a8bedc2-b404-4a9a-b4f5-ff90ff8294be","name":"Pupy","type":"tool","source":"MITRE","software_attack_id":"S0192","tidal_id":"17c17841-a34e-5a28-a3d8-0ea3153e58be","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 Magic Hound Feb 2017](https://app.tidalcyber.com/references/f1ef9868-3ddb-4289-aa92-481c35517920)]</sup><sup>[[FireEye APT35 2018](https://app.tidalcyber.com/references/71d3db50-4a20-4d8e-a640-4670d642205c)]</sup><sup>[[Secureworks Cobalt Gypsy Feb 2017](https://app.tidalcyber.com/references/f9de25b4-5539-4a33-84b5-f26a84544859)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a381cec1-9e87-415e-9025-a6e31fc8a48d","name":"PureCrypter","type":"malware","source":"Tidal Cyber","software_attack_id":"S3007","tidal_id":"9dfd511a-8cc9-54df-94ce-909b8d5d38f9","created":"2024-06-13T20:12:26.120948Z","modified":"2024-06-13T20:12:26.120952Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6b05afeb-331e-4dc2-b1c3-69bbd7f867d2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6f0224cd-8c28-4d57-b34b-7c225f024603","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"65434024-33d8-4c9f-9437-06f1f8ac46ce","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e5817f59-2042-4868-b6d5-1d3a6878ed66","name":"PureLog Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3911","tidal_id":"e13f6e8f-530d-5d49-b5c7-0d8675e49447","created":"2026-01-14T13:31:34.144262Z","modified":"2026-01-14T13:31:34.144266Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"bbb55cca-3f3e-4258-84eb-5de15f73b799","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"28c59a29-0abe-4e20-b0e5-3d3fc42ac8b6","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"8ee3def6-502f-41ff-844a-3c8ddb8ab51c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cfd4f1e4-f56e-4de0-9db4-be3204e830e3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"313c78e9-488d-4fbc-a6e5-05c0df3cb8a4","name":"PuTTy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3090","tidal_id":"6c52bd24-92dd-5279-b11f-065dac26d800","created":"2023-11-17T17:09:25.283343Z","modified":"2023-11-17T17:09:25.283349Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"00fd05cb-bbd7-4e05-93b7-bc207f087380","name":"PuTTY/PSCP","description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","source":"USER","associated_software_id":"cc1b2f7a-a4ae-4bb9-a546-fa2718764627","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog November 10 2025](/references/343dab24-9d2e-4269-ab54-3dba4d684a9c)]</sup>","group_attack_id":"G3147","group_id":"ad1251f6-9d49-46ae-ac8e-27cefd099b26","name":"UNC6485","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]</sup><sup>[[ESET MirrorFace December 14 2022](/references/e1896c15-8f19-43e4-96b0-cfd442966b28)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"01acb24c-963f-45fc-bf27-a31937c2e316","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"73b8a4a7-dd65-471e-9c15-7b453edf16ac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"596fe4d4-db66-44a2-b2bd-18cae7ed2c8a","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"33f2a8b4-d4b6-41ad-a48b-a990d946b99f","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"d8451045-3e59-4807-b5c4-e9171c067389","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"203d718c-414c-4c8e-b02a-5b33f7424ae4","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"d5ed1495-a0e5-40d2-a6d9-2358445ca1bb","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"992dfcb7-23d4-4187-a1ec-80dea2e9acbe","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7e4e8aae-e04b-4e7f-ab31-9b0cfc7bf739","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f5183917-b572-44e2-b683-879052d7edb9","tag":"15787198-6c8b-4f79-bf50-258d55072fee"}],"owner_name":"TidalCyberIan"},{"id":"77f629db-d971-49d8-8b73-c7c779b7de3e","name":"pwdump","type":"tool","source":"MITRE","software_attack_id":"S0006","tidal_id":"e7aaaf67-4a3e-5bf3-bd48-b82359eb09c3","created":"2017-05-31T21:32:13.051000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit42 Emissary Panda May 2019](https://app.tidalcyber.com/references/3a3ec86c-88da-40ab-8e5f-a7d5102c026b)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup>","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"93e36125-58bc-44c1-acbc-751a205a4200","tag":"c1f5abc0-340f-4b93-96d7-ca6ea7942b64"},{"id":"2f6c6a22-970c-4856-81b3-e1bdbffdcc43","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"51b2c56e-7d64-4e15-b1bd-45a980c9c44d","name":"PyDCrypt","type":"malware","source":"MITRE","software_attack_id":"S1032","tidal_id":"e26ed381-3ae4-5bad-b03f-6f4ff252f2aa","created":"2022-08-11T22:00:20.194000Z","modified":"2022-10-18T13:10:21.905000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Checkpoint MosesStaff Nov 2021](https://app.tidalcyber.com/references/d6da2849-cff0-408a-9f09-81a33fc88a56)]</sup>","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9901f10d-fc94-41ff-9e34-7cb5ad6b1709","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0397d3ac-4a8f-4ec9-bab8-620eccfe3012","name":"PylangGhost","type":"malware","source":"Tidal Cyber","software_attack_id":"S3508","tidal_id":"f4c26108-a1a1-5b65-bc68-dcf72137659b","created":"2025-07-08T16:59:11.780753Z","modified":"2025-07-08T16:59:11.780756Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog June 18 2025](/references/bd498a3d-c411-41b1-b55a-f700aaf5e166)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b6988ac5-cf49-4ea8-b149-ad3843a26180","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"1a540af5-6537-4f88-8037-dabda373e145","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"12de014f-356c-4fa7-95e3-50c1175894c9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e0d5ecce-eca0-4f01-afcc-0c8e92323016","name":"Pysa","type":"malware","source":"MITRE","software_attack_id":"S0583","tidal_id":"fff82c21-7e4e-550c-98f3-ad32a32572b8","created":"2021-03-01T19:44:27.287000Z","modified":"2021-04-27T20:19:31.430000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"300e845e-5b85-4dd8-a8f1-6202c1cbbb45","name":"Mespinoza","description":"<sup>[[CERT-FR PYSA April 2020](https://app.tidalcyber.com/references/4e502db6-2e09-4422-9dcc-1e10e701e122)]</sup><sup>[[DFIR Pysa Nov 2020](https://app.tidalcyber.com/references/a00ae87e-6e64-4f1c-8639-adca436c217e)]</sup><sup>[[NHS Digital Pysa Oct 2020](https://app.tidalcyber.com/references/5a853dfb-d935-4d85-a5bf-0ab5279fd32e)]</sup>","source":"MITRE","associated_software_id":"da345299-97db-4e76-b81f-265ebd54cbcb","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"26ad2d39-632d-423b-af84-d34d42ab2d59","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"e262c17a-6b89-4bee-bdb2-eeaa4ed6fb1f","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"def8a90c-49c9-4983-b960-cd77fa5467f3","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0e1b5794-096a-48b3-9c75-25d767e5a5bf","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"141d7509-9274-4088-95d3-df5b59308cc7","name":"pysoxy","type":"tool","source":"Trellix TIG","software_attack_id":"S3423","tidal_id":"a57385c7-1218-5dd6-aea2-e6dd3a89c471","created":"2025-04-11T15:06:45.447053Z","modified":"2025-04-11T15:06:45.447056Z","platforms":[],"associated_software":[{"id":"b5f04628-78b9-48ff-853c-067e4262450f","name":"PySoxy tunneler","description":"","source":"Trellix TIG","associated_software_id":"6048dd51-7c32-4553-9900-69d4267cee24","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"fb724f5b-81be-4d1e-851c-28e968316229","name":"PyStoreRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3928","tidal_id":"e58532c2-6483-59c8-b688-f4615797722c","created":"2026-01-14T13:31:37.046585Z","modified":"2026-01-14T13:31:37.046589Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7dfc79ce-9777-458d-b80c-edb8d5de0ab8","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"9c6900dd-d264-497a-b902-6b4bffaa51dd","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"e5fb41ca-1de1-4a43-a0d1-b72c46c6a9fb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"ccc65337-bea3-4391-8d6d-92ea5492d1bf","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"f6aa6a6c-6930-43b0-b9fa-c4c35398abe7","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"3a119db6-1f99-49bf-baa1-e166b3153fd5","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"17abd3f4-7dcd-423f-bd62-55068007f761","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"54df5688-196f-4a1a-82a5-1d23691f61b5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"11fa97f5-1bc4-4763-b2b0-750dde068f4d","name":"Python cryptography.fernet","type":"tool","source":"Tidal Cyber","software_attack_id":"S3797","tidal_id":"af30e680-cd83-5d4b-94cd-929433b800a9","created":"2025-12-24T14:57:26.396571Z","modified":"2025-12-24T14:57:26.396574Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Amazon Web Services December 15 2025](/references/cb9ff075-d033-4990-b389-4760d089e255)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e7ae38ce-f9f2-4555-8109-37fae79eb9aa","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"710911dc-ef77-4c01-b753-130d0b956e34","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c1dbae71-13e1-4b9b-8e72-a5ac531a448c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"bd0de85a-3618-4b38-8642-c553e49865e0","name":"python.exe","type":"tool","source":"Trellix TIG","software_attack_id":"S3430","tidal_id":"b437d325-9b6b-546e-a42f-37191906bf1b","created":"2025-04-11T15:06:46.719096Z","modified":"2025-04-11T15:06:46.719099Z","platforms":[],"associated_software":[{"id":"3a8fce51-6e33-4b38-8091-cd877d24118f","name":"Python Interpreter","description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","source":"USER","associated_software_id":"d7b36edf-ae24-4712-88df-8372f520f8bb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f5b4e235-d94d-4731-b91c-dbc1c650fea4","name":"zvchost.exe","description":"<sup>[[Trend Micro December 03 2025](/references/9ef527df-db8d-421e-82b4-2f50c8ab50f8)]</sup>","source":"USER","associated_software_id":"c493adf6-46e6-4a50-948e-34df5b648ef7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"44226774-1945-4078-b5da-67d406ec5c0a","name":"python","description":"","source":"Trellix TIG","associated_software_id":"6a3538c2-31c8-4cec-bb3d-e09bfbf478ba","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"5ed73469-987e-44d8-9c94-878d45193137","name":"pythonw","description":"","source":"Trellix TIG","associated_software_id":"76a32f72-952f-4c20-9ed3-b3ed277e0ef6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"fef3df5b-7b33-473c-87b4-fc466e5c94ff","name":"pythonw.exe","description":"","source":"Trellix TIG","associated_software_id":"cdf3207a-4c7f-4982-a74c-c3f81998a946","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Acronis January 08 2026](/references/67e63f34-e4c6-4c6c-9d79-758c8b1ca7ff)]</sup>","group_attack_id":"G3202","group_id":"f0de217f-3520-43ab-a9e1-f1cffd1d3963","name":"Astaroth Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"15fbf26d-47b3-41a8-9e06-d634bcb1ab8c","name":"PyXie RAT","type":"malware","source":"Trellix TIG","software_attack_id":"S3399","tidal_id":"ae335675-9306-5749-b6fe-3b78774953af","created":"2025-04-11T15:06:36.256315Z","modified":"2025-04-11T15:06:36.256319Z","platforms":[],"associated_software":[{"id":"cb380380-3471-49d8-b949-c2c8197e69c2","name":"PyXie","description":"","source":"Trellix TIG","associated_software_id":"bacec3a6-0d63-4e87-88c8-49ee44ddf6b8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c330dacc-4c8d-48d0-9ae6-1b642ac31ee1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"52d7f02c-9b27-4a80-bdfc-c78c8cd8c2f9","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"9050b418-5ffd-481a-a30d-f9059b0871ea","name":"QakBot","type":"malware","source":"MITRE","software_attack_id":"S0650","tidal_id":"bfbd1f4e-0d0d-5b90-9460-03d56a5c5f11","created":"2021-09-27T19:35:35.326000Z","modified":"2021-10-15T21:47:13.084000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8af95392-abee-4203-8b47-cf68adab9b9e","name":"QuackBot","description":"<sup>[[Kaspersky QakBot September 2021](https://app.tidalcyber.com/references/f40cabe3-a324-4b4d-8e95-25c036dbd8b5)]</sup>","source":"MITRE","associated_software_id":"e26ce4bb-2117-4f21-be70-5cb4c448c303","owner_id":null,"owner_name":null},{"id":"bd740660-b68f-4f6b-b349-519a6db9ca23","name":"QBot","description":"<sup>[[Trend Micro Qakbot December 2020](https://app.tidalcyber.com/references/c061ce45-1452-4c11-9586-bd5eb2d718ab)]</sup><sup>[[Red Canary Qbot](https://app.tidalcyber.com/references/6e4960e7-ae5e-4b68-ac85-4bd84e940634)]</sup><sup>[[Kaspersky QakBot September 2021](https://app.tidalcyber.com/references/f40cabe3-a324-4b4d-8e95-25c036dbd8b5)]</sup><sup>[[ATT QakBot April 2021](https://app.tidalcyber.com/references/c7b0b3f3-e9ea-4159-acd1-f6d92ed41828)]</sup>","source":"MITRE","associated_software_id":"11b32ebe-8ee3-46bc-aaf0-b0761dfa9c0c","owner_id":null,"owner_name":null},{"id":"986bf1c1-04d0-414f-bcaf-d809ec422091","name":"Pinkslipbot","description":"<sup>[[Kaspersky QakBot September 2021](https://app.tidalcyber.com/references/f40cabe3-a324-4b4d-8e95-25c036dbd8b5)]</sup><sup>[[ATT QakBot April 2021](https://app.tidalcyber.com/references/c7b0b3f3-e9ea-4159-acd1-f6d92ed41828)]</sup>","source":"MITRE","associated_software_id":"96dcc3d3-057c-4e81-b833-a9f09c1f3194","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) operations have included deployment of [QakBot](https://app.tidalcyber.com/software/9050b418-5ffd-481a-a30d-f9059b0871ea).<sup>[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ATT QakBot April 2021](https://app.tidalcyber.com/references/c7b0b3f3-e9ea-4159-acd1-f6d92ed41828)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Latrodectus APR 2024](https://app.tidalcyber.com/references/23f46e51-cfb9-516f-88a6-824893293deb)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bfcd4bbd-ca94-47cf-b436-2d34d0455825","tag":"31f0198c-f5f6-439e-a2ca-e45090194070"},{"id":"7406b959-686c-42fe-9737-bc215d8f5117","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"63c4a56f-d48f-459e-8600-1477d7af96ff","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"faecc696-ecc3-45a1-b06a-8014aeb4ad7b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"6ac7d1e7-9d42-41b2-b7f7-f4094e9202c7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a4f3f121-e313-45d8-b2a7-2cd02a808e69","tag":"e096f0dd-fa2c-4771-8270-128c97c09f5b"},{"id":"c15ede1c-a400-4882-9d0c-20ffb3f31ee0","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"8b5ff037-4b2f-4e92-a377-253e6dfe725f","name":"qb_check.ps1","type":"malware","source":"Tidal Cyber","software_attack_id":"S3949","tidal_id":"8d343caf-4332-526f-9fba-57253a9ec305","created":"2026-01-14T13:31:40.484669Z","modified":"2026-01-14T13:31:40.484673Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"1470cb80-febd-47c0-87b4-85430bf0c6fd","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"db01afb0-d778-4885-9cfa-65b3247b3a05","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"abc82ab1-d1d8-45ef-b104-83e59695e3eb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8e4e8eaf-e33e-465e-9e4b-b8414cc6f7db","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b6c70553-69b7-4c6d-8c56-bf7b90a0f586","name":"QDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3469","tidal_id":"78c7390c-a157-50c3-bca4-37834c9e5671","created":"2025-04-15T17:47:54.910803Z","modified":"2025-04-15T17:47:54.910807Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ConnectWise LinkedIn September 25 2024](/references/b83aacf3-26b4-4913-85f2-95cbd1d08bcc)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group SafePay March 10 2025](/references/5d63bb19-02d7-47b2-a120-9601ba09d99e)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"502a5272-8de1-463d-b730-2af16bb2878b","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"e40481e6-5ff5-4b4a-b5bc-2d2c6c33ee44","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"142ada54-efed-4e27-84e1-99dc92bee412","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"69d8b304-e6d2-42fc-b036-afc35c6c2a1a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9d232a11-8e52-430e-8de8-cc9d4d329080","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c708ce6d-ad9d-4dd7-b8bb-4ec27bbad74e","name":"QEMU","type":"tool","source":"Tidal Cyber","software_attack_id":"S3818","tidal_id":"3008f559-e72c-5567-8b02-ce29a84990fe","created":"2025-12-24T14:57:29.526439Z","modified":"2025-12-24T14:57:29.526442Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dd5a214e-9411-44e2-8e71-9f0c7acf1a62","name":"qemu-system-x86_64.exe","description":"<sup>[[Red Canary December 09 2025](/references/6d71e655-029e-49b0-8285-30e036e63140)]</sup>","source":"USER","associated_software_id":"546d6390-ebe3-4d19-ae48-6139689981c0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"3a89dc37-45ff-44b7-9e0b-48b617358cf8","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"4065a16c-cde5-42e2-ae48-dc8e58752380","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"d265c34d-1928-4b1d-bfb0-f5d6c0234ea7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e44c3bae-a49c-4d4a-9452-cb4a8ab359f1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c0e3be4d-ab79-4bdb-a447-203340b022c3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"665807d7-ad5c-57ee-a710-14198c43ce38","name":"Qilin","type":"malware","source":"MITRE","software_attack_id":"S1242","tidal_id":"665807d7-ad5c-57ee-a710-14198c43ce38","created":"2025-10-29T21:08:48.110789Z","modified":"2025-10-29T21:08:48.110790Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d9254a5d-271c-44bf-9d92-fa46320dcf02","name":"Qilin.B","description":"<sup>[[Halcyon Tech Inc September 9 2025](/references/d38096ae-a30c-4f90-9661-e15528803199)]</sup>","source":"USER","associated_software_id":"fd6e7f25-7010-4041-b58a-09654ee33e1f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6bbb99d0-67bd-42e2-af58-e5842e17aebb","name":"Qilin Ransomware","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"701a6795-2edf-4ce5-a5b7-c75d4fdc6c1a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"40b0332b-44f4-56f1-abf4-623f9a2ba6b7","name":"Agenda","description":"<sup>[[Sophos Qilin MSP APR 2025](https://app.tidalcyber.com/references/04c49bb7-d96c-535c-8d91-ce27b01fcc3c)]</sup><sup>[[Trend Micro Agenda Ransomware AUG 2022](https://app.tidalcyber.com/references/eb020dac-b213-5b25-be63-834dc63b073c)]</sup><sup>[[SentinelOne Qilin NOV 2022](https://app.tidalcyber.com/references/f23673bf-7f8c-53a8-98c1-a6217d8685da)]</sup>","source":"MITRE","associated_software_id":"531f2827-f064-56a1-a8e2-af803f2ca472","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"[Moonstone Sleet](https://app.tidalcyber.com/groups/33a5fa48-89ee-5c0b-9c9c-e0ee69032fca) has deployed [Qilin](https://app.tidalcyber.com/software/665807d7-ad5c-57ee-a710-14198c43ce38) ransomware.<sup>[[MIcrosoft Moonstone Sleet Qilin MAR 2025](https://app.tidalcyber.com/references/d521bdbb-82cf-592c-a638-d49821717e06)]</sup>","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Water Galura](https://app.tidalcyber.com/groups/93901942-0750-59a5-a244-3ee9ae3bc255) are the operators of the [Qilin](https://app.tidalcyber.com/software/665807d7-ad5c-57ee-a710-14198c43ce38) RaaS.<sup>[[BushidoToken Qilin RaaS JUN 2024](https://app.tidalcyber.com/references/a0fda9ef-31d3-529b-a0f2-342ac6fa23cd)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"05585536-6a94-46d1-9c50-65234cb29df4","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"0e888f3f-a937-432a-bfa8-3f85e94949fb","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"7e20843a-09f2-46cd-843b-4db3cfbe11cd","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ad82a74d-2e43-427d-a36e-747511de5b06","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"3b78dda9-d273-4ffc-9a9f-75e80178c7b2","name":"Qilin Ransomware (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3141","tidal_id":"bed30690-2f43-5049-bf93-96d576486923","created":"2024-06-13T20:12:35.915377Z","modified":"2024-06-13T20:12:35.915380Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d8810c18-9b96-424b-80e5-e2c2133a8733","name":"Qilin.B","description":"<sup>[[Halcyon Tech Inc September 9 2025](/references/d38096ae-a30c-4f90-9661-e15528803199)]</sup>","source":"USER","associated_software_id":"fd6e7f25-7010-4041-b58a-09654ee33e1f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"e88189ae-bd14-4c44-b103-f7b06057d828","name":"Agenda","description":"<sup>[[Trend Micro March 26 2024](/references/d5634b8e-420a-4721-a3d2-19d9f36697f4)]</sup>","source":"Tidal Cyber","associated_software_id":"86445703-67c0-4dc3-9529-c75ffd3bfc92","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence Moonstone Sleet Qilin March 6 2025](/references/e370e95c-e679-41f1-a055-fbc80439f3a8)]</sup>","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d9d8cb18-13e9-44d4-9844-355454aedfc8","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"8c82194d-2110-4e8b-bc83-2c6d93df3118","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"717337c5-4be1-4e3d-930d-aadc7f3ddc0b","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"411159f9-e2ab-499a-ad82-45d77a5e4264","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"e2ae14a2-3cfe-4bef-890b-f9231a26abd2","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"36bff74f-7969-48a5-bb31-d4be4c52224f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"01a33c16-7eb3-4494-8c05-b163f871b951","name":"Qilin Ransomware (Linux) (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3123","tidal_id":"73eaf1cd-79d8-5f66-a39c-b33311ca4a4f","created":"2024-06-13T20:12:32.428168Z","modified":"2024-06-13T20:12:32.428172Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"cdd7dce9-aa26-4913-991f-3cf4aa5cd867","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"9768df75-ca18-4a00-b0cf-0db2a69d84a8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"063e3136-a2e4-4049-99ba-d27b2d8d41f2","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"799727c5-27b5-41dd-a557-1a63f99f0e82","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"0d01b9cf-8276-46c2-8cb4-1c8a4cb12ab3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"5150615e-2edb-4f19-bafe-a00697eaa741","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"adcf70d6-74e0-4436-bc92-f05bc924bf80","name":"Quad7 Botnet","type":"malware","source":"Tidal Cyber","software_attack_id":"S3171","tidal_id":"17cf18fc-5abe-5501-9e12-7974921563fc","created":"2024-09-13T19:21:23.675066Z","modified":"2024-09-13T19:21:23.675070Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[{"id":"7b46724b-338a-4f43-9dd5-7cc49477247a","name":"xlogin","description":"<sup>[[Microsoft Storm-0940 October 31 2024](/references/09651ef7-0052-4ba0-b369-7990de978485)]</sup>","source":"Tidal Cyber","associated_software_id":"2bdfa7f0-19c9-488d-84c6-496c63b19d4c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"b8ebc87e-86b6-426b-8af7-446d2f4a5ffb","name":"CovertNetwork-1658","description":"<sup>[[Microsoft Storm-0940 October 31 2024](/references/09651ef7-0052-4ba0-b369-7990de978485)]</sup>","source":"Tidal Cyber","associated_software_id":"5d8bfd1b-4662-4faa-b3a4-8ca4914c0d39","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c5777f58-9e30-4d71-9350-238ad980acfc","name":"7777 Botnet","description":"<sup>[[Sekoia.io Blog July 23 2024](/references/ae84e72a-56b3-4dc4-b053-d3766764ac0d)]</sup>","source":"Tidal Cyber","associated_software_id":"fea64137-62f2-4d5f-be77-97ea0b0aa54d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Sekoia.io Blog July 23 2024](/references/ae84e72a-56b3-4dc4-b053-d3766764ac0d)]</sup>","group_attack_id":"G3052","group_id":"bf3d1108-0bcd-47ae-8d71-4df48e3e2b43","name":"Quad7 Botnet Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c204a1d0-2fb4-4c30-8776-0408a9f5ad80","tag":"9768aada-9d63-4d46-ab9f-d41b8c8e4010"},{"id":"c585ba7a-775a-43dc-ae8e-e18eedb859b1","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"82f000f0-6d83-4b52-8402-158d05ce6049","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"715ed169-911c-49c6-bbaf-3bc3aad37000","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"79832da8-da56-4a4d-943f-eeafbe8e0e81","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7101789b-16d6-47a5-bbbb-62d30ed83f93","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2bf68242-1dbd-405b-ac35-330eda887081","name":"QUADAGENT","type":"malware","source":"MITRE","software_attack_id":"S0269","tidal_id":"796f2374-d8e0-53d6-8036-8c398421a00f","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 QUADAGENT July 2018](https://app.tidalcyber.com/references/320f49df-7b0a-4a6a-8542-17b0f56c94c9)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2a9a1823-0eb4-4f34-8c8d-bbc255c9600a","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"b0c18cd8-a859-4cd2-9558-33e5bcd4610c","name":"Quantum Locker","type":"malware","source":"Tidal Cyber","software_attack_id":"S3184","tidal_id":"002a36c5-05a2-5ad2-b867-c1f220dcae57","created":"2024-09-20T15:10:53.458336Z","modified":"2024-09-20T15:10:53.458339Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"21a548c6-d062-414f-a2cb-033ea588cbf6","name":"Quantum Ransomware","description":"","source":"Tidal Cyber","associated_software_id":"82e53718-77dc-4085-bf1a-1b1ecc3691bd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybereason Quantum Ransomware May 9 2022](/references/19027620-216a-4921-8d78-f56377778a12)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"be4dee41-5203-4f3a-968a-2bc49668fc52","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"b9123ac6-3abf-4b5a-b0b9-cb037d2741e4","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ddcfd31d-6fb8-4c69-af92-6defdf5a0330","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"f9ee4b73-4ec7-4615-be19-fe482112ee69","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5ed1e197-2679-4a71-9a02-90e1d4e27471","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4bab7c2b-5ec4-467e-8df4-f2e6996e136b","name":"QuasarRAT","type":"tool","source":"MITRE","software_attack_id":"S0262","tidal_id":"a0086ecf-48df-5078-8fa4-e4c0df614e7b","created":"2018-10-17T00:14:20.652000Z","modified":"2022-08-02T15:36:30.238000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"293643d5-aeb3-4b1a-8cb4-79c0c0d19f7d","name":"xRAT","description":"<sup>[[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)]</sup><sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"cc118a28-e714-416e-bf2d-e82525f4782d","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[TrendMicro Patchwork Dec 2017](https://app.tidalcyber.com/references/15465b26-99e1-4956-8c81-cda3388169b8)]</sup><sup>[[Volexity Patchwork June 2018](https://app.tidalcyber.com/references/d3ed7dd9-0941-4160-aa6a-c0244c63560f)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]</sup>","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DOJ APT10 Dec 2018](https://app.tidalcyber.com/references/3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2)]</sup><sup>[[Symantec Cicada November 2020](https://app.tidalcyber.com/references/28a7bbd8-d664-4234-9311-2befe0238b5b)]</sup><sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT43 March 2024](https://app.tidalcyber.com/references/8ac3fd0a-4a93-5262-9ac2-f676c5d11fda)]</sup><sup>[[Mandiant APT43 Full PDF Report](https://app.tidalcyber.com/references/b5414a09-0da6-5d8c-bcca-47df9a469ec0)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]</sup>","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Check Point Research Blind Eagle March 10 2025](/references/4a9b874a-8ed3-476d-8da2-d59e081c4b40)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Symantec Elfin Mar 2019](/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5d233127-5736-478b-9cbe-39adda2bb2f7","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"f90aae4d-4eea-479e-8c0e-0d7fc67312d8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"38825346-0d77-4ae8-9d4d-8e0a5e781030","name":"Query","type":"tool","source":"Tidal Cyber","software_attack_id":"S3860","tidal_id":"af4e9c0d-7ccc-54bb-90d2-faa2bfbf0f36","created":"2026-01-06T18:05:03.952123Z","modified":"2026-01-06T18:05:03.952126Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b3b0d981-c947-4e41-a8f4-7ee78763dca0","name":"Query.exe","description":"<sup>[[Query.exe - LOLBAS Project](/references/377292f2-4559-4ecc-a344-8719d0dde4d2)]</sup>","source":"USER","associated_software_id":"0e0d2684-fe1b-4207-95e5-927449e59a69","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"1735a8b8-57d4-4edc-a540-d0bc0674dbc9","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"07fde49b-6b86-5053-b953-a13a2171e53a","name":"Quick Assist","type":"tool","source":"MITRE","software_attack_id":"S1209","tidal_id":"07fde49b-6b86-5053-b953-a13a2171e53a","created":"2025-04-22T20:47:02.907175Z","modified":"2025-04-22T20:47:02.907179Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8fc55b6c-111f-4575-a677-3fa7b225c23d","name":"QuickAssist","description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","source":"USER","associated_software_id":"428eec4c-85a3-4634-b500-79eb43cb86b5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[Storm-1811](https://app.tidalcyber.com/groups/f17d1768-9563-539a-8d3a-e3e9500658bf) used [Quick Assist](https://app.tidalcyber.com/software/07fde49b-6b86-5053-b953-a13a2171e53a) as part of social engineering activity to interact with victims to install follow-on malicious software.<sup>[[Microsoft Storm-1811 2024](https://app.tidalcyber.com/references/c3c52950-51cf-540f-9951-1d8bef4be937)]</sup>","group_attack_id":"G1046","group_id":"f17d1768-9563-539a-8d3a-e3e9500658bf","name":"Storm-1811","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3081","group_id":"a1a03a84-1d75-40a3-916e-d3e0d1068d11","name":"CURLY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5d9f0a9f-8cf2-45a5-af34-c88c92dd3177","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"dbc2f77a-0f9e-428a-82c3-8954db3f8b02","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"40ff8929-7f00-439e-a091-a0b01a6d46d4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"9c4f3f26-c391-4b2c-9dd4-e4bb9bbc5ea3","name":"Quick Assist (Deprecated)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3134","tidal_id":"f3909a3b-ef91-5d9e-b34d-ac97e4382639","created":"2024-06-13T20:12:34.384816Z","modified":"2024-06-13T20:12:34.384820Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3038","group_id":"ee2da206-2532-44e3-a343-d66e9bfdbca0","name":"Storm-1811 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3081","group_id":"a1a03a84-1d75-40a3-916e-d3e0d1068d11","name":"CURLY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog 5 15 2024](/references/0876de6e-ea0c-4717-89a4-9c7baed53b6f)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d00690d8-ed58-4a28-b6cf-41e9f0e4f7ec","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4b6cfd78-babf-4ff6-8031-c1f30b151b0a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3993a383-5bdf-4144-bc2a-32ea9040bafe","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9dbe856f-dd50-490d-86f1-8cd4514f31e3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"19d9e2e7-20fd-41e8-8c2c-38c5b76eed79","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"52d3515c-5184-5257-bf24-56adccb4cccd","name":"QUIETCANARY","type":"malware","source":"MITRE","software_attack_id":"S1076","tidal_id":"5db9b5ce-07bf-5d46-9882-6e4d5e644223","created":"2023-11-07T00:35:47.985936Z","modified":"2023-11-07T00:35:47.985941Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bcc438cd-d1be-59be-b12e-b83d4dfd571e","name":"Tunnus","description":"<sup>[[Mandiant Suspected Turla Campaign February 2023](https://app.tidalcyber.com/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]</sup>","source":"MITRE","associated_software_id":"9f3ab541-3447-4e2e-9f35-f7f1f7328385","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Mandiant Suspected Turla Campaign February 2023](/references/d8f43a52-a59e-5567-8259-821b1b6bde43)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":null},{"id":"947ab087-7550-577f-9ae9-5e82e9910610","name":"QUIETEXIT","type":"malware","source":"MITRE","software_attack_id":"S1084","tidal_id":"559485c8-1864-561a-8816-53f178ae4aa4","created":"2023-11-07T00:35:46.241893Z","modified":"2023-11-07T00:35:46.241898Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT29 Eye Spy Email Nov 22](https://app.tidalcyber.com/references/452ca091-42b1-5bef-8a01-921c1f46bbee)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b0f13546-232f-455a-8abe-b3e7ea122175","tag":"33d35d5e-f0cf-4c66-9be3-a3ffe6610b1a"}],"owner_name":null},{"id":"dcdb74c5-4445-49bd-9f9c-236a7ecc7904","name":"QuietSieve","type":"malware","source":"MITRE","software_attack_id":"S0686","tidal_id":"988bca19-9727-5e95-8120-7f0204773a7c","created":"2022-02-18T16:46:39.268000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Actinium February 2022](https://app.tidalcyber.com/references/5ab658db-7f71-4213-8146-e22da54160b3)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3784d233-1b33-4312-b991-d78fb2021875","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"7b78eb31-f251-493b-8058-14a3452e8ccc","name":"Quser","type":"tool","source":"Tidal Cyber","software_attack_id":"S3076","tidal_id":"ffa44289-4f43-5b1b-b58c-40d3b9d6bf7e","created":"2023-09-08T15:49:58.049152Z","modified":"2023-09-08T15:49:58.049157Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8d4eeb76-9f88-4994-adc2-244ed77b0606","name":"Quser.exe","description":"","source":"Tidal Cyber","associated_software_id":"b75127d4-1d6e-49fe-9919-fe5e471be7c2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog August 27 2025](/references/acee642f-25de-48d7-a566-5bdfe804b8b3)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3026","group_id":"e47b2958-b7c4-4fe1-a006-03137db91963","name":"UNC961","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"54106106-fd6c-4653-9e59-abcaf028f993","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3d41e944-5f66-4a54-96d2-ff083ab98542","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c5826ff4-127d-4c0c-9270-21f11ce16b41","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"16701646-f1d9-46a0-81d9-163426e4889b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"e20c1b98-2719-4c36-bb88-50984bb92f32","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"0d90523b-d39f-4845-8688-455ea584a733","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"5db6ea45-2d6f-419f-9bb6-0456a5e83d6d","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"7b1ecc53-eda8-4a0a-9ced-7e49f96c2eff","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"51e11717-52ea-443b-9985-4af7c5884d04","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"ee3ea8f6-4e24-474a-a049-4e44a6618f7c","name":"QWCrypt","type":"malware","source":"Tidal Cyber","software_attack_id":"S3767","tidal_id":"f4e09e70-aa1a-5a1e-950d-737bf5960055","created":"2025-12-17T14:18:51.915552Z","modified":"2025-12-17T14:18:51.915556Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0a908151-a08b-4f71-96c5-d68b4e0c42ec","name":"qwCrypt","description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","source":"USER","associated_software_id":"0facfcf0-eb40-4bd8-9af1-993084cbab29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"62912c42-3f59-4c4f-9126-fe1fa9520406","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f6bd57fb-3555-4b07-b163-c41420287cc0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8d717889-a101-54a8-8c8c-4aee8423d151","name":"Raccoon Stealer","type":"malware","source":"MITRE","software_attack_id":"S1148","tidal_id":"8d717889-a101-54a8-8c8c-4aee8423d151","created":"2024-10-31T16:28:06.940155Z","modified":"2024-10-31T16:28:06.940158Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Scattered Spider JUL 2025](https://app.tidalcyber.com/references/276a2ed6-d532-51ee-9066-83145b7506c5)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"MITRE"}],"tags":[{"id":"ea42473e-8e09-472a-b5f9-e120c7b083c1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b8d8dd47-5c6a-4242-88d1-acea15ab3bd5","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"33c0f985-3e1e-4901-bfee-d3c81bba0d71","name":"Radmin","type":"tool","source":"Tidal Cyber","software_attack_id":"S3120","tidal_id":"2c460e9e-b1c4-53fe-9e7a-88f162c7d470","created":"2024-04-04T20:39:09.819368Z","modified":"2024-04-04T20:39:09.819371Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7e6b3f77-67f1-4e40-be9b-239f5d92edc2","name":"Radmin Server","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"ca75a2ae-02e2-41d8-88f8-e1d4ff747dbe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Group IB Silence Sept 2018](/references/10d41d2e-44be-41a7-84c1-b8f39689cb93)]</sup>","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bcf5dd63-cf99-43cc-aa8a-2a65cdcf912b","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"44e1f006-207b-4fcd-8220-7f223f855f10","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"bd3347ce-5a61-452d-84ee-7ecc3816d90d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"52d3547a-f5c1-45e0-86b4-1835948b5990","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5b0ba37d-f758-4669-b2fa-b121e6ce557a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d2388882-b228-422f-9182-07291b6c5fd4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"1f091b1e-7001-4cf0-ac73-9a5cd5c6ed21","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"3b88cde9-4cd5-49a9-a074-ca4353b1c075","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"d25f7acd-a995-4b8b-8ffe-ccc9703cdf5f","name":"Ragnar Locker","type":"malware","source":"MITRE","software_attack_id":"S0481","tidal_id":"5aaa5eb2-6810-5b68-afe1-3d11af01515f","created":"2020-06-29T23:30:53.824000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec FIN8 Jul 2023](https://app.tidalcyber.com/references/9b08b7f0-1a33-5d76-817f-448fac0d165a)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a57e8b86-aca3-42fa-8799-c90c7400c7ce","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"72d6aafa-6b34-48a1-80d3-dfc8dabaf508","tag":"cb5803f0-8ab4-4ada-8540-7758dfc126e2"},{"id":"9e4bf24b-d3e7-427c-8eba-54199744cad2","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ecc6f1ee-00f1-4f36-9565-d09a19c35646","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"80295aeb-59e3-4c5d-ac39-9879158f8d23","name":"Raindrop","type":"malware","source":"MITRE","software_attack_id":"S0565","tidal_id":"a62c0cd6-20f7-522c-ab31-a6131f1ae60c","created":"2021-01-19T19:43:27.828000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec RAINDROP January 2021](https://app.tidalcyber.com/references/9185092d-3d99-466d-b885-f4e76fe74b6b)]</sup><sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup><sup>[[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5861b329-90f9-44f4-a069-7f82fe553dd0","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"42b775bd-0c1d-4ad3-8f7f-cbb0ba84e19e","name":"RainyDay","type":"malware","source":"MITRE","software_attack_id":"S0629","tidal_id":"becd4845-7637-54b6-8a0f-fe9353835caf","created":"2021-06-29T14:46:45.468000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Bitdefender Naikon April 2021](https://app.tidalcyber.com/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"15f1d454-b5a4-4100-8b42-a9805ea38231","name":"RALord Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3474","tidal_id":"9537b14e-e8b5-50d7-9ab5-a8d4cb375771","created":"2025-05-20T16:17:59.208185Z","modified":"2025-05-20T16:17:59.208189Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac8dd1d3-8a0a-4b4b-896e-f16c8e3ae42a","name":"RaLord","description":"<sup>[[None April 01 2025](/references/09f43dcf-3af4-40cd-9dcb-6a9205fef52b)]</sup>","source":"USER","associated_software_id":"5d033d9d-d58c-4879-aae2-201a21899efd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8cbcc27c-1070-4206-92fa-ff852c379fc1","name":"RLord Ransomware","description":"<sup>[[SonicWall Nova Ransomware April 11 2025](/references/4926be5f-0eea-44cc-a73e-2f173eee901b)]</sup>","source":"Tidal Cyber","associated_software_id":"1a2c72e1-ae9a-4401-aa2e-069da55ba707","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[SonicWall Nova Ransomware April 11 2025](/references/4926be5f-0eea-44cc-a73e-2f173eee901b)]</sup>","group_attack_id":"G3101","group_id":"0c26f51f-35d8-40e8-9ad0-e5092cb3c04e","name":"Nova RaaS","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"faaca0ab-1dc4-417c-a9a5-94a74241ed8d","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"bbe27b5e-c4ad-4f7c-8b31-5e4cee454e57","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"2a65d424-e7bb-4eae-97a5-1dc548e13819","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"e57cf027-b51b-4787-b2fa-4e1110211554","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"abfda409-aed1-49c0-857e-c3d23cad5348","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"93f4ff4c-2a53-424a-8705-c031a1b63800","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"dc307b3c-9bc5-4624-b0bc-4807fa1fc57b","name":"Ramsay","type":"malware","source":"MITRE","software_attack_id":"S0458","tidal_id":"3dbb440b-be2a-5add-af70-33f5cf4f7946","created":"2020-05-27T16:58:08.242000Z","modified":"2021-04-14T22:10:12.150000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c8bbabe2-1b06-4ba5-b505-623e25eb8f6c","name":"RansomEXX Ransomware","type":"malware","source":"Trellix TIG","software_attack_id":"S3398","tidal_id":"6a31557f-e56e-52b6-8a31-783c9ccc381c","created":"2025-04-11T15:06:36.062066Z","modified":"2025-04-11T15:06:36.062071Z","platforms":[],"associated_software":[{"id":"6950e0e4-adee-4393-97ec-67f2eb168657","name":"RansomEXX","description":"","source":"Trellix TIG","associated_software_id":"d4ad6a33-d475-4233-a040-ab29ab70023e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"e84b7784-63bd-44ed-9b87-fbfdea147cb4","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"8271849f-77f9-5a38-812e-7b6a348b01c4","name":"RansomHub","type":"malware","source":"MITRE","software_attack_id":"S1212","tidal_id":"8271849f-77f9-5a38-812e-7b6a348b01c4","created":"2025-04-22T20:46:56.525993Z","modified":"2025-04-22T20:46:56.525996Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]</sup>","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6d56d62e-c609-4408-b577-1913c464327c","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"ae3770b1-6b80-478f-8b06-5a032466ea20","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"829b6663-99a2-4c7d-94cf-9e0bc3f95fd9","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b89c5a21-7882-4b81-bf64-5aceebf63fd5","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"4409fd10-d846-421e-a611-60307014075a","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"8fa92c6d-d80b-452e-a46b-3fd1168b7593","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"fe38aa3b-89e3-49a6-9df5-1e012575a16a","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a3044fb5-3aae-4590-b589-cc88bf0d1f34","name":"RansomHub (Payload) (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3140","tidal_id":"3d2554e4-9b29-5a1e-8abe-dca38d2c847c","created":"2024-06-13T20:12:35.687775Z","modified":"2024-06-13T20:12:35.687779Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]</sup>","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"79d57a87-daf6-4a9a-a4c1-87577bd6e02a","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"2bd8242a-b3e5-4a43-a659-c8a44175b0d5","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a9d78c8a-ecaa-4c5c-bf81-86783c02bfaf","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3d48c59f-7ff7-4950-b383-cb702b18cfc3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0c11b372-b302-4762-8a10-6dbfc5d16f00","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"ffb92556-29aa-4baf-83f3-fa9b7ef2dfb0","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"3a1856f0-7846-42b7-a0c3-0625840727b6","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3fa08a50-ceac-4d6f-aa15-c240b2044bda","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"7d71209f-7eb7-4231-b388-fcb4e8a48c25","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"129abb68-7992-554e-92fa-fa376279c0b6","name":"RAPIDPULSE","type":"malware","source":"MITRE","software_attack_id":"S1113","tidal_id":"7928f9e2-211d-58c9-889e-0d0adf4e2e78","created":"2024-04-25T13:28:19.890864Z","modified":"2024-04-25T13:28:19.890867Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6d516363-4f83-4ba9-9726-1821b167e5e3","name":"Raptor Train","type":"malware","source":"Tidal Cyber","software_attack_id":"S3188","tidal_id":"0b43d3f4-14bb-5ac4-b1b6-092f2cc48f8e","created":"2024-09-20T15:10:54.452285Z","modified":"2024-09-20T15:10:54.452288Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Black Lotus Raptor Train September 18 2024](/references/21e26577-887b-4b8c-a3f8-4ab8868bed69)]</sup><sup>[[FBI PRC Botnet September 18 2024](/references/cfb6f191-6c43-423b-9289-02beb3d721d1)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f79ca0e1-72bd-4634-8678-2f683f03b1f9","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"ba587d1d-d7ba-418f-a462-45b91d9230a6","tag":"8e674409-2923-4b4e-bc38-c1c06d24c126"},{"id":"685b5962-47ed-4ea0-902b-884a4dbbcb96","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"f198a92a-cecb-4a84-865a-b1792e758068","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"440d0044-d787-4fca-9a42-43e729c822ba","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"044debd3-91ab-4f1d-b69f-a8f81c43b804","tag":"33d35d5e-f0cf-4c66-9be3-a3ffe6610b1a"},{"id":"63fb10c3-a3c3-4816-9122-d72625927d5f","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"a66c3231-1f17-47c5-8be6-a329b7ae9de8","tag":"70dc52b0-f317-4134-8a42-71aea1443707"},{"id":"0cf0e746-fc43-4b9b-ae28-b951b4471396","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"e8ab1352-c5e2-46cb-8030-b5b62acf1f96","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"dbbf084c-53d4-4dba-b872-6bb195a6ad8e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a9c9fda8-c156-44f2-bc7e-1b696f3fbaa2","name":"RARSTONE","type":"malware","source":"MITRE","software_attack_id":"S0055","tidal_id":"635905ca-a46c-55fc-b056-140e5f727daf","created":"2017-05-31T21:32:38.480000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup><sup>[[CameraShy](https://app.tidalcyber.com/references/9942b6a5-6ffb-4a26-9392-6c8bb9954997)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"796e7f6f-7cc0-4bba-8268-12d30caf04b5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8d34715e-1018-40fc-bf09-4eca69be830e","name":"Rasautou","type":"tool","source":"Tidal Cyber","software_attack_id":"S3265","tidal_id":"18303f80-3a3d-5baf-89ba-8d39854d4302","created":"2024-01-12T14:48:05.631075Z","modified":"2024-01-12T14:48:05.631078Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4633eaeb-d4db-43ae-bb44-d339ca0d0085","name":"Rasautou.exe","description":"<sup>[[Rasautou.exe - LOLBAS Project](/references/dc299f7a-403b-4a22-9386-0be3e160d185)]</sup>","source":"Tidal Cyber","associated_software_id":"4a94b274-9bc0-4c51-82d7-e82f6e107b9c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0239bab9-ef1a-478d-be0d-2b6fee4e8706","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"85a814b9-b7ab-41eb-9170-81fb294ed830","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"22841966-6888-5ae5-8546-fd777cd66ca4","name":"Raspberry Robin","type":"malware","source":"MITRE","software_attack_id":"S1130","tidal_id":"22841966-6888-5ae5-8546-fd777cd66ca4","created":"2024-10-31T16:28:03.687066Z","modified":"2024-10-31T16:28:03.687069Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1eb60161-68a1-47f2-9a37-2c219a67866f","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"5478387a-47d8-4e72-bd2f-4486883030c7","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"f7b770b9-f348-4055-b294-1801a896c7c9","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"38b82e9b-2cd9-4954-9799-e9283e2bac8f","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"92c59cec-cdef-4d3b-a42a-7d1ee77b74e1","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"d3523afc-cc3a-46b9-a12b-5be99dbe3143","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"09ff615c-65c8-49b4-ba56-d50e2b0c9356","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3cb6c997-3d13-46e0-81b2-0d1bbeecd990","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"40466d7d-a107-46aa-a6fc-180e0eef2c6b","name":"RATANKBA","type":"malware","source":"MITRE","software_attack_id":"S0241","tidal_id":"0f107edf-67fe-5c60-af21-79903eb775c0","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Lazarus RATANKBA](https://app.tidalcyber.com/references/e3f9853f-29b0-4219-a488-a6ecfa16b09f)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d888f3dc-e1f1-5980-a1fb-84e4a2c6da34","name":"RatMilad","type":"malware","source":"Mobile","software_attack_id":"S1241","tidal_id":"d888f3dc-e1f1-5980-a1fb-84e4a2c6da34","created":"2026-01-28T13:08:09.938351Z","modified":"2026-01-28T13:08:09.938353Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"76f6151c-06eb-4798-bac7-b7e5a38fcc15","name":"RattyRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3515","tidal_id":"5f4f964d-025d-504d-8181-636ca04e175c","created":"2025-08-06T14:57:16.743220Z","modified":"2025-08-06T14:57:16.743224Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA Scattered Spider Advisory November 2023](/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a31fcdda-5526-4472-9f3c-3a220036421b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8c6c562f-c614-4fad-9b0c-f66583d91a4d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"99e19a21-f9a6-4f67-8ad6-9b127725b24a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"cc804db1-49cb-4553-b44e-33c093354c42","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"2f90e10b-edbc-4887-86eb-d6f3c85db488","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a45c5074-c8ba-475f-9fb4-7fc82f7b8577","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"d86a562d-d235-4481-9a3f-273fa3ebe89a","name":"RawDisk","type":"tool","source":"MITRE","software_attack_id":"S0364","tidal_id":"0a25f949-e139-53d4-a4f0-260002d5e5c3","created":"2019-03-25T12:30:40.919000Z","modified":"2022-07-28T18:55:35.991000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Novetta Blockbuster](https://app.tidalcyber.com/references/bde96b4f-5f98-4ce5-a507-4b05d192b6d7)]</sup><sup>[[Novetta Blockbuster Destructive Malware](https://app.tidalcyber.com/references/de278b77-52cb-4126-9341-5b32843ae9f1)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"0d282dc3-4819-4796-8e39-e1fa3c34b73d","name":"RA World","type":"malware","source":"Tidal Cyber","software_attack_id":"S3497","tidal_id":"eaef74a9-35ea-531c-9d5d-2d8f0adbddcd","created":"2025-06-10T15:51:00.670370Z","modified":"2025-06-10T15:51:00.670373Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3f398d92-7a45-4f35-ab50-052ca1e20ec7","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"55ed8828-27c1-4502-92ec-2cdcc9bca088","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"35c36498-8976-49f2-a518-6093e5be62a1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0c2956ba-a718-46b7-962a-64d81ebc1cc9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6ea1bf95-fed8-4b94-8071-aa19a3af5e34","name":"RawPOS","type":"malware","source":"MITRE","software_attack_id":"S0169","tidal_id":"fa6db3b3-a3bd-5cd0-a588-a445659498f9","created":"2018-01-16T16:13:52.465000Z","modified":"2020-03-30T03:01:39.526000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9d1c1d90-38d5-4da7-9f74-ebe24170d01c","name":"DRIFTWOOD","description":"The DRIFTWOOD component is a Perl2Exe compiled Perl script used by G0053 after they have identified data of interest on victims. <sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup> <sup>[[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]</sup>","source":"MITRE","associated_software_id":"61841581-51bc-4559-b87f-e3fbadf40eb7","owner_id":null,"owner_name":null},{"id":"419644f0-860d-4de4-8d44-91be643eff77","name":"DUEBREW","description":"The DUEBREW component is a Perl2Exe binary launcher. <sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup> <sup>[[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]</sup>","source":"MITRE","associated_software_id":"2f190c9a-f999-4e44-8083-619225ef7890","owner_id":null,"owner_name":null},{"id":"ea5a6334-00e8-4eeb-93c5-82cab199ae2e","name":"FIENDCRY","description":"The FIENDCRY component is a memory scraper based on MemPDump that scans through process memory looking for regular expressions. Its stage 1 component scans all processes, and its stage 2 component targets a specific process of interest. <sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup> <sup>[[Github Mempdump](https://app.tidalcyber.com/references/f830ed8b-33fa-4d1e-a66c-41f8c6aba69c)]</sup> <sup>[[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]</sup>","source":"MITRE","associated_software_id":"d6d49a18-4cf9-4ba3-906c-0091494c42e4","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]</sup><sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup>","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"33ea8ffb-4b64-4010-bb15-d92b7a467250","name":"Ray","type":"tool","source":"Tidal Cyber","software_attack_id":"S3692","tidal_id":"f5172a28-ed81-5ac5-9fb8-c23f8db1bb3a","created":"2025-12-10T14:14:55.023636Z","modified":"2025-12-10T14:14:55.023641Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9d00bc13-e0d5-44fd-b301-bffc4a8b6189","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"892b3f5d-c1c2-426a-8b2b-7c499f695bee","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4","name":"Rclone","type":"tool","source":"MITRE","software_attack_id":"S1040","tidal_id":"6248e118-f6ec-5a6e-a983-955b35b2ce4b","created":"2022-08-30T13:02:36.422000Z","modified":"2022-09-30T15:20:46.871000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Huntress INC Ransomware May 2024](https://app.tidalcyber.com/references/3ebccffe-d56d-594a-9548-740cf88a453b)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Medusa Group](https://app.tidalcyber.com/groups/5dd29b96-60b6-5c98-8fc0-510502c700b0) has leveraged [Rclone](https://app.tidalcyber.com/software/1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) to exfiltrate data from victim environments.<sup>[[CISA Medusa Group Medusa Ransomware March 2025](https://app.tidalcyber.com/references/fe6f032e-11f3-5d6d-9a65-e5fc54cb2779)]</sup><sup>[[Broadcom Medusa Ransomware Medusa Group March 2025](https://app.tidalcyber.com/references/01d2a059-f002-5e1e-97c1-ae714648fc10)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Sygnia Emperor Dragonfly October 2022](https://app.tidalcyber.com/references/f9e40a71-c963-53de-9266-13f9f326c5bf)]</sup>\n","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Rclone](https://app.tidalcyber.com/software/1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) to exfiltrate information from victim environments.<sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit42 BlackSuit October 14 2025](/references/5edcf0bf-1cd2-4f22-9d3c-be8eb1befda0)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) has utilized [Rclone](https://app.tidalcyber.com/software/1f3f15fa-1b4b-494d-abc8-c7f8a227b7b4) for data exfiltration.<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Esentire August 27 2025](/references/8d40c966-331f-490c-b1b6-e33a095b888a)]</sup>","group_attack_id":"G3124","group_id":"bd33c962-4fc1-49d8-8416-259a032863b8","name":"Sinobi Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Mandiant UNC3944 May 2025](https://app.tidalcyber.com/references/ba2831ec-0f30-574b-afdc-e8a7ec12b1ea)]</sup>  ","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"MITRE"},{"description":"<sup>[[Arctic Wolf Akira 2023](https://app.tidalcyber.com/references/aa34f2a1-a398-5dc4-b898-cdc02afeca5d)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Daixin Team October 2022](/references/cbf5ecfb-de79-41cc-8250-01790ff6e89b)]</sup>","group_attack_id":"G3007","group_id":"07bdadce-905e-4337-898a-13e88cfb5a61","name":"Daixin Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Resecurity BlackLock March 25 2025](/references/2977c45f-3a7a-42ae-be59-378aa288dc24)]</sup>","group_attack_id":"G3109","group_id":"fea2db0e-e6a6-44f1-9b5a-2d00744c388b","name":"BlackLock Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]</sup>","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1bd9a8a7-025b-4846-9bc9-b2c4396af7cb","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"3c51117d-0c34-42f2-9ae9-9030cb3d2858","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"6d137223-beac-4b5d-a024-9b5b5c223dc9","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"b9635ab8-fcaf-4345-b1ee-d39bd9e5141b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"7d400de3-ad66-497d-87fc-f8244e7350fa","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"7a293406-1631-44fa-9394-6bf0622e0694","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d2625dcd-7de4-4862-bc23-52cf00e2d75f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"56f92e93-0e38-456a-b513-a140e0e22bad","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"1e95202e-53c1-4141-91c1-fc659ccb821f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"29d86902-b4aa-4f37-b9bc-800eda0257f4","tag":"a40b7316-bef6-4186-9764-58ce6f033850"},{"id":"f7321455-1c23-4a2c-be1f-cf9c83395916","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a5708741-369d-4df6-96fd-a37534d80757","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6c52084b-578f-468c-9fe1-c369bdf13517","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"4d92673d-48aa-4dc2-81d0-dd39ff885b12","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"87f84093-440c-4246-9e7e-5d13d69b5692","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2db5bc53-8e6c-42e1-b4a7-6d25895f7449","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"1ee8e117-761f-4a7c-b659-c6a1f37e3238","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"03051282-02c8-49f6-8377-05308fcd351f","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"653099bf-be0d-49f5-9ee6-4655038a39e9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"b7db1193-aa86-5817-beda-78d3efe92204","name":"RCSAndroid","type":"malware","source":"Mobile","software_attack_id":"S0295","tidal_id":"b7db1193-aa86-5817-beda-78d3efe92204","created":"2026-01-28T13:08:09.937977Z","modified":"2026-01-28T13:08:09.937979Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"38c4d208-fe38-4965-871c-709fa1479ba3","name":"RCSession","type":"malware","source":"MITRE","software_attack_id":"S0662","tidal_id":"6e9f559a-a0b3-5216-8c29-bce10552b2dd","created":"2021-11-19T19:47:26.552000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Secureworks BRONZE PRESIDENT December 2019](https://app.tidalcyber.com/references/019889e0-a2ce-476f-9a31-2fc394de2821)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup><sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup><sup>[[Profero APT27 December 2020](https://app.tidalcyber.com/references/0290ea31-f817-471e-85ae-c3855c63f5c3)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c593846c-bff0-4049-8f07-f5aa00bfea31","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9a5cff11-6bad-407a-a53c-2562a56ac024","name":"rcsi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3354","tidal_id":"e179813f-d357-543b-9cf1-3e659e92702d","created":"2024-01-12T14:48:37.846391Z","modified":"2024-01-12T14:48:37.846395Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"810f4a0a-ef9d-4771-8c97-9803508cdba3","name":"rcsi.exe","description":"<sup>[[rcsi.exe - LOLBAS Project](/references/dc02058a-7ed3-4253-a976-6f99b9e91406)]</sup>","source":"Tidal Cyber","associated_software_id":"c0f4b154-5dac-40e7-b6d0-eb111c1da58c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f2f05461-3722-4ea2-9e2a-fa266693f2ef","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d00d5fae-3c67-4598-bc55-12fce093fd8f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"567da30e-fd4d-4ec5-a308-bf08788f3bfb","name":"RDAT","type":"malware","source":"MITRE","software_attack_id":"S0495","tidal_id":"b59b94ea-4746-5342-89ca-10e8b735175d","created":"2020-07-28T17:26:36.168000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 RDAT July 2020](https://app.tidalcyber.com/references/2929baa5-ead7-4936-ab67-c4742afc473c)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e94842ce-c2c6-4872-bbb5-90e8300f071d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ca4e973c-da15-46a9-8f3a-0b1560c9a783","name":"RDFSNIFFER","type":"malware","source":"MITRE","software_attack_id":"S0416","tidal_id":"b46f20b9-c791-5331-8962-e596fdb12edc","created":"2019-10-11T16:13:19.588000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye FIN7 Oct 2019](https://app.tidalcyber.com/references/df8886d1-fbd7-4c24-8ab1-6261923dee96)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c21fde98-2d3e-4906-984f-f54d4c81d364","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"411f7de1-5b46-482f-8ed7-ff90c4ca1327","name":"RDP","type":"tool","source":"Tidal Cyber","software_attack_id":"S3651","tidal_id":"58d80ade-6a50-5e45-8f94-c72cc2178f09","created":"2025-11-19T17:45:42.102147Z","modified":"2025-11-19T17:45:42.102151Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"da345175-ddc2-4e10-973d-7b56920e5cbe","name":"Remote Desktop Protocol","description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","source":"USER","associated_software_id":"463f6219-9e98-4ddc-b120-1b730e93a20b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c6fb6453-db5a-4d0c-8e21-1a1a05f8495f","name":"RDP client","description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","source":"USER","associated_software_id":"3d7a980d-d293-43fc-8fce-556d4b258b02","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"83ca97dc-a357-48e5-8a48-0dc3a1c2ea6d","name":"Remote Desktop Protocol client","description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","source":"USER","associated_software_id":"890b1494-398d-450a-a2d7-fa4016d143c6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"e02a7c16-4e3b-47b4-b59f-8abbb6a42eed","name":"Remote Desktop Connection","description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","source":"USER","associated_software_id":"7f697b5b-a23b-4f6c-82d0-43f50fb321dc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"a1de6aea-89ad-4455-a95d-130701786051","name":"Terminal Services Client","description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","source":"USER","associated_software_id":"3eba3ca8-206a-4403-abc9-3c27428449a3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ee01fa9c-529f-4ab4-b12d-164460fb9116","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a55ca719-f571-407b-818c-5fa9922898ab","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e8b67b8d-ebfc-43c0-bbc3-d5bd5b353285","name":"rdpclip.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3623","tidal_id":"0f1de457-02a8-5210-8f39-4e51242965d3","created":"2025-11-11T13:26:34.305915Z","modified":"2025-11-11T13:26:34.305919Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1328d4b2-31cd-4314-ad12-77878b834c46","name":"RDPclip","description":"","source":"USER","associated_software_id":"c4ef3933-0467-4151-9d33-16af3962e1fd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1ff7d7d1-e2a3-42ec-aa67-83b82738b629","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"f3fb8dec-3a9a-4a32-a7ee-c7cccf61d3f0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e343de0d-c2f4-4240-8b4a-aa921fe870ed","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"22d9f7be-7447-4cce-90f0-67a13d4b6a82","name":"RDP Recognizer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3052","tidal_id":"4cc04aef-87a9-5682-9c59-e97c5586f4ff","created":"2023-07-14T12:56:39.959166Z","modified":"2023-07-14T12:56:39.959170Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b7e8d36d-dcfe-48a3-ab17-f7912535b068","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"b0007efb-e4ee-438a-8417-65ce0b9eb5cb","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"71dec2a6-c7bf-4f6f-8016-e9a80ff7de3e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6d02fdb2-3a92-4860-a01d-e483cd1311c4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9864bbfe-f8d7-4d60-a71f-1270fea3793a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"c864f3ae-a40d-4322-9c96-53966fa39dc5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"35f927ea-fd7a-4cd5-9ca3-82a6de113c3a","name":"RDP Wrapper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3427","tidal_id":"fc18eddb-2898-5f0b-974c-61a5e5242804","created":"2025-02-11T18:20:40.260605Z","modified":"2025-02-11T18:20:40.260610Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2164f4e1-181c-4ebb-abf5-2f87bc2f7f4b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"71c01736-5406-48de-a188-c6ed6519beb9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9af403e3-1dba-42a4-a5de-9ae29a6299a0","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"466623da-7095-4536-81a1-851cea4b6a57","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"633740af-aec1-4cb5-93d1-b87b3085876d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3b37c81a-9574-4ac3-a996-d4cfe1e3ddb1","name":"rdrleakdiag","type":"tool","source":"Tidal Cyber","software_attack_id":"S3266","tidal_id":"01153fa0-2733-538b-b44a-bad1d1118c76","created":"2024-01-12T14:48:05.974918Z","modified":"2024-01-12T14:48:05.974922Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4a803f25-7a1f-4038-8cc1-2ff4d24ff94c","name":"rdrleakdiag.exe","description":"<sup>[[rdrleakdiag.exe - LOLBAS Project](/references/1feff728-2230-4a45-bd64-6093f8b42646)]</sup>","source":"Tidal Cyber","associated_software_id":"d6302e6b-9ff5-4278-9d9d-98cbbffb5cc2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"181b4c5a-9456-44cf-a360-6d40d2e57def","name":"Microsoft Windows Resource Leak Diagnostic Tool","description":"<sup>[[Symantec Ukraine Targeting October 29 2025](/references/08b6d849-2837-4af9-bb8a-e0425e6a02e4)]</sup>","source":"USER","associated_software_id":"1ebf5c6f-12af-47c9-9c1c-f07abc6ee6a7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fc99a857-388f-4e5a-9343-58a595a1486f","tag":"9fbc403c-bd2e-458a-a202-a65b8201e973"},{"id":"df10fbcc-47c8-4e32-96cf-10f87610ee42","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"632fa315-7794-4411-b0d5-2d0dfe78f393","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"bd47e4e9-fde4-4463-a999-f119ece0a846","name":"React2Shell in-memory webshell","type":"malware","source":"Tidal Cyber","software_attack_id":"S3750","tidal_id":"f72bbd59-e144-5791-9e95-0985c369d9bd","created":"2025-12-17T14:18:49.322694Z","modified":"2025-12-17T14:18:49.322698Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3736d27d-cc91-409f-988b-c3b716869071","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"08de2575-d0c3-4c98-ac28-34b3da43708a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3a428c52-1162-4b6b-abfa-057d54a9b786","name":"ReadOnly","type":"malware","source":"Tidal Cyber","software_attack_id":"S3882","tidal_id":"2b36d3df-b45e-5597-947e-217518b2820b","created":"2026-01-06T18:05:07.718471Z","modified":"2026-01-06T18:05:07.718475Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4f0c6ae5-0ac5-49c7-b927-fe8053601462","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"bdacd534-1c18-4cb4-af2d-44d78c7f528e","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"4da5c4e3-1f8a-4501-a3d8-a9f98b250b8a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e42fed24-2e7d-49dd-9fdf-3742c8b45000","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"acbed11a-0d8e-40d9-99d6-08bdff716f24","name":"RealTimeTroy","type":"malware","source":"Tidal Cyber","software_attack_id":"S3785","tidal_id":"57c89f64-58d8-55ca-8c1b-638688f0e5f6","created":"2025-12-24T14:57:24.564634Z","modified":"2025-12-24T14:57:24.564638Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b56d3405-0a22-4521-99bc-de3398650bc1","name":"RealTimeTroy.macOS","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"d3045dd8-281d-4798-ae1e-95f5e66dff9a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"48a92315-13e0-4375-9960-efce600cec71","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e0bacf02-263a-4637-8ed4-cbbc64eed6f7","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"d03c05c1-4893-4dcd-b3ba-592f2b5252cb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"74e35bf5-d696-4758-ab99-b981c7219bfa","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ca544771-d43e-4747-80e5-cf0f4a4836f3","name":"Reaver","type":"malware","source":"MITRE","software_attack_id":"S0172","tidal_id":"72855048-0058-5f15-b50b-05cd277a92ec","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b2931d17-ba87-5445-bd17-1bb2062f9d55","name":"Red Alert 2.0","type":"malware","source":"Mobile","software_attack_id":"S0539","tidal_id":"b2931d17-ba87-5445-bd17-1bb2062f9d55","created":"2026-01-28T13:08:09.938382Z","modified":"2026-01-28T13:08:09.938384Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"245fa907-5977-5014-ae49-7615118f855e","name":"RedDrop","type":"malware","source":"Mobile","software_attack_id":"S0326","tidal_id":"245fa907-5977-5014-ae49-7615118f855e","created":"2026-01-28T13:08:09.938568Z","modified":"2026-01-28T13:08:09.938570Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5264c3ab-14e1-4ae1-854e-889ebde029b4","name":"RedLeaves","type":"malware","source":"MITRE","software_attack_id":"S0153","tidal_id":"c90a78cb-7bff-52ac-b65a-51da6664ec74","created":"2017-12-14T16:46:06.044000Z","modified":"2020-03-30T21:01:05.439000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5c7b379f-7d04-4904-8465-ae74c1da5e54","name":"BUGJUICE","description":"Based on similarities in reported malware behavior and open source reporting, it is assessed that the malware named BUGJUICE by FireEye is likely the same as the malware RedLeaves. <sup>[[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]</sup> <sup>[[Twitter Nick Carr APT10](https://app.tidalcyber.com/references/0f133f2c-3b02-4b3b-a960-ef6a7862cf8f)]</sup>","source":"MITRE","associated_software_id":"07310f3e-ca07-43f8-a5fd-f078bd0b1ae4","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[PWC Cloud Hopper Technical Annex April 2017](https://app.tidalcyber.com/references/da6c8a72-c732-44d5-81ac-427898706eed)]</sup><sup>[[DOJ APT10 Dec 2018](https://app.tidalcyber.com/references/3ddc68b4-53f1-4fa5-b7f3-4e5d7d9661f2)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d8fd0c2a-3a41-58f5-855b-6158f21c184a","name":"RedLine Stealer","type":"malware","source":"MITRE","software_attack_id":"S1240","tidal_id":"d8fd0c2a-3a41-58f5-855b-6158f21c184a","created":"2025-10-29T21:08:48.110725Z","modified":"2025-10-29T21:08:48.110726Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2fdedb4e-634f-4f72-8cc1-39f896874cfd","tag":"c7bd6fa4-288f-4da1-986e-e0fd9a4a3c97"},{"id":"84c707a5-57ef-43c7-b5c4-08d0b3f1ddc8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"f604b489-c9fb-44b9-b62a-fb411ba093f7","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"f4e8f752-dad8-44b4-8ecb-471f06ae1e2d","name":"RedLine Stealer (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3408","tidal_id":"e8bcb088-78aa-55ea-bab2-f2831f80def3","created":"2025-02-03T21:09:15.712875Z","modified":"2025-02-03T21:09:15.712879Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a180240c-4a7a-4870-a8f7-7f3be868c610","tag":"c7bd6fa4-288f-4da1-986e-e0fd9a4a3c97"},{"id":"0bfeb657-f7d3-4d56-8fab-08ae94666045","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"27d42179-2e31-493a-ac2b-b24d10ff816c","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"e3190674-9ff1-4842-b285-baed0f730e99","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f3b772a4-65db-468d-b1ec-8f81039ab86b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"57b261d4-cf74-4d5c-976f-a95bf4687ac3","name":"RedLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3768","tidal_id":"6e548fab-8b52-5b3e-aff6-d60cfcf4ab44","created":"2025-12-17T14:18:52.074018Z","modified":"2025-12-17T14:18:52.074021Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3f544e9a-f482-48b1-a457-656ae7671ba0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"41fe5fc7-157d-4889-a8fd-f83a435981a4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d796615c-fa3d-4afd-817a-1a3db8c73532","name":"Reg","type":"tool","source":"MITRE","software_attack_id":"S0075","tidal_id":"e12f8b71-4926-5146-9f25-8901b5836acb","created":"2017-05-31T21:32:49Z","modified":"2022-10-13T20:23:35.333000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4ba0a066-1b3c-4670-8f57-e84f5245a78b","name":"reg.exe","description":"","source":"MITRE","associated_software_id":"7d5f2e75-7ff0-44e4-b8a7-2d817c58ffe0","owner_id":null,"owner_name":null}],"groups":[{"description":"[Daggerfly](https://app.tidalcyber.com/groups/f0dab388-1641-50aa-b0b2-6bdb816e0490) has used [Reg](https://app.tidalcyber.com/software/d796615c-fa3d-4afd-817a-1a3db8c73532) to dump various Windows registry hives from victim machines.<sup>[[Symantec Daggerfly 2023](https://app.tidalcyber.com/references/cb0a51f5-fe5b-5dd0-8f55-4e7536cb61a4)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Ukraine Targeting October 29 2025](/references/08b6d849-2837-4af9-bb8a-e0425e6a02e4)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ReliaQuest December 09 2025](/references/d01a6573-49f4-415b-a778-778d08255afd)]</sup>","group_attack_id":"G3175","group_id":"2a834c03-7339-481f-8fcb-787e13f990c6","name":"Storm-0249","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"[Gamaredon Group](https://app.tidalcyber.com/groups/41e8b4a4-2d31-46ee-bc56-12375084d067) has used [Reg](https://app.tidalcyber.com/software/d796615c-fa3d-4afd-817a-1a3db8c73532) to add Run keys to the Registry.<sup>[[unit42_gamaredon_dec2022](https://app.tidalcyber.com/references/a8a32597-2b52-5f99-850d-f38d3f891713)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)]</sup><sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Rancor Unit42 June 2018](https://app.tidalcyber.com/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]</sup>","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Soft Cell June 2019](https://app.tidalcyber.com/references/620b7353-0e58-4503-b534-9250a8f5ae3c)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"MITRE"},{"description":"<sup>[[US-CERT TA18-074A](https://app.tidalcyber.com/references/94e87a92-bf80-43e2-a3ab-cd7d4895f2fc)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"095a0292-0096-4326-afe4-f32fe31a7963","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"ed03f9a2-b040-4e8e-aeca-8f2b54fb47ee","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"17aeb811-b6cb-4127-bd28-aa86a0a30e20","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"bf24aa7c-96b3-4858-b88a-52d74d2049fd","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"b39db01b-d482-4b0c-8788-76abfad05dd9","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"3972cff8-13ed-493b-856d-fcd478fc2ff8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ad5d1fb5-abdc-4796-b5ff-76d4fff066cb","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"bea54c17-66f0-4e8c-8908-62f62691ab39","tag":"ec4a7c87-051b-4b7d-8acc-03696fe2113e"},{"id":"5ac2f79b-5a3f-43c2-9d7d-7e9058dc3c1c","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4b504abe-7696-48c0-947c-61f331072b9c","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"b2ef788c-8283-471d-8026-6d792b362e20","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"fd57c074-1a91-4d30-823c-5db56010a130","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"ac8a36fc-6f97-4e0f-9dc5-ff1df2cb0146","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0b9f2da6-6f9e-4f69-b96b-c5809ec27cf4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a17bb7a6-9600-4cf2-82c8-b95e69d9b571","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"fa1d1c76-0899-4fa2-99a7-d215f39c39f8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"1e892f4b-5398-44ac-aeb4-2e50f70c5716","name":"Regasm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3268","tidal_id":"06417fa1-7f36-50ae-a97d-3a954fab005a","created":"2024-01-12T14:48:06.342722Z","modified":"2024-01-12T14:48:06.342726Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9dab22f5-8405-44d2-8ebf-8c7ed07a75d0","name":"Regasm.exe","description":"<sup>[[LOLBAS Regasm](/references/b6a3356f-72c2-4ec2-a276-2432eb691055)]</sup>","source":"Tidal Cyber","associated_software_id":"39a11044-91eb-4631-9272-b29b46694271","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"77813008-f241-4a8f-9b35-34aed8dadff9","tag":"7d31d8f7-375b-4fb3-a631-51b42e58d95a"},{"id":"a6d909b5-9465-4fb6-9899-907e09ab27eb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f253c3c6-8626-475c-89b2-5c90f8962569","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"52dc08d8-82cc-46dc-91ae-383193d72963","name":"RegDuke","type":"malware","source":"MITRE","software_attack_id":"S0511","tidal_id":"2ed5d7fe-27f5-5614-b393-1d997a90c26b","created":"2020-09-23T18:04:24.998000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET Dukes October 2019](https://app.tidalcyber.com/references/fbc77b85-cc5a-4c65-956d-b8556974b4ef)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e3675dda-31bc-4cad-9552-98b9a7241351","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"16cc6ff2-8804-4863-aede-40c4376e0af3","name":"Regedit","type":"tool","source":"Tidal Cyber","software_attack_id":"S3269","tidal_id":"390109c9-bb11-56dc-8d3d-ec2a04e85c13","created":"2024-01-12T14:48:06.712689Z","modified":"2024-01-12T14:48:06.712694Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ed13f106-17dd-4fdf-9f19-5ab62fed9a75","name":"Regedit.exe","description":"<sup>[[Regedit.exe - LOLBAS Project](/references/86e47198-751b-4754-8741-6dd8f2960416)]</sup>","source":"Tidal Cyber","associated_software_id":"f230afe5-bf37-46ae-9f46-124ad37bb0e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"d4ec00ff-ba29-4e9d-a519-a7ba4f55992e","tag":"36affa3d-c949-4e1b-8667-299490580dd5"},{"id":"5b860862-50fc-4108-b965-139e3e494b76","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5ef8f2f6-4407-4a10-a90e-727b612adbf6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7e92e30b-9eb1-52fc-9bf8-8c3b168910c5","name":"reGeorg","type":"malware","source":"MITRE","software_attack_id":"S1187","tidal_id":"7e92e30b-9eb1-52fc-9bf8-8c3b168910c5","created":"2025-04-22T20:46:56.408573Z","modified":"2025-04-22T20:46:56.408576Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT29 Eye Spy Email Nov 22](https://app.tidalcyber.com/references/452ca091-42b1-5bef-8a01-921c1f46bbee)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Security Affairs ANSSI APT28 OCT 2023](https://app.tidalcyber.com/references/5189bf11-876d-54f2-8f3c-f6b2bfb2e7c6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"958adb9d-5c37-46c2-9612-83577ae70ad8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"1d88e586-3573-4eef-96b6-c649d3b58903","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"e88bf527-bb9c-45c3-b86b-04a07dcd91fd","name":"Regin","type":"malware","source":"MITRE","software_attack_id":"S0019","tidal_id":"f08c050d-d7d5-5273-a14f-4701982cc417","created":"2017-05-31T21:32:17.959000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"92457f9e-c2e6-4d61-b927-0d8ff0f6d617","name":"Regini","type":"tool","source":"Tidal Cyber","software_attack_id":"S3270","tidal_id":"a6a78c9a-3501-5029-bd05-f0bcd69c5228","created":"2024-01-12T14:48:07.097326Z","modified":"2024-01-12T14:48:07.097330Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9ccfddfb-3d11-4727-8e78-7fe09dae53e9","name":"Regini.exe","description":"<sup>[[Regini.exe - LOLBAS Project](/references/db2573d2-6ecd-4c5a-b038-2f799f9723ae)]</sup>","source":"Tidal Cyber","associated_software_id":"16554d65-2a29-4401-9930-cad7f681a7e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"106cf135-95eb-4c58-8c37-6bd04f770720","tag":"288c6e19-cf6c-451a-aff3-547f371ff4ad"},{"id":"df2396b3-e8a4-4ba8-ab2a-c56b5c15a919","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"457e4c72-ffe4-4082-b789-fbfcf52b3b1f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c80bac89-6b63-4860-9f66-260976a184e8","name":"Register-cimprovider","type":"tool","source":"Tidal Cyber","software_attack_id":"S3271","tidal_id":"5adec3cf-7b92-52f5-b68a-7507eaaff22f","created":"2024-01-12T14:48:07.439054Z","modified":"2024-01-12T14:48:07.439057Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e6fc20e7-7068-48a1-8ae4-a1b98ae67115","name":"Register-cimprovider.exe","description":"<sup>[[Register-cimprovider.exe - LOLBAS Project](/references/d445d016-c4f1-45c8-929d-913867275417)]</sup>","source":"Tidal Cyber","associated_software_id":"17ba6fd7-2072-4ef8-955a-87ccea4f9ec9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ba906064-1da1-423d-babf-3152c2e9a725","tag":"d379a1fb-1028-4986-ae6c-eb8cc068aa68"},{"id":"281ee723-efc5-4484-ac51-77986643d405","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7c41dbd4-3072-417c-af80-df2149deb8ec","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"271dd92b-76ee-4a00-ba41-343c32fc084e","name":"Regsvcs","type":"tool","source":"Tidal Cyber","software_attack_id":"S3272","tidal_id":"d0253f07-d6dd-55c8-8fd1-e53279313606","created":"2024-01-12T14:48:07.775293Z","modified":"2024-01-12T14:48:07.775297Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8dc52fcf-9e7a-420b-bec5-2cd511c6bad7","name":"Regsvcs.exe","description":"<sup>[[LOLBAS Regsvcs](/references/3f669f4c-0b94-4b78-ad3e-fd62f7600902)]</sup>","source":"Tidal Cyber","associated_software_id":"784ed6e9-5db4-4aeb-ac49-a5e402062a89","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"bbf68644-4924-4ad5-ae2a-f194d3e733a2","tag":"141e4dce-00be-4bd7-9f81-6202939f0359"},{"id":"610b0e37-88ff-468d-b55d-f411216f3620","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"890ef9d3-6ba2-4139-b87b-16b72d0f23b6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"533d2c42-45a7-456e-af75-b61e2aff98a7","name":"Regsvr32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3273","tidal_id":"98c4f518-3940-576d-98ff-2f59e2de1565","created":"2024-01-12T14:48:08.116531Z","modified":"2024-01-12T14:48:08.116535Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dbf326f4-37e2-4866-8b44-a65e392af5c3","name":"Regsvr32.exe","description":"<sup>[[LOLBAS Regsvr32](/references/8e32abef-534e-475a-baad-946b6ec681c1)]</sup>","source":"Tidal Cyber","associated_software_id":"400f3e02-f6b9-405a-8cd0-12dcf81cf4e4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[KISA Operation Muzabi](/references/8742ac96-a316-4264-9d3d-265784483f1a)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET OceanLotus Mar 2019](/references/b2745f5c-a181-48e1-b1cf-37a1ffe1fdf0)]</sup><sup>[[FireEye APT32 May 2017](/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]</sup><sup>[[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Proofpoint Leviathan Oct 2017](/references/f8c2b67b-c097-4b48-8d95-266a45b7dd4d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]</sup>","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 Valak July 2020](/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[RSA Shell Crew](/references/6872a6d3-c4ab-40cf-82b7-5c5c8e077189)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Talos Cobalt Group July 2018](/references/7cdfd0d1-f7e6-4625-91ff-f87f46f95864)]</sup><sup>[[Morphisec Cobalt Gang Oct 2018](/references/0a0bdd4b-a680-4a38-967d-3ad92f04d619)]</sup><sup>[[TrendMicro Cobalt Group Nov 2017](/references/81847e06-fea0-4d90-8a9e-5bc99a2bf3f0)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky Cloud Atlas December 2014](/references/41a9b3e3-0953-4bde-9e1d-c2f51de1120e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Lab52 WIRTE Apr 2019](/references/884b675e-390c-4f6d-8cb7-5d97d84115e5)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye APT19](/references/d75508b1-8b85-47c9-a087-bc64e8e4cb33)]</sup>","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"349771cc-d35d-43d6-98b2-3f4b1d10705c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"faf61293-5e56-4871-a251-86311ba58eed","tag":"32be7240-e5ea-4e8a-8e95-7c1bd7869754"},{"id":"fe12fae7-e7e3-4274-9f45-92bba9e3e29c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"435179b5-abd7-4af6-a503-77a88ba7de4c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2eb92fa8-514e-4018-adc4-c9fe4f082567","name":"Remcos","type":"tool","source":"MITRE","software_attack_id":"S0332","tidal_id":"d4069d5f-9463-5e6b-b088-b2249ddc3e66","created":"2019-01-29T18:55:20.245000Z","modified":"2022-09-16T15:40:41.093000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a8fc9c0a-2674-4af9-9f57-fc1643c6f10c","name":"Remcos RAT","description":"<sup>[[ASEC January 08 2026](/references/3a04cc8c-f814-4ce7-bb13-d1097f3da270)]</sup>","source":"USER","associated_software_id":"a7864e53-dcf7-42f5-b7d9-6c0dd4ee16ae","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Unit 42 Gorgon Group Aug 2018](https://app.tidalcyber.com/references/d0605185-3f8d-4846-a718-15572714e15b)]</sup>","group_attack_id":"G0078","group_id":"efb3b5ac-cd86-44a2-9de1-02e4612b8cc2","name":"Gorgon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[VenereCiscoTalos_Gamaredon_Mar2025](https://app.tidalcyber.com/references/a0ba01e4-864b-510b-a8d1-896e9e32cac4)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](https://app.tidalcyber.com/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Check Point Research Blind Eagle March 10 2025](/references/4a9b874a-8ed3-476d-8da2-d59e081c4b40)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Symantec Elfin Mar 2019](/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"cdf864e2-ecb9-4d59-9672-ca44302adc37","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"6d8066ca-d002-43b1-8534-6e19c6c5fe69","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"079f3f0d-0743-429e-914f-c32632f368a3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"82d0bb4d-4711-49e3-9fe5-c522bbe5e8bb","name":"Remexi","type":"malware","source":"MITRE","software_attack_id":"S0375","tidal_id":"3bcb6793-5135-502d-a4c7-af2e25c2832a","created":"2019-04-17T19:18:00.270000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Chafer Dec 2015](https://app.tidalcyber.com/references/0a6166a3-5649-4117-97f4-7b8b5b559929)]</sup><sup>[[Securelist Remexi Jan 2019](https://app.tidalcyber.com/references/07dfd8e7-4e51-4c6e-a4f6-aaeb74ff8845)]</sup><sup>[[Symantec Chafer February 2018](https://app.tidalcyber.com/references/3daaa402-5477-4868-b8f1-a2f6e38f04ef)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3a1436e9-ce2c-449e-a670-c1b212ebd754","name":"Remote","type":"tool","source":"Tidal Cyber","software_attack_id":"S3355","tidal_id":"b45c7b35-843c-58d5-9e8b-67f481cfd681","created":"2024-01-12T14:48:38.198996Z","modified":"2024-01-12T14:48:38.199000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"33bc2a4a-117d-492e-8b7e-893d28566989","name":"Remote.exe","description":"<sup>[[Remote.exe - LOLBAS Project](/references/9a298f83-80b8-45a3-9f63-6119be6621b4)]</sup>","source":"Tidal Cyber","associated_software_id":"fcde468a-6c78-46b0-967a-240fcbe815f6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"869ac21c-736f-4ef1-a844-294b403f6333","tag":"828f1559-b13d-4426-9dcf-5f601fcb6ff0"},{"id":"38e5471c-63e2-483f-8c9b-8c46797aa44b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"24942347-2305-4e5e-988b-df7cf6cf7dd9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"57fa64ea-975a-470a-a194-3428148ae9ee","name":"RemoteCMD","type":"malware","source":"MITRE","software_attack_id":"S0166","tidal_id":"36046a04-d0f4-525b-a27b-719fd81ef452","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Buckeye](https://app.tidalcyber.com/references/dbf3ce3e-bcf2-4e47-ad42-839e51967395)]</sup>","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8a7fa0df-c688-46be-94bf-462fae33b788","name":"RemoteUtilities","type":"tool","source":"MITRE","software_attack_id":"S0592","tidal_id":"153a0514-49d4-5f4f-85ab-6611ad66ded1","created":"2021-03-18T14:57:34.628000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Muddy Water March 2021](https://app.tidalcyber.com/references/16b4b834-2f44-4bac-b810-f92080c41f09)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e3729cff-f25e-4c01-a7a1-e8b83e903b30","name":"Remsec","type":"malware","source":"MITRE","software_attack_id":"S0125","tidal_id":"0102dd2f-d969-514e-bfc0-90e7f8cbb01f","created":"2017-05-31T21:33:12.858000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"15f882e8-7e1f-43a8-a680-4489b3b13fa9","name":"Backdoor.Remsec","description":"","source":"MITRE","associated_software_id":"818bf505-64bb-43da-88ae-58c60c8590b3","owner_id":null,"owner_name":null},{"id":"d3b1274a-04a1-4a55-a318-63ffe1fdf114","name":"ProjectSauron","description":"ProjectSauron is used to refer both to the threat group also known as G0041 as well as the malware platform also known as S0125. <sup>[[Kaspersky ProjectSauron Blog](https://app.tidalcyber.com/references/baeaa632-3fa5-4d2b-9537-ccc7674fd7d6)]</sup>","source":"MITRE","associated_software_id":"4535e2aa-6351-4200-9e81-ea1a883bc6d3","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Strider Blog](https://app.tidalcyber.com/references/664eac41-257f-4d4d-aba5-5d2e8e2117a7)]</sup><sup>[[Kaspersky ProjectSauron Blog](https://app.tidalcyber.com/references/baeaa632-3fa5-4d2b-9537-ccc7674fd7d6)]</sup>","group_attack_id":"G0041","group_id":"deb573c6-071a-4b50-9e92-4aa648d8bdc1","name":"Strider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"19a04c82-f816-464c-b050-a57269cba157","name":"Replace","type":"tool","source":"Tidal Cyber","software_attack_id":"S3274","tidal_id":"cc4165fe-57a8-5701-a5b6-2b0dd8813a6e","created":"2024-01-12T14:48:08.458102Z","modified":"2024-01-12T14:48:08.458106Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3cabd4a8-a41a-428c-a018-ab68ab9bab9e","name":"Replace.exe","description":"<sup>[[Replace.exe - LOLBAS Project](/references/82a473e9-208c-4c47-bf38-92aee43238dd)]</sup>","source":"Tidal Cyber","associated_software_id":"9e22fb92-6276-4af9-8394-9d6f8a62df9b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"63a6b65d-adfb-48d3-811e-3a8fcb07abbf","tag":"accb4d24-4b40-41ce-ae2e-adcca7e80b41"},{"id":"9a563763-5135-4169-b197-2cf7ca62ba63","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"cd1e763b-4431-428e-b279-42fe4dc98e4a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0f334fb0-7cdb-5252-8196-b8593b72291b","name":"REPTILE","type":"malware","source":"MITRE","software_attack_id":"S1219","tidal_id":"0f334fb0-7cdb-5252-8196-b8593b72291b","created":"2025-10-29T21:08:48.110672Z","modified":"2025-10-29T21:08:48.110673Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Mandiant UNC3886 2024](https://app.tidalcyber.com/references/77b32efe-b936-5541-b0fb-aa442a7d11b7)]</sup>","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"acd92e81-66d4-431f-bb39-2f27ceadcb60","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"5a2042bc-1bf5-4184-8ee9-fe5e4a891d79","name":"REPTILE Backdoor","type":"malware","source":"Trellix TIG","software_attack_id":"S3441","tidal_id":"10e608ff-8721-5682-8a44-eb37d581a901","created":"2025-04-11T15:06:48.675955Z","modified":"2025-04-11T15:06:48.675959Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f88f6029-8eed-4395-b7cb-36477d1a88ef","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"63854449-d785-45e9-9716-ce251be13a9e","name":"Reptile Rootkit","type":"malware","source":"Trellix TIG","software_attack_id":"S3426","tidal_id":"38e5354b-2238-5118-a0fe-2c1fb9ab1ea5","created":"2025-04-11T15:06:46.039057Z","modified":"2025-04-11T15:06:46.039061Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9fca12c1-f3db-4b6e-a258-52089180aa57","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":"TidalCyberIan"},{"id":"f74eb83c-0ec6-4987-a533-c1c6ca4bb4b6","name":"requests (Python library)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3879","tidal_id":"d1b37f95-4ed9-52a3-bd4e-34268259dfcf","created":"2026-01-06T18:05:07.250204Z","modified":"2026-01-06T18:05:07.250207Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"fb02a2ac-fe82-4aec-9701-170254218d38","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"a641dffc-de0c-41a4-a1b5-f13e8eb33383","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"06cf8e46-054c-4e62-98be-d49ad82e8797","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"b4463d22-6496-40ea-965c-98c422ecdcd9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7a988938-bed2-43bc-ac5e-33bc21bca94d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8286a644-99ae-468a-aae3-716b464f61a8","name":"Reset","type":"tool","source":"Tidal Cyber","software_attack_id":"S3861","tidal_id":"91a5caf2-0a12-59ad-a29c-067e75a39862","created":"2026-01-06T18:05:04.105574Z","modified":"2026-01-06T18:05:04.105578Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"069c017b-366a-4472-bce4-879c683176e3","name":"Reset.exe","description":"<sup>[[Reset.exe - LOLBAS Project](/references/31108705-a1d3-49c8-ad22-663abeea2078)]</sup>","source":"USER","associated_software_id":"1dd48d73-c6d1-412a-ab85-98e9559f2a44","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"58c99a95-9605-42e1-9d7e-76d9949574c1","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"2a5ea3a7-9873-4a2e-b4b5-4e27a80db305","name":"Responder","type":"tool","source":"MITRE","software_attack_id":"S0174","tidal_id":"40de3b08-bae2-5e41-b3bb-cd7c92dac942","created":"2018-01-16T16:13:52.465000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT28 Hospitality Aug 2017](https://app.tidalcyber.com/references/7887dc90-3f05-411a-81ea-b86aa392104b)]</sup><sup>[[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)]</sup> ","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ClearSky Lazarus Aug 2020](https://app.tidalcyber.com/references/2827e6e4-8163-47fb-9e22-b59e59cd338f)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Responder](https://app.tidalcyber.com/software/2a5ea3a7-9873-4a2e-b4b5-4e27a80db305) in intrusions.<sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"cd61d01b-6268-4ffd-90a6-6169893fdfc6","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"70e218ea-2b47-47ee-8a84-580b8089ac67","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0fb5f951-50f0-44e6-808d-b7707c71eda9","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"946a1b56-0812-4081-a6e3-3fbed096e3c5","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6e87490a-64d2-4824-a420-b7b6aa59f697","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"b1de13f0-45bf-4f6a-861b-912bcc3911e7","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"738dec95-c5df-4684-ada7-44bd82315e4f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"5f36d8c1-729e-466a-bab4-61f218a05ad5","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":null},{"id":"0c0f1dbc-e1e6-4a95-8cab-80fa857cc5ef","name":"Restart Manager","type":"tool","source":"Tidal Cyber","software_attack_id":"S3664","tidal_id":"43003791-1b4c-557e-a153-dfae1792ea18","created":"2025-11-26T19:38:19.592896Z","modified":"2025-11-26T19:38:19.592900Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"64720e66-fd4c-4d90-8788-c24eed3434b5","name":"Restart Manager API","description":"<sup>[[BleepingComputer November 19 2025](/references/ec75f7aa-a908-46b5-896f-bc4ed40d58c0)]</sup>","source":"USER","associated_software_id":"fee17137-4f78-4321-8626-2039fca7de19","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[BleepingComputer November 19 2025](/references/ec75f7aa-a908-46b5-896f-bc4ed40d58c0)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a4c18bab-0d1a-4980-8771-1d997fe058b3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4fda3b48-d1f4-4ab1-a24a-4dce321c316a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1e3ea2d1-bd50-409d-9307-c1e6b70d2bb7","name":"Restic","type":"tool","source":"Tidal Cyber","software_attack_id":"S3393","tidal_id":"46df7f2f-ef45-5423-b578-17f268302746","created":"2024-10-04T20:33:22.677417Z","modified":"2024-10-04T20:33:22.677424Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[GuidePoint Security INC Ransomware August 14 2024](/references/414ff729-ba51-4c5a-a4ac-027e0d3c14df)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"11d7d963-4afd-46d5-926d-e0b9625689bf","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"272d4d4d-cfdd-4c16-bd0b-7c21319b430e","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"f99712b4-37a2-437c-92d7-fb4f94a1f892","name":"Revenge RAT","type":"malware","source":"MITRE","software_attack_id":"S0379","tidal_id":"cd40eab8-a101-5153-bab3-8f9c75bd5677","created":"2019-05-02T01:07:36.780000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cylance Shaheen Nov 2018](https://app.tidalcyber.com/references/57802e46-e12c-4230-8d1c-08854a0de06a)]</sup>","group_attack_id":"G0089","group_id":"830079fe-9824-405b-93e0-c28592155c49","name":"The White Company","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"921cac65-a5bf-425b-ba67-aa5bb5296151","name":"ReverseSocks5","type":"tool","source":"Tidal Cyber","software_attack_id":"S3825","tidal_id":"85aa578e-d3f5-5e81-9e1e-6c737dd26119","created":"2025-12-24T14:57:30.553925Z","modified":"2025-12-24T14:57:30.553929Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e52e3e09-9a1d-4a26-854e-35de1423efc0","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"7a609550-c77c-4aff-99f5-c5e554a37f0d","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"9024cf36-7a41-401e-b46d-8b50bfaee780","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4bb1ae01-8540-421e-b25b-d69fa077f78e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9314531e-bf46-4cba-9c19-198279ccf9cd","name":"REvil","type":"malware","source":"MITRE","software_attack_id":"S0496","tidal_id":"7e54ef71-a805-5886-9636-b3f604fb2b85","created":"2020-08-04T15:06:14.796000Z","modified":"2022-05-24T21:09:01.019000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"043041bc-aade-4c05-921f-c773f2d9886c","name":"Sodinokibi","description":"<sup>[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)]</sup><sup>[[Intel 471 REvil March 2020](https://app.tidalcyber.com/references/b939dc98-e00e-4d47-84a4-3eaaeb5c0abf)]</sup><sup>[[G Data Sodinokibi June 2019](https://app.tidalcyber.com/references/03b1ef5a-aa63-453a-affc-aa0caf174ce4)]</sup><sup>[[Kaspersky Sodin July 2019](https://app.tidalcyber.com/references/ea46271d-3251-4bd7-afa8-f1bd7baf9570)]</sup><sup>[[Cylance Sodinokibi July 2019](https://app.tidalcyber.com/references/3ad8def7-3a8a-49bb-8f47-dea2e570c99e)]</sup><sup>[[Secureworks GandCrab and REvil September 2019](https://app.tidalcyber.com/references/46b5d57b-17be-48ff-b723-406f6a55d84a)]</sup><sup>[[Talos Sodinokibi April 2019](https://app.tidalcyber.com/references/fb948877-da2b-4abd-9d57-de9866b7a7c2)]</sup><sup>[[McAfee Sodinokibi October 2019](https://app.tidalcyber.com/references/1bf961f2-dfa9-4ca3-9bf5-90c21755d783)]</sup><sup>[[McAfee REvil October 2019](https://app.tidalcyber.com/references/288e94b3-a023-4b59-8b2a-25c469fb56a1)]</sup><sup>[[Picus Sodinokibi January 2020](https://app.tidalcyber.com/references/2e9c2206-a04e-4278-9492-830cc9347ff9)]</sup><sup>[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)]</sup><sup>[[Tetra Defense Sodinokibi March 2020](https://app.tidalcyber.com/references/a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50)]</sup>","source":"MITRE","associated_software_id":"6fcd580a-ca00-4d56-95e5-d33d34d9da3a","owner_id":null,"owner_name":null},{"id":"6086442f-6f60-4f6f-8659-d8c967ff7b56","name":"Sodin","description":"<sup>[[Intel 471 REvil March 2020](https://app.tidalcyber.com/references/b939dc98-e00e-4d47-84a4-3eaaeb5c0abf)]</sup><sup>[[Kaspersky Sodin July 2019](https://app.tidalcyber.com/references/ea46271d-3251-4bd7-afa8-f1bd7baf9570)]</sup>","source":"MITRE","associated_software_id":"37fc63a5-5059-4fd9-b598-ae195d9f7d1f","owner_id":null,"owner_name":null},{"id":"22955bd8-0e20-4a9c-9c6d-2d54c1d5ebc8","name":"Sodin","description":"<sup>[[Intel 471 REvil March 2020](https://app.tidalcyber.com/references/b939dc98-e00e-4d47-84a4-3eaaeb5c0abf)]</sup><sup>[[Kaspersky Sodin July 2019](https://app.tidalcyber.com/references/ea46271d-3251-4bd7-afa8-f1bd7baf9570)]</sup>","source":"ICS","associated_software_id":"37fc63a5-5059-4fd9-b598-ae195d9f7d1f","owner_id":null,"owner_name":null},{"id":"568aa2fb-f727-4e8f-83ce-23a5852c58a1","name":"Sodinokibi","description":"<sup>[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)]</sup><sup>[[Intel 471 REvil March 2020](https://app.tidalcyber.com/references/b939dc98-e00e-4d47-84a4-3eaaeb5c0abf)]</sup><sup>[[G Data Sodinokibi June 2019](https://app.tidalcyber.com/references/03b1ef5a-aa63-453a-affc-aa0caf174ce4)]</sup><sup>[[Kaspersky Sodin July 2019](https://app.tidalcyber.com/references/ea46271d-3251-4bd7-afa8-f1bd7baf9570)]</sup><sup>[[Cylance Sodinokibi July 2019](https://app.tidalcyber.com/references/3ad8def7-3a8a-49bb-8f47-dea2e570c99e)]</sup><sup>[[Secureworks GandCrab and REvil September 2019](https://app.tidalcyber.com/references/46b5d57b-17be-48ff-b723-406f6a55d84a)]</sup><sup>[[Talos Sodinokibi April 2019](https://app.tidalcyber.com/references/fb948877-da2b-4abd-9d57-de9866b7a7c2)]</sup><sup>[[McAfee Sodinokibi October 2019](https://app.tidalcyber.com/references/1bf961f2-dfa9-4ca3-9bf5-90c21755d783)]</sup><sup>[[McAfee REvil October 2019](https://app.tidalcyber.com/references/288e94b3-a023-4b59-8b2a-25c469fb56a1)]</sup><sup>[[Picus Sodinokibi January 2020](https://app.tidalcyber.com/references/2e9c2206-a04e-4278-9492-830cc9347ff9)]</sup><sup>[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)]</sup><sup>[[Tetra Defense Sodinokibi March 2020](https://app.tidalcyber.com/references/a6ef0302-7bf4-4c5c-a6fc-4bd1c3d67d50)]</sup>","source":"ICS","associated_software_id":"6fcd580a-ca00-4d56-95e5-d33d34d9da3a","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[IBM Ransomware Trends September 2020](https://app.tidalcyber.com/references/eb767436-4a96-4e28-bd34-944842d7593e)]</sup><sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup><sup>[[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[IBM Ransomware Trends September 2020](https://app.tidalcyber.com/references/eb767436-4a96-4e28-bd34-944842d7593e)]</sup><sup>[[CrowdStrike Carbon Spider August 2021](https://app.tidalcyber.com/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup><sup>[[FBI Flash FIN7 USB](https://app.tidalcyber.com/references/42dc957c-007b-4f90-88c6-1afd6d1032e8)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)]</sup><sup>[[Secureworks GandCrab and REvil September 2019](https://app.tidalcyber.com/references/46b5d57b-17be-48ff-b723-406f6a55d84a)]</sup>","group_attack_id":"G0115","group_id":"b4d068ac-9b68-4cd8-bf0c-019f910ef8e3","name":"GOLD SOUTHFIELD","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[Secureworks REvil September 2019](https://app.tidalcyber.com/references/8f4e2baf-4227-4bbd-bfdb-5598717dcf88)]</sup><sup>[[Secureworks GandCrab and REvil September 2019](https://app.tidalcyber.com/references/46b5d57b-17be-48ff-b723-406f6a55d84a)]</sup>","group_attack_id":"G0115","group_id":"b4d068ac-9b68-4cd8-bf0c-019f910ef8e3","name":"GOLD SOUTHFIELD","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Wandering Spider Profile](/references/cbaa3a39-f12e-4487-8aa6-1bd3e66b62b0)]</sup>","group_attack_id":"G3087","group_id":"c88e3c8d-cb71-48e1-a2c4-5f00300dfa0b","name":"WANDERING SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"23a82679-dd83-4aca-a628-916f70fdbeba","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"be9dfd5c-ec62-45e5-bf22-f3b9129db915","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ab52f516-a732-4c8b-9a16-1a464ec1513c","tag":"286918d5-0b48-4655-9118-907b53de0ee0"},{"id":"e162a019-8e43-48e9-9143-d7c9d9e60361","tag":"93c53801-5427-4678-a753-7fc761e9eda1"},{"id":"2568beba-a84a-4a3d-a6d0-33c32a263734","tag":"1138181b-b2cf-4b6b-82da-10867aa4089d"},{"id":"c69b759d-cd29-4ee2-98e4-191ace7a9b83","tag":"00ec2407-cc63-4b62-b967-c3e06bdddd2f"},{"id":"c55897ca-333c-4992-9f50-c3b52a82b862","tag":"1cc90752-70a3-4a17-b370-e1473a212f79"},{"id":"fa140856-b9c7-4fda-bfc9-b84a77aa06a8","tag":"0e948c57-6c10-4576-ad27-9832cc2af3a1"},{"id":"960b11d1-dd93-42b8-9599-746094bf27e6","tag":"0ed7d10c-c65b-4174-9edb-446bf301d250"},{"id":"bb1a9a5c-ae9f-4810-b33c-5a0974fb2c90","tag":"1b98f09a-7d93-4abb-8f3e-1eacdb9f9871"},{"id":"07c4401c-1c05-49a0-b974-5ceb51c500ca","tag":"ab64f2d8-8da3-48de-ac66-0fd91d634b22"},{"id":"418b14b5-b156-4a13-be1a-deba8bc4e53b","tag":"c8ce7130-e134-492c-a98a-ed1d25b57e4c"},{"id":"fbfc5b55-284c-4b51-a5ea-a371862ff55a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"44f04984-3fde-4452-9960-f81163b2a817","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"1f31803d-e85b-439b-b9da-b4738d71b921","name":"Revo Uninstaller","type":"tool","source":"Tidal Cyber","software_attack_id":"S3544","tidal_id":"48e68f25-1ea1-5d6a-ad01-1c5e0fe3292b","created":"2025-09-15T19:14:00.453143Z","modified":"2025-09-15T19:14:00.453147Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Esentire August 27 2025](/references/8d40c966-331f-490c-b1b6-e33a095b888a)]</sup>","group_attack_id":"G3124","group_id":"bd33c962-4fc1-49d8-8416-259a032863b8","name":"Sinobi Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"90c10245-7e63-4455-85b8-5a66c7ecc56e","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"899b6758-1b57-4d22-8375-90b66a4347ed","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"1048c2e5-af78-426f-9cbe-a822111bf421","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"dfcc39d4-4d4b-459d-9258-021b1de8b960","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6bdbb369-6f72-4e1f-a7ac-32d25de5de13","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d5649d69-52d4-4198-9683-b250348dea32","name":"RGDoor","type":"malware","source":"MITRE","software_attack_id":"S0258","tidal_id":"b5c38f3e-b953-5c5c-927d-922769d4afe4","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 RGDoor Jan 2018](https://app.tidalcyber.com/references/94b37da6-f808-451e-8f2d-5df0e93358ca)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3776b38e-c5de-4a21-aa82-63dcf60ac248","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a12ce715-caa4-48ba-8d27-1c07d61e0d2f","name":"Rhadamanthys","type":"malware","source":"Tidal Cyber","software_attack_id":"S3403","tidal_id":"e4d9408c-eaf5-57c0-9b0e-91f96be441da","created":"2024-10-14T19:20:46.574476Z","modified":"2024-10-14T19:20:46.574481Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dd225a39-6338-4d21-89d5-892b2bedefdb","name":"Rhadamanthys Stealer","description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","source":"USER","associated_software_id":"be93ee51-ccc2-42d6-8cac-7295de69a074","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3172","group_id":"1678d6dc-8e4f-4edc-8360-802985bd7846","name":"GrayBravo","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3173","group_id":"7e4dd0e2-4fa0-4dd5-ad0e-41aa9effe8bf","name":"TAG-160","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google TAG CVE-2023-38831 October 18 2023](/references/6e8fb629-4bb8-4557-9d42-385060be598f)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"734b8b2a-5faf-481e-83dc-8d4240ca1924","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"b7f51a7b-0502-4cc5-91ab-d62fa7391a2e","tag":"b97de6e0-0f03-4380-b102-328400e2c3c9"},{"id":"5b07436a-6cd0-421f-b552-1b29fe9f9f61","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"4ec410fa-9cd2-4c56-81f2-388028d85256","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"44a1bc93-979b-4d91-a6fc-5d625ceb152e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f7c1e1cd-cc64-4417-92c3-76afed55d38c","name":"Rhysida Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3065","tidal_id":"d0f0aa97-7750-506f-8c3c-b631af4269fc","created":"2024-06-13T20:12:29.099237Z","modified":"2024-06-13T20:12:29.099240Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"824834f9-5adb-4186-9e85-68a4205db153","tag":"abea659c-fe23-4252-afc0-17b8adaa24f7"},{"id":"498904b7-4dcb-4f5f-a622-06eadd418000","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d8d291a6-2764-4d76-967a-45148bfa0bb7","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"fe06b887-50a0-4cb8-846d-1063636ce65c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"907da3d9-63ce-48c1-a7ac-9f6ba8949c29","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"508be3d2-c2f2-4e2c-8781-678ddb4fe8f2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ca5ae7c8-467a-4434-82fc-db50ce3fc671","name":"Rifdoor","type":"malware","source":"MITRE","software_attack_id":"S0433","tidal_id":"81361803-77f2-5d69-8b7a-c560505f55f1","created":"2020-05-05T14:03:11.359000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[AhnLab Andariel Subgroup of Lazarus June 2018](https://app.tidalcyber.com/references/bbc66e9f-98f9-4e34-b568-2833ea536f2e)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"82548759-1883-40c8-a76c-2b0900e21a73","name":"RIFLESPINE","type":"malware","source":"Trellix TIG","software_attack_id":"S3434","tidal_id":"df9ac4ce-f964-5f67-b86f-15a50383b5ac","created":"2025-04-11T15:06:47.391561Z","modified":"2025-04-11T15:06:47.391565Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"500912fe-cec5-4831-b392-e5dabf3f801c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"d8417b7d-90b1-5357-9a44-c3f9fdd45f58","name":"RIFLESPINE","type":"malware","source":"MITRE","software_attack_id":"S1222","tidal_id":"d8417b7d-90b1-5357-9a44-c3f9fdd45f58","created":"2025-10-29T21:08:48.110757Z","modified":"2025-10-29T21:08:48.110757Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Mandiant UNC3886 2024](https://app.tidalcyber.com/references/77b32efe-b936-5541-b0fb-aa442a7d11b7)]</sup>","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"06a44e34-4dbd-46c2-b46e-62104b26f5e1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5d153647-3401-498d-882f-c53b80b5ac69","name":"Rigel","type":"malware","source":"Tidal Cyber","software_attack_id":"S3688","tidal_id":"136c523a-9bb8-57ff-80f1-1093ff43ffe6","created":"2025-12-10T14:14:54.342469Z","modified":"2025-12-10T14:14:54.342473Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"392d2f9b-f5a8-4b08-ae21-1e5e220f66ee","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8e8a6df8-179e-48fd-9afc-d9b10e5d0a2e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b2ab981f-c022-59e0-9535-e11b2b875ec8","name":"Riltok","type":"malware","source":"Mobile","software_attack_id":"S0403","tidal_id":"b2ab981f-c022-59e0-9535-e11b2b875ec8","created":"2026-01-28T13:08:09.938780Z","modified":"2026-01-28T13:08:09.938782Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"00fa4cc2-6f99-4b18-b927-689964ef57e1","name":"RIPTIDE","type":"malware","source":"MITRE","software_attack_id":"S0003","tidal_id":"b267b886-39fe-5907-b28e-3f6e05dbd2a8","created":"2017-05-31T21:32:11.911000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Moran 2014](https://app.tidalcyber.com/references/15ef155b-7628-4b18-bc53-1d30be4eac5d)]</sup>","group_attack_id":"G0005","group_id":"225314a7-8f40-48d4-9cff-3ec39b177762","name":"APT12","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"19b1f1c8-5ef3-4328-b605-38e0bafc084d","name":"Rising Sun","type":"malware","source":"MITRE","software_attack_id":"S0448","tidal_id":"54f216f6-6f12-5e96-ae6b-fa6b89862d2b","created":"2020-05-14T22:29:25.653000Z","modified":"2022-10-13T15:46:29.677000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5452ec27-0deb-5f29-bed9-5ee838040438","name":"ROADSWEEP","type":"malware","source":"MITRE","software_attack_id":"S1150","tidal_id":"5452ec27-0deb-5f29-bed9-5ee838040438","created":"2024-10-31T16:28:07.180931Z","modified":"2024-10-31T16:28:07.180935Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a1d88ed9-cd87-468c-afa3-de702b519b56","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"15bc8e94-64d1-4f1f-bc99-08cfbac417dc","name":"ROADTools","type":"tool","source":"MITRE","software_attack_id":"S0684","tidal_id":"cbc99cfc-d6f5-5124-8686-4660c1bd8b3a","created":"2022-02-18T13:29:23.577000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"bb3fda2a-b438-4d2a-856e-97f74ed72756","name":"Azure AD"},{"id":"fe608ebe-d912-5489-95fc-914b226a933f","name":"Identity Provider"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC Nobelium Oct 2021](https://app.tidalcyber.com/references/7b6cc308-9871-47e5-9039-a9a7e66ce373)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"a6ec428f-e5d0-4edb-930b-8eadc0d13bce","tag":"c9c73000-30a5-4a16-8c8b-79169f9c24aa"}],"owner_name":null},{"id":"b65956ef-439a-463d-b85e-6606467f508a","name":"RobbinHood","type":"malware","source":"MITRE","software_attack_id":"S0400","tidal_id":"f3963f10-bdd1-5216-8058-b9b89aba1d55","created":"2019-07-29T14:27:18.204000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"dcba0f75-23c1-4ef5-9227-55dab611a531","tag":"ce9f1048-09c1-49b0-a109-dd604afbf3cd"},{"id":"f47b7e0e-bed4-46b4-9ff8-5e3086cd607c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"00608930-b4ee-465e-8e0a-4e28db166f5d","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"cb7aa34e-312f-4210-be7b-47a1e3f5b7b5","name":"ROCKBOOT","type":"malware","source":"MITRE","software_attack_id":"S0112","tidal_id":"2abdedd5-1649-5aaa-93ea-f121d9287a3d","created":"2017-05-31T21:33:07.565000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"852cf78d-9cdc-4971-a972-405921027436","name":"RogueRobin","type":"malware","source":"MITRE","software_attack_id":"S0270","tidal_id":"f1d326a3-294f-5bc8-b151-f2d73b03e749","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 DarkHydrus July 2018](https://app.tidalcyber.com/references/800279cf-e6f8-4721-818f-46e35ec7892a)]</sup><sup>[[Unit42 DarkHydrus Jan 2019](https://app.tidalcyber.com/references/eb235504-d142-4c6d-9ffd-3c0b0dd23e80)]</sup>","group_attack_id":"G0079","group_id":"f2b31240-0b4a-4fa4-82a4-6bb00e146e75","name":"DarkHydrus","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"a3479628-af0b-4088-8d2a-fafa384731dd","name":"ROKRAT","type":"malware","source":"MITRE","software_attack_id":"S0240","tidal_id":"becd8815-9523-5e9e-9714-00d875a77bb6","created":"2018-10-17T00:14:20.652000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Talos Group123](https://app.tidalcyber.com/references/bf8b2bf0-cca3-437b-a640-715f9cc945f7)]</sup><sup>[[Securelist ScarCruft May 2019](https://app.tidalcyber.com/references/2dd5b872-a4ab-4b77-8457-a3d947298fc0)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"121a685d-4369-4af5-bc9d-07a4229b2c4b","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"b490328b-190f-4dfa-8698-5c17065d6fec","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"1277282f-0dda-4c5e-9d5f-3d2d4c41dec1","tag":"19e8c417-a31d-417d-8266-f2430fa4cc02"},{"id":"9f8b50cc-860c-4fad-bc16-4c0c56a115b3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4af6326b-eba7-4446-83aa-8b98771d390f","name":"RomCom","type":"malware","source":"Tidal Cyber","software_attack_id":"S3018","tidal_id":"184227c7-12b4-53dc-9365-8d0632c9ab8b","created":"2024-06-13T20:12:27.584690Z","modified":"2024-06-13T20:12:27.584695Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0a325939-ec37-4aed-8f8c-a512f55758f1","name":"ROMCOM RAT","description":"<sup>[[Trend Micro December 11 2025](/references/245f6529-20de-4849-8aa3-ba35b79f3a49)]</sup>","source":"USER","associated_software_id":"2ffa4b35-82dd-470f-a111-fa38980efb90","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"73e04b0c-d7bb-409e-827a-5d38ae773c33","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8610a79e-86a4-4e3c-943b-b6aa7bfdc173","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"13da51e3-26fe-4c8f-81b5-4ce18693e590","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f5658022-7bc5-4567-a92b-e647e43a50da","name":"RomCom Mythic Loader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3704","tidal_id":"842adc88-1e9d-5920-a431-bcaba9bb922b","created":"2025-12-10T14:14:56.878180Z","modified":"2025-12-10T14:14:56.878184Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"34fc2337-094f-4e53-9687-289fbbb3b3e0","name":"msedge.dll","description":"<sup>[[Arctic Wolf November 25 2025](/references/24a1832e-ffc5-4504-8e47-32ba0be97b0c)]</sup>","source":"USER","associated_software_id":"8af8642b-7281-4774-80ac-d8708e325f64","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Arctic Wolf November 25 2025](/references/24a1832e-ffc5-4504-8e47-32ba0be97b0c)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3f970445-ae70-4cf0-957a-ac73ffe0869a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ccf2c25f-46e5-45c7-bf99-784fe0eeb0a1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"80eb9d8c-19b0-47e3-8c5e-d49af3af3f3f","name":"Rondo","type":"malware","source":"Tidal Cyber","software_attack_id":"S3874","tidal_id":"dac5c2a5-2af8-5ece-b8bf-05753e52a5b8","created":"2026-01-06T18:05:06.464367Z","modified":"2026-01-06T18:05:06.464370Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"7e6ed525-2d0c-460d-bd3b-46ee55865673","name":"RondoDoX","description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","source":"USER","associated_software_id":"33b556ae-813f-4577-8b5b-0eb6d58ed5c0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f1780364-fbaf-488f-ad84-6ba937f7120a","name":"RondoBOT","description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","source":"USER","associated_software_id":"3fd2a0b5-7b49-4954-84fc-5b47da01d7ba","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9383001d-48d2-408b-b941-53b2196bc711","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"c6ab7943-5a45-4cf6-b617-1817dd3389c6","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"},{"id":"19e638cb-18e5-4109-8ffe-d8c2b12ce28f","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"8ea4a421-8009-4b49-842f-ad315d4fc59d","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"7efaeb81-aa66-45d7-a792-e3c8b5665e26","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cc9ec3a7-cb84-40f2-b18c-e80eb46d29b6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ed041d5d-e130-4964-9796-b25e3b425963","name":"Rondo bolts (nuts/bolts)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3875","tidal_id":"b55ef4f6-7521-5e65-ab01-d23ae25edf80","created":"2026-01-06T18:05:06.619624Z","modified":"2026-01-06T18:05:06.619627Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a2339887-7754-45fa-97ec-041d1fb3a99c","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"0ecbe459-2ab4-44e2-a6ea-1622a394578c","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"327be3a4-c6c1-4040-8ec9-c49a68cfaf06","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"614b5f48-7c43-4b14-b8ba-42d5611eaf3f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"98d6466b-b944-4b05-856f-a09245a1da6b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1cfb417c-fe31-4500-b10a-12e70cd03e9b","name":"RootRot","type":"malware","source":"Trellix TIG","software_attack_id":"S3418","tidal_id":"b03a70d7-2ecb-5487-aa67-19cfb5927a31","created":"2025-04-11T15:06:44.390408Z","modified":"2025-04-11T15:06:44.390412Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"4f0bc41a-609a-4d61-93ff-e8cafc9e9524","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":"TidalCyberIan"},{"id":"3a9e6400-3fa3-47dc-aed4-dc5c4d19b103","name":"RooTroy","type":"malware","source":"Tidal Cyber","software_attack_id":"S3786","tidal_id":"0f50fb12-a325-50c9-8e3d-8d06e7facdbf","created":"2025-12-24T14:57:24.709751Z","modified":"2025-12-24T14:57:24.709755Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"af7a23df-66e8-4891-bc1b-1ee7b8479978","name":"RooTroy.Windows","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"61184efd-043d-468b-8d53-731e51afbbd1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"d5cbf2d6-870d-4353-bf71-d4ec4f4f84dc","name":"RooTroy.macOS","description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","source":"USER","associated_software_id":"24f365dc-be41-4d37-a1b3-b2043978b9e8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"844b0f2c-3fed-4dd1-bd14-6b1cf36f2da3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"e5eaf3ca-7962-4ee7-870f-54c6d13fe4d0","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"0e1698ce-7d83-49cf-a6ed-4c41a2c8a760","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5ef79db8-c9ae-420f-a21b-4bd25aa944da","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"169bfcf6-544c-5824-a7cd-2d5070304b57","name":"RotaJakiro","type":"malware","source":"MITRE","software_attack_id":"S1078","tidal_id":"3e519147-aa70-55f6-8e44-908a12dec24b","created":"2023-11-07T00:35:44.851390Z","modified":"2023-11-07T00:35:44.851396Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[netlab360 rotajakiro vs oceanlotus](https://app.tidalcyber.com/references/20967c9b-5bb6-5cdd-9466-2c9efd9ab98c)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f4794fff-2da3-520f-bf4d-97873c1ecd64","name":"Rotexy","type":"malware","source":"Mobile","software_attack_id":"S0411","tidal_id":"f4794fff-2da3-520f-bf4d-97873c1ecd64","created":"2026-01-28T13:08:09.937508Z","modified":"2026-01-28T13:08:09.937509Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"3b755518-9085-474e-8bc4-4f9344d9c8af","name":"route","type":"tool","source":"MITRE","software_attack_id":"S0103","tidal_id":"48035506-d57a-5ea5-b120-fec93c3ad361","created":"2017-05-31T21:33:04.151000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky ThreatNeedle Feb 2021](https://app.tidalcyber.com/references/ba6a5fcc-9391-42c0-8b90-57b729525f41)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ef38ff3e-fa36-46f2-a720-3abaca167b04","name":"Rover","type":"malware","source":"MITRE","software_attack_id":"S0090","tidal_id":"56955bd5-f2a8-552e-884c-0acaf8c585b1","created":"2017-05-31T21:32:58.226000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"221e24cb-910f-5988-9473-578ef350870c","name":"Royal","type":"malware","source":"MITRE","software_attack_id":"S1073","tidal_id":"f2a1b4e9-e79b-5b89-a17a-17c14f6ffb99","created":"2023-05-26T01:20:53.614016Z","modified":"2023-05-26T01:20:53.614020Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c7682571-2ccd-4173-9588-739bf760dcc1","tag":"d602ade5-148e-4f57-a202-87845bab308b"},{"id":"e3536184-b1be-436e-a4fa-b704b6757d80","tag":"b802443a-37b2-4c38-addd-75e4efb1defd"},{"id":"6adc0027-2d07-47dd-9da6-7dad92d4a7f8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"f3176726-4f28-4f95-9d36-92f11cfd9c92","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"22a36507-d53d-4aca-a0c6-dc9ac00fd0de","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"45d83ad6-f6e6-4dc7-98eb-8bd50e95c246","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"3e42b791-fb59-4a8e-a27e-1cc544f353ee","name":"Rpcping","type":"tool","source":"Tidal Cyber","software_attack_id":"S3275","tidal_id":"1499b296-0791-56f8-8bd3-523b563f1f18","created":"2024-01-12T14:48:08.812534Z","modified":"2024-01-12T14:48:08.812538Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"840f79a4-5fd6-4d83-bd6e-7776debc391e","name":"Rpcping.exe","description":"<sup>[[Rpcping.exe - LOLBAS Project](/references/dc15a187-4de7-422e-a507-223e89e317b1)]</sup>","source":"Tidal Cyber","associated_software_id":"86869abd-b428-4415-91be-d5413eeac0b5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"07584f36-575b-4570-8888-c4fb364b0f29","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f7aec83e-a55f-43d4-96d1-531394e8828e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"943eeede-8e3c-49bc-8060-9cd535ea0901","name":"RPivot","type":"tool","source":"Tidal Cyber","software_attack_id":"S3770","tidal_id":"45f9604d-ca74-551c-9bb3-3e0b55c0369c","created":"2025-12-17T14:18:52.386445Z","modified":"2025-12-17T14:18:52.386449Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6cc1c300-adf3-4123-9e0c-ca2075b35601","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3f49ac2f-2259-4bb9-9a1e-0e4223b17257","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7359fd1e-859b-432f-8cfb-2b17a4509d1c","name":"RSOCKS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3412","tidal_id":"e8c2b911-3fb4-5547-9f72-7c31e5fdf6b2","created":"2024-11-25T18:01:20.555997Z","modified":"2024-11-25T18:01:20.556021Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"372c0504-a75f-4def-a97d-011acb9020d2","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9eb89c98-452e-4422-b842-f529ca72db6a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"28e8c168-5e30-47c4-99ee-fda6898ea9f6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ed074d36-507c-416e-9e20-93512d9d60e3","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b9665dfa-c962-4fd9-a981-9255893a13d6","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"4a652d6b-b681-4dd3-acb9-994753835182","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"c3b9281b-5f18-4119-903e-c27f1a4004b4","name":"Rsockstun","type":"tool","source":"Tidal Cyber","software_attack_id":"S3101","tidal_id":"329dd21a-4be6-5cf6-beca-da60355c7d94","created":"2023-12-14T19:26:31.586713Z","modified":"2023-12-14T19:26:31.586716Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2ddc6539-6153-40e2-99b6-8540829f3437","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"7a3d92e5-ff3c-452f-9eb4-8df61d8541ce","name":"RSocx","type":"tool","source":"Tidal Cyber","software_attack_id":"S3496","tidal_id":"b27a6176-e0af-51ff-987a-e3a62965d144","created":"2025-06-10T15:51:00.256139Z","modified":"2025-06-10T15:51:00.256142Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 May 16 2025](/references/bcc4f7d1-5cce-47eb-8182-cfe0ff79739a)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6bcf5fd5-43cf-42fb-b5af-30b9ad6b9c94","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"24aff9dc-07a8-43c1-89c2-d038e0118692","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8f8238bf-e924-430a-ba01-acf1caa9876f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1836485e-a3a6-4fae-a15d-d0990788811a","name":"RTM","type":"malware","source":"MITRE","software_attack_id":"S0148","tidal_id":"3278ca9b-f431-597e-9b94-53ae3bf51048","created":"2017-05-31T21:33:26.565000Z","modified":"2022-07-29T19:51:00.660000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5d88a89c-6688-48c9-a463-6ca64652101c","name":"Redaman","description":"<sup>[[Unit42 Redaman January 2019](https://app.tidalcyber.com/references/433cd55a-f912-4d5a-aff6-92133d08267b)]</sup>","source":"MITRE","associated_software_id":"eca6bc18-bb6c-473e-b034-8362ead4e250","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[ESET RTM Feb 2017](https://app.tidalcyber.com/references/ab2cced7-05b8-4788-8d3c-8eadb0aaf38c)]</sup>","group_attack_id":"G0048","group_id":"666ab5f0-3ef1-4e74-8a10-65c60a7d1acd","name":"RTM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c1789c4e-6eba-4a5c-9df9-8b4a68e3cccf","name":"rtworkq.dll","type":"tool","source":"Tidal Cyber","software_attack_id":"S3764","tidal_id":"c218823c-a6d9-5488-b7b6-041b635a30d4","created":"2025-12-17T14:18:51.472874Z","modified":"2025-12-17T14:18:51.472878Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","group_attack_id":"G3170","group_id":"dddd119f-edac-4077-958b-6a775dd4a147","name":"Shanya Packer Operator","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"514c30b6-62c9-464f-91e4-23fd836e21ce","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3036ce18-55a7-4696-9981-ead3bd8208d9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2e54f40c-ab62-535e-bbab-3f3a835ff55a","name":"Rubeus","type":"tool","source":"MITRE","software_attack_id":"S1071","tidal_id":"9a7d0d1e-9c0b-5256-a77a-5b23a75611cd","created":"2023-05-26T01:20:56.084096Z","modified":"2023-05-26T01:20:56.084099Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft Threat Intelligence LinkedIn July 15 2024](/references/0e7ea8d0-bdb8-48a6-9718-703f64d16460)]</sup>","group_attack_id":"G3046","group_id":"fcbf6963-839b-4853-8b80-73ff6831b7d7","name":"Storm-0844","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. HHS Royal & BlackCat Alert](/references/d1d6b6fe-ef93-4417-844b-7cd8dc76934b)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ReliaQuest May 28 2024](/references/2a67b1df-9a15-487e-a777-8a3fe46b0179)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b83604b1-e054-4884-903a-12afe9539420","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6e40c200-48f2-4788-8a9c-c2c42ddde33c","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"6fb496a6-5c7a-4d0e-9532-a4dfcb13fb3d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"69563cbd-7dc1-4396-b576-d5886df11046","name":"Ruler","type":"tool","source":"MITRE","software_attack_id":"S0358","tidal_id":"dbc08897-e34b-5d31-843f-797b7a1cf60e","created":"2019-02-04T18:27:00.501000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"5b9d5f7a-6e19-47cf-9b26-e50e889bb6bd","name":"Office 365"},{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT33 Guardrail](https://app.tidalcyber.com/references/4b4c9e72-eee1-4fa4-8dcb-501ec49882b0)]</sup><sup>[[Microsoft Holmium June 2020](https://app.tidalcyber.com/references/c249bfcf-25c4-4502-b5a4-17783d581163)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"cbcc3494-9869-496b-98a5-67e2dedd5649","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"3479f780-86fd-40d0-880a-9afb365b8f8c","tag":"82009876-294a-4e06-8cfc-3236a429bda4"}],"owner_name":null},{"id":"8424b0d1-7cc4-5175-94e1-b0f9218065b6","name":"RuMMS","type":"malware","source":"Mobile","software_attack_id":"S0313","tidal_id":"8424b0d1-7cc4-5175-94e1-b0f9218065b6","created":"2026-01-28T13:08:09.938474Z","modified":"2026-01-28T13:08:09.938476Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"72ed96ea-5c35-49d1-98e6-6b68ac682b06","name":"runc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3749","tidal_id":"cd337b20-8813-5070-b666-47dc7acad3a2","created":"2025-12-17T14:18:49.170578Z","modified":"2025-12-17T14:18:49.170581Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"d9e53c10-8a19-4a3f-aedb-119fa39b7dca","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8a9730bc-e853-466d-a326-455deb9e3395","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cd5a27c8-9611-41d9-b839-b0ba7daf58b5","name":"Rundll32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3276","tidal_id":"49b4cecb-55a2-537c-9902-76078f029f72","created":"2024-01-12T14:48:09.188321Z","modified":"2024-01-12T14:48:09.188325Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3d01d0ad-ace4-4db3-a35e-ff9fc893364e","name":"Rundll32.exe","description":"<sup>[[Rundll32.exe - LOLBAS Project](/references/90aff246-ce27-4f21-96f9-38543718ab07)]</sup>","source":"Tidal Cyber","associated_software_id":"8919f626-0b08-4d5c-9872-b95a10b5e06b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[ReliaQuest December 04 2025](/references/3eea040e-75fb-4e52-b9b6-9e1476f0ddcb)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","group_attack_id":"G3210","group_id":"abc6d74d-e425-4181-93ed-bb16f911871b","name":"Donot Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA AA20-239A BeagleBoyz August 2020](/references/a8a2e3f2-3967-4e82-a36a-2436c654fb3f)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Talos Kimsuky Nov 2021](/references/17927f0e-297a-45ec-8e1c-8a33892205dc)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Crowdstrike GTR2020 Mar 2020](/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybereason Cobalt Kitty 2017](/references/bf838a23-1620-4668-807a-4354083d69b1)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Volexity Exchange Marauder March 2021](/references/ef0626e9-281c-4770-b145-ffe36e18e369)]</sup>","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Securelist MuddyWater Oct 2018](/references/d968546b-5b00-4a7b-9bff-57dfedd0125f)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET Gamaredon June 2020](/references/6532664d-2311-4b38-8960-f43762471729)]</sup>","group_attack_id":"G0047","group_id":"41e8b4a4-2d31-46ee-bc56-12375084d067","name":"Gamaredon Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET Telebots July 2017](/references/5d62c323-6626-4aad-8bf2-0d988e436f3d)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky Carbanak](/references/2f7e77db-fe39-4004-9945-3c8943708494)]</sup>","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]</sup>","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybereason TA505 April 2019](/references/076f2b95-97d2-4d50-bb9b-6199c161e5c6)]</sup><sup>[[Deep Instinct TA505 Apr 2019](/references/529524c0-123b-459c-bc6f-62aa45c228d1)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft - Customer Guidance on Recent Nation-State Cyber Attacks](/references/47031992-841f-4ef4-87c6-bb4c077fb8dc)]</sup><sup>[[Microsoft Deep Dive Solorigate January 2021](/references/ddd70eef-ab94-45a9-af43-c396c9e3fbc6)]</sup><sup>[[FireEye APT29 Nov 2018](/references/30e769e0-4552-429b-b16e-27830d42edea)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 TA551 Jan 2021](/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MalwareBytes LazyScripter Feb 2021](/references/078837a7-82cd-4e26-9135-43b612e911fe)]</sup>","group_attack_id":"G0140","group_id":"12279b62-289e-49ee-97cb-c780edd3d091","name":"LazyScripter","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Crowdstrike DNC June 2016](/references/7f4edc06-ac67-4d71-b39c-5df9ce521bbb)]</sup><sup>[[Bitdefender APT28 Dec 2015](/references/3dd67aae-7feb-4b07-a985-ccadc1b16f1d)]</sup><sup>[[Palo Alto Sofacy 06-2018](/references/a32357eb-3226-4bee-aeed-d2fbcfa52da0)]</sup><sup>[[Unit 42 Playbook Dec 2017](/references/9923f9ff-a7b8-4058-8213-3c83c54c10a6)]</sup><sup>[[ESET Zebrocy May 2019](/references/f8b837fb-e46c-4153-8e86-dc4b909b393a)]</sup><sup>[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[McAfee Lazarus Jul 2020](/references/43581a7d-d71a-4121-abb6-127483a49d12)]</sup><sup>[[ESET Lazarus Jun 2020](/references/b16a0141-dea3-4b34-8279-7bc1ce3d7052)]</sup><sup>[[ESET Twitter Ida Pro Nov 2021](/references/6d079207-a7c0-4023-b504-1010dd538221)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ClearSky Wilted Tulip July 2017](/references/50233005-8dc4-4e91-9477-df574271df40)]</sup>","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[FireEye APT19](/references/d75508b1-8b85-47c9-a087-bc64e8e4cb33)]</sup>","group_attack_id":"G0073","group_id":"713e2963-fbf4-406f-a8cf-6a4489d90439","name":"APT19","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"18dcea3e-b53e-4dc2-a7fb-cebd7fe90945","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b8f77e4d-7549-4966-b6ec-a9d497e44c18","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"544cdd90-eeb7-4788-86cc-5fa21f5cce81","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"46779bd7-4eac-4902-9201-bc1174356715","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4405535f-adea-4ccf-bd86-4f1f15facedd","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"955e9ce3-d9f5-4f50-ab99-ebf76e2c8854","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"9b6de463-bbd2-4c1a-b312-9869adf3e378","tag":"d28b269e-588d-49ed-b5c9-8e82077924c0"},{"id":"421cd074-8ddd-41c6-a02d-95d77f941c51","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c8ef7bd1-ca20-4960-968b-7c61f94b4767","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"db516b7d-e5bd-4da8-a708-2fe5d2a2fdfd","name":"Runexehelper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3277","tidal_id":"9b89ea7c-6c01-590f-803d-a7e318911edc","created":"2024-01-12T14:48:09.533307Z","modified":"2024-01-12T14:48:09.533311Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d8755de5-f49f-4b1d-91bc-350e19ea9ba8","name":"Runexehelper.exe","description":"<sup>[[Runexehelper.exe - LOLBAS Project](/references/86ff0379-2b73-4981-9f13-2b02b53bc90f)]</sup>","source":"Tidal Cyber","associated_software_id":"e45aa3ea-628a-4b78-ae7c-bc9c9bf0c2fa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"48f46aa3-bb54-4152-8fb0-df883f8fab54","tag":"270a347d-d2e1-4d46-9b32-37e8d7264301"},{"id":"bb622a6f-0e32-4466-9fc8-daffb04c76b4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"25f2afc2-139d-4a5a-82a1-ec672a6bfda8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3d2ae21d-92fb-4b0a-96c9-8aed87e4d58a","name":"Rungan","type":"malware","source":"Tidal Cyber","software_attack_id":"S3537","tidal_id":"5a60d04e-7703-5603-8d0b-f2f241907d95","created":"2025-09-10T16:39:28.525321Z","modified":"2025-09-10T16:39:28.525325Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6ffa4fac-4147-44e7-b220-09725f91887e","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"76df7fa6-306b-4889-83b2-adda29947723","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"afa9bdf6-0782-4f57-b982-74f7fea05150","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"29cdc545-32c7-43c0-8b1a-a52cb22b3f8c","name":"runnerw.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3716","tidal_id":"59e2bbd7-1cc3-59af-abe4-41ad50a82d6c","created":"2025-12-10T14:14:58.955778Z","modified":"2025-12-10T14:14:58.955782Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a0d21095-aa06-4586-92f0-65f9ad5d9e2a","name":"invoker.exe","description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","source":"USER","associated_software_id":"e1837616-abcb-4a0d-9a57-b209db43abf5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","group_attack_id":"G3157","group_id":"271cfdb6-e918-4a86-9289-c6a4d6b99ce4","name":"Water Gamayun","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2cb8e247-e7ec-4e61-a6d6-ae157802e902","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"12fd71ed-f33b-4443-a849-29c90be9df39","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e8afda1f-fa83-4fc3-b6fb-7d5daca7173f","name":"RunningRAT","type":"malware","source":"MITRE","software_attack_id":"S0253","tidal_id":"6753422d-7925-59b4-836b-6a79530cf994","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ccad36ac-b526-44ec-840a-6f498c51781c","name":"Runonce","type":"tool","source":"Tidal Cyber","software_attack_id":"S3278","tidal_id":"7a1e12ee-5dc0-56bf-9e6b-53b33de09e83","created":"2024-01-12T14:48:09.902019Z","modified":"2024-01-12T14:48:09.902023Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"355cd948-1c27-4686-8d9f-e1b0f484fc40","name":"Runonce.exe","description":"<sup>[[Runonce.exe - LOLBAS Project](/references/b97d4b16-ead2-4cc7-90e5-f8b05d84faf3)]</sup>","source":"Tidal Cyber","associated_software_id":"1879fe72-07da-461e-8f70-af95440b65de","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"20062be1-5dea-4ff8-96ae-4f90804d613d","tag":"065db33d-c152-4ba9-8bf9-13616f78ae05"},{"id":"3d656d77-6c6e-439e-b3f4-48a01cf28e5f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b5e5fb42-428a-406c-b4c6-be7ce490c620","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"035bae51-c1cc-46f0-8532-a5d01c4d4a52","name":"Runscripthelper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3279","tidal_id":"7066f091-b633-5c9f-8552-8541c4e51cd6","created":"2024-01-12T14:48:10.253264Z","modified":"2024-01-12T14:48:10.253268Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"843e7ee6-ecd9-43b4-8b54-491c8217e842","name":"Runscripthelper.exe","description":"<sup>[[Runscripthelper.exe - LOLBAS Project](/references/6d7151e3-685a-4dc7-a44d-aefae4f3db6a)]</sup>","source":"Tidal Cyber","associated_software_id":"f5e4afa0-6094-4fd1-8472-a459b5687cc9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"eb54c291-4752-4df8-888b-2579a2e1cc99","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"88c892da-43d6-4828-8608-4f7be3117d8b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3a91aed9-a2a2-43e8-aab0-33e4da7ce602","name":"Runs.dll","type":"malware","source":"Tidal Cyber","software_attack_id":"S3661","tidal_id":"6fb9f2da-3b39-5dea-8d2c-a8b281f46c85","created":"2025-11-26T19:38:19.144452Z","modified":"2025-11-26T19:38:19.144456Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"bb6354ec-61b1-4d8c-9948-4d4049dfaf53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4336cdf1-88a1-4efd-9a61-d92dcc535682","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9fc50dc7-8b96-4315-b69b-17632a66832a","name":"RushDrop","type":"malware","source":"Tidal Cyber","software_attack_id":"S3937","tidal_id":"2d5122fe-37f4-552a-932a-1b267957b088","created":"2026-01-14T13:31:38.511406Z","modified":"2026-01-14T13:31:38.511410Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"e45db13e-8fbc-404f-8104-4187c1e313ed","name":"ChronosRAT","description":"<sup>[[Cisco Talos Blog January 08 2026](/references/74959041-08ca-41fc-8ceb-675f1fefd765)]</sup>","source":"USER","associated_software_id":"3dc58ea9-eace-4729-b141-ec25388bd7d1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cisco Talos Blog January 08 2026](/references/74959041-08ca-41fc-8ceb-675f1fefd765)]</sup>","group_attack_id":"G3203","group_id":"6df06da1-6f73-45a9-afb7-9087cd24cbff","name":"UAT-7290","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"363ac411-226f-4005-be04-3bf598b1eee9","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"6a3fca1e-f6d2-49e2-9408-f4a51d238e4d","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"239cde37-09ca-41ef-b014-d999cbdcf881","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ae8be230-fbf1-45c9-a287-e7a387a2febc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4c44221f-8955-46aa-a9c0-a544eff054fa","name":"RustDesk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3504","tidal_id":"e9875015-46c7-509d-8c5f-c7928fae7da9","created":"2025-07-08T16:59:10.915528Z","modified":"2025-07-08T16:59:10.915533Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog June 30 2025](/references/3300c819-e236-40a2-a886-ce460876a2ca)]</sup><sup>[[Palo Alto Unit 42 North Korean IT Workers 2024](/references/61819211-7260-53c1-833e-eac36f209b0c)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1558c874-d902-40d1-ab46-4324511cbb0f","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e6cda0d4-892d-4b22-b2b1-52807912c13c","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0c473492-f10e-47cc-9864-0e25f473ef42","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"9097ab5c-9a66-49b0-9c28-cac8afd9d52a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"9f9f6ca0-6b64-4c39-a618-8b6c3f2aa5bb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e93abb8f-eaaf-4e88-9eaf-ebbade824cd8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cba8bd8d-7787-4192-8970-e5fd6e1566e6","name":"rustscan","type":"tool","source":"Tidal Cyber","software_attack_id":"S3573","tidal_id":"001dab17-ade9-532a-8584-d845b5859468","created":"2025-10-13T17:29:22.425089Z","modified":"2025-10-13T17:29:22.425093Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fec8f295-49bd-469a-bfaf-7b41d8806547","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"7cab4237-a30d-4aed-8911-7eaa32bc0694","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5e3b4f8d-498a-4dc0-bcc4-ed9b898f0cc5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"98c86e4a-bdfe-41ca-8011-f8f0aef3239b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b6eb1001-dad7-4a62-a4e3-7a4387c0bea3","name":"RustyWater","type":"malware","source":"Tidal Cyber","software_attack_id":"S3933","tidal_id":"bf4af2f7-d3c6-5076-b94a-1b9cb4c04f19","created":"2026-01-14T13:31:37.840743Z","modified":"2026-01-14T13:31:37.840748Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"66a9b23c-e421-4ef6-8ac8-5dfe10491ed3","name":"RUSTRIC","description":"<sup>[[Www.cloudsek.com January 09 2026](/references/1f12b457-540c-4e11-bd9b-df360a318aa6)]</sup>","source":"USER","associated_software_id":"c245ec56-c889-47c8-abcf-292af9dba9db","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"42ead184-6b87-4b3f-9802-66314bc23a42","name":"Archer RAT","description":"<sup>[[Www.cloudsek.com January 09 2026](/references/1f12b457-540c-4e11-bd9b-df360a318aa6)]</sup>","source":"USER","associated_software_id":"10206d32-81ac-4dfc-ad03-e6c913f0bdcf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Www.cloudsek.com January 09 2026](/references/1f12b457-540c-4e11-bd9b-df360a318aa6)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"84da6bc3-65a2-4e98-86af-0ff47999394b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"60666d62-c54f-4552-82f4-279d7aed604d","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5d906eb0-bc39-4ff8-9b51-0240a7dad775","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"9700027c-fd16-4c64-a909-9bd297663411","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"d2d2c63d-94a3-4b4d-9ca6-b1fc8236d8c5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fdfccf88-0a7c-486c-b4a8-e901cec41681","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8ae86854-4cdc-49eb-895a-d1fa742f7974","name":"Ryuk","type":"malware","source":"MITRE","software_attack_id":"S0446","tidal_id":"ffd034ce-6417-59cc-a6b1-14c1c9bda541","created":"2020-05-13T20:14:53.171000Z","modified":"2022-05-24T21:10:44.381000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike Ryuk January 2019](https://app.tidalcyber.com/references/df471757-2ce0-48a7-922f-a84c57704914)]</sup><sup>[[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)]</sup><sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup><sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)]</sup><sup>[[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)]</sup><sup>[[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup><sup>[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike Ryuk January 2019](https://app.tidalcyber.com/references/df471757-2ce0-48a7-922f-a84c57704914)]</sup><sup>[[Red Canary Hospital Thwarted Ryuk October 2020](https://app.tidalcyber.com/references/ae5d4c47-54c9-4f7b-9357-88036c524217)]</sup><sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup><sup>[[FireEye KEGTAP SINGLEMALT October 2020](https://app.tidalcyber.com/references/59162ffd-cb95-4757-bb1e-0c2a4ad5c083)]</sup><sup>[[DFIR Ryuk's Return October 2020](https://app.tidalcyber.com/references/eba1dafb-ff62-4d34-b268-3b9ba6a7a822)]</sup><sup>[[DFIR Ryuk 2 Hour Speed Run November 2020](https://app.tidalcyber.com/references/3b904516-3b26-4caa-8814-6e69b76a7c8c)]</sup><sup>[[DFIR Ryuk in 5 Hours October 2020](https://app.tidalcyber.com/references/892150f4-769d-447d-b652-e5d85790ee37)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup><sup>[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[FireEye FIN6 Apr 2019](https://app.tidalcyber.com/references/e8a2bc6a-04e3-484e-af67-5f57656c7206)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8ed93e76-3e50-442a-8271-3c5f1b7e26a2","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"0dfa6b8a-8677-4f74-af81-12bee480035b","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"40a7faae-5066-4b26-9c03-ebf730275a2a","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ce47b399-a6cb-49e6-af9e-73e919f01be2","tag":"12a2e20a-7c27-46bb-954d-b372833a9925"},{"id":"b8017276-824a-4ffb-adc1-8485a93d0ac3","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"2d15c424-cba6-44c2-9b59-c7aa52c0ba46","tag":"c8ce7130-e134-492c-a98a-ed1d25b57e4c"},{"id":"95bc32dd-918e-4a07-bb87-e7e4aa35104a","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"3c9e7267-d629-47a1-827a-3a0a17915690","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"b283fddb-ca91-4843-8b83-4441fbf98cda","name":"S3 Browser","type":"tool","source":"Tidal Cyber","software_attack_id":"S3553","tidal_id":"be601293-0d93-5422-ad2f-b22191073b68","created":"2025-09-19T19:48:16.530359Z","modified":"2025-09-19T19:48:16.530362Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bb5df05e-71d6-48b0-a0dd-9e8129b6506a","name":"Amazon Simple Storage Service (S3) Browser","description":"<sup>[[Unit 42 August 23 2024](/references/d6c50145-2bf9-4f7c-97b9-81cc2e1575f2)]</sup>","source":"USER","associated_software_id":"fa0d1002-9af0-488c-8ac6-f9b92df22081","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"fcb80a3d-b933-4a58-a167-2f4f23621d4b","name":"S3BROWSER","description":"<sup>[[FireEye FiveHands April 2021](/references/832aeb46-b248-43e8-9157-a2f56bcd1806)]</sup>","source":"USER","associated_software_id":"26005db0-cfa9-4fa9-9366-b1873128e661","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Unit 42 August 23 2024](/references/d6c50145-2bf9-4f7c-97b9-81cc2e1575f2)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"028db2c5-06ae-40e6-b612-514068dfd483","tag":"2e5f6e4a-4579-46f7-9997-6923180815dd"},{"id":"b71c044a-aaa1-4fa6-b545-be303b502a0b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ce34f8e0-993e-42e3-9033-5a688c4cc161","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"7c7393c8-8da9-4731-b843-1593f711bf92","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"39d2309d-9a76-4c1c-8e59-6a93efecb966","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4451b65d-1d89-4bdc-9f49-f335bfc18f83","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"28134511-b91e-4b69-962d-74e80ac6305b","name":"Sabbath Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3392","tidal_id":"848b27cb-65d0-55c1-a85d-fad3b2d71a18","created":"2024-10-04T20:33:22.478363Z","modified":"2024-10-04T20:33:22.478367Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e3fa5c1a-6d4c-471f-860a-76b329e2502a","name":"54bb47h","description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","source":"Tidal Cyber","associated_software_id":"b785b2cd-994a-41fc-a22f-10e3b7005588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f529f704-c86e-4f63-9f42-85a62c24c43a","name":"Arcane","description":"<sup>[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]</sup>","source":"Tidal Cyber","associated_software_id":"def83b98-a210-4cd7-82aa-9cda6af7b73d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"9800ac8e-40d1-4fa6-9730-ae974395e6dc","name":"Eruption","description":"<sup>[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]</sup>","source":"Tidal Cyber","associated_software_id":"3615ac4d-7193-4dd2-bc28-6a85761a2150","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"7b8f7209-3bc8-4d19-9f00-b0bfb06b55de","name":"ROLLCOAST","description":"<sup>[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]</sup>","source":"Tidal Cyber","associated_software_id":"0681b92f-dfab-44da-8c12-536adc8affcd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup><sup>[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup><sup>[[Mandiant Sabbath Ransomware November 29 2021](/references/ab3a20a5-2df1-4f8e-989d-baa96ffaca74)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9909f62a-919c-45bb-a2e7-b64d4c20b5d6","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"1d42a0aa-dc78-4bb2-9572-3788cf88dd82","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"24ed27b3-ef88-4d6a-8d54-b325b5f30a7f","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"6da227b9-4f0d-43ee-a7c9-082133a97e5f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"87a5b73d-2ebf-4329-abb7-99933830d1dc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2bab4dee-3e89-443f-8f58-5d3b7e19cb89","name":"SafePay Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3467","tidal_id":"ec6b46f2-1e34-5b84-bb17-429421cbe90c","created":"2025-04-15T17:47:54.491706Z","modified":"2025-04-15T17:47:54.491711Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9f6989a4-11a0-4608-ae56-70e4ed1631e5","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"c45d98ad-0660-4204-a224-f601798db2f7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"0a2addb6-9d9c-4c95-9e88-396809aa0950","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"90cfb805-6ce1-4368-9050-768f8a2cc5d6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9d67a223-47cd-44b0-b758-bf3b4f46cb02","name":"SAGELEAF","type":"malware","source":"Tidal Cyber","software_attack_id":"S3585","tidal_id":"8bd9553f-9f4f-5f0e-993f-6e3c545f1877","created":"2025-10-13T17:29:24.147900Z","modified":"2025-10-13T17:29:24.147904Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog 10 09 2025](/references/ec72f924-4cc8-4709-9b07-f343bff55895)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"882ec756-068e-4ae4-afd7-318ca7add6b4","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"07a8daed-f902-487a-93ae-5036e161f285","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"aead43d2-e1de-4097-a81b-8e91374a8148","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"caefb631-c51c-437d-be5d-8b6967483bb5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2005b7cd-94c4-5d53-bd89-0af03c7a3ee7","name":"Sagerunex","type":"malware","source":"MITRE","software_attack_id":"S1210","tidal_id":"2005b7cd-94c4-5d53-bd89-0af03c7a3ee7","created":"2025-04-22T20:46:59.028769Z","modified":"2025-04-22T20:46:59.028773Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Lotus Blossom](https://app.tidalcyber.com/groups/2849455a-cf39-4a9f-bd89-c2b3c1e5dd52) is the exclusive user of [Sagerunex](https://app.tidalcyber.com/software/2005b7cd-94c4-5d53-bd89-0af03c7a3ee7), and has employed variants of this in operations since 2016.<sup>[[Symantec Bilbug 2022](https://app.tidalcyber.com/references/0f4f0ac1-2a0b-56a5-9ea9-c5b2d1cb8c05)]</sup><sup>[[Cisco LotusBlossom 2025](https://app.tidalcyber.com/references/9b7db916-e62f-5d7e-9574-a85198665a5a)]</sup>","group_attack_id":"G0030","group_id":"2849455a-cf39-4a9f-bd89-c2b3c1e5dd52","name":"Lotus Blossom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4f037813-af69-4fcf-b122-3bd175b0d57b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d66e5d18-e9f5-4091-bdf4-acdac129e2e0","name":"Saint Bot","type":"malware","source":"MITRE","software_attack_id":"S1018","tidal_id":"79e27942-f865-54e9-8e12-f1ba1c43c98f","created":"2022-06-09T18:50:58.722000Z","modified":"2022-06-09T19:56:56.809000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Saint Bot](https://app.tidalcyber.com/software/d66e5d18-e9f5-4091-bdf4-acdac129e2e0) is closely correlated with [Saint Bear](https://app.tidalcyber.com/groups/eb64ce69-f106-5e8e-8efd-a29385a05973) operations as a common post-exploitation toolset.<sup>[[Palo Alto Unit 42 OutSteel SaintBot February 2022 ](https://app.tidalcyber.com/references/b0632490-76be-4018-982d-4b73b3d13881)]</sup>","group_attack_id":"G1031","group_id":"eb64ce69-f106-5e8e-8efd-a29385a05973","name":"Saint Bear","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) has used [Saint Bot](https://app.tidalcyber.com/software/d66e5d18-e9f5-4091-bdf4-acdac129e2e0) during operations, but is distinct from the threat actor [Saint Bear](https://app.tidalcyber.com/groups/eb64ce69-f106-5e8e-8efd-a29385a05973).<sup>[[CISA GRU29155 2024](https://app.tidalcyber.com/references/c4dba764-d864-59bf-a80d-f1263bc904e4)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"65e6541e-a329-43de-b020-452cd70e2e27","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"a316c704-144a-4d14-8e4e-685bb6ae391c","name":"Sakula","type":"malware","source":"MITRE","software_attack_id":"S0074","tidal_id":"4c89b515-36e9-57b8-9aa9-fe978da17396","created":"2017-05-31T21:32:48.482000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"95fe4b6f-6f73-4bab-aaa9-c9747935dcb9","name":"Sakurel","description":"","source":"MITRE","associated_software_id":"8e87c30d-7a04-431a-9182-8991ed0e4464","owner_id":null,"owner_name":null},{"id":"2ba6d620-2bd1-402f-8145-15ccaf107c73","name":"VIPER","description":"","source":"MITRE","associated_software_id":"b27db543-4db8-4cf6-9321-c511efa7ecb7","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[ThreatConnect Anthem](https://app.tidalcyber.com/references/61ecd0b4-6cac-4d9f-8e8c-3d488fef6fec)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0fd80499-e277-45be-aba9-b6bef57697c2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"eb2db780-7825-4858-8ff6-9830d673176d","name":"SALTWATER","type":"malware","source":"Tidal Cyber","software_attack_id":"S3526","tidal_id":"bb237a61-e496-55ba-b595-1f490e318cdc","created":"2025-08-28T19:35:48.237757Z","modified":"2025-08-28T19:35:48.237760Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud June 15 2023](/references/beb7f804-f6b7-4b9c-996b-61136b97a546)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d02668a9-569e-477a-ae00-187262e683a9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"4fab8d44-5e86-4f86-ade4-3d820ef5b994","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9702db68-b6a1-4ed6-a6cb-fc19bf3a834f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e3864daf-a284-5cc0-b434-6e77c8406bd9","name":"SampleCheck5000","type":"malware","source":"MITRE","software_attack_id":"S1168","tidal_id":"e3864daf-a284-5cc0-b434-6e77c8406bd9","created":"2025-04-22T20:47:00.137067Z","modified":"2025-04-22T20:47:00.137072Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d7731918-e2ef-5fc1-8261-d0d410a72f00","name":"SC5k","description":"<sup>[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]</sup>","source":"MITRE","associated_software_id":"b3e28b3b-f3cc-48f7-8434-1705caf35488","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c9535445-f55b-45c1-a13c-246aec8f529a","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"79318dc6-1fb5-4fef-b287-21e487399290","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"5276226d-5453-42db-8701-a83b2b061b5b","name":"SampleCheck5000 (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3156","tidal_id":"bc69737c-ce3b-5e59-8d0e-597b4def7fc5","created":"2024-09-04T12:51:11.395026Z","modified":"2024-09-04T12:51:11.395029Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1dffb93d-49b6-46b2-8271-f41f96e8a3ed","name":"SC5k","description":"<sup>[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]</sup>","source":"Tidal Cyber","associated_software_id":"38ddef87-e5eb-4056-8e4b-3633b8887967","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ESET OilRig December 14 2023](/references/f96b74d5-ff75-47c6-a9a2-b2f43db351bc)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8b49e471-e457-4aec-9575-8eeec2e932a0","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"b971f688-a18f-443c-b1f7-5da1de1509ca","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"74b6bb13-9d52-4147-9054-2eac8750fe7b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7645d74c-67cd-4f3e-8dcf-c22e685277f0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"88831e9f-453e-466f-9510-9acaa1f20368","name":"SamSam","type":"malware","source":"MITRE","software_attack_id":"S0370","tidal_id":"b0cee6ff-9236-521f-b777-f12bcf9d41a1","created":"2019-04-15T19:40:07.664000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"76ac471b-b15c-4072-9e08-38bc62aaac92","name":"Samas","description":"<sup>[[US-CERT SamSam 2018](https://app.tidalcyber.com/references/b9d14fea-2330-4eed-892c-b4e05a35d273)]</sup>","source":"MITRE","associated_software_id":"accecc38-6a70-4fe4-97a2-86df1e07dbcb","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"9f52e189-1a08-42ec-b238-28a87638f31c","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"8bd6af7f-1b52-4d9d-bf18-1a12476026e7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"bd75c822-7be6-5e6f-bd2e-0512be6d38d9","name":"Samurai","type":"malware","source":"MITRE","software_attack_id":"S1099","tidal_id":"d6730958-f69f-5545-b254-4786272dc281","created":"2024-04-25T13:28:20.807592Z","modified":"2024-04-25T13:28:20.807595Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky ToddyCat June 2022](https://app.tidalcyber.com/references/285c038b-e5fc-57ef-9a98-d9e24c52e2cf)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b3493d48-43e5-4fea-8187-0bf156645975","name":"SANDBAR","type":"malware","source":"Tidal Cyber","software_attack_id":"S3528","tidal_id":"1e82356b-9d42-579f-b382-1416f31137cb","created":"2025-08-28T19:35:48.533201Z","modified":"2025-08-28T19:35:48.533205Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud June 15 2023](/references/beb7f804-f6b7-4b9c-996b-61136b97a546)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9194aeea-0bc6-42e3-9915-948e48daee96","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"b8404483-890a-4968-939b-6b674a87e195","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"747fc8ca-458c-49b5-ae2f-26ee40b15e88","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9ab0d523-3496-5e64-9ca1-bb756f5e64e0","name":"Sardonic","type":"malware","source":"MITRE","software_attack_id":"S1085","tidal_id":"2b0b1e1b-ffa8-5b17-a8ab-61b8c84a8d65","created":"2023-11-07T00:35:44.965940Z","modified":"2023-11-07T00:35:44.965945Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4f9c5d6a-4742-47a5-b726-f5ae34ad8586","name":"Ragnar Loader","description":"<sup>[[The Hacker News March 7 2025](/references/bef86725-c540-4241-bf3b-4b5a81aadebe)]</sup>","source":"Tidal Cyber","associated_software_id":"6d5e56db-4ea8-42d9-b183-86414819b7b0","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Bitdefender Sardonic Aug 2021](https://app.tidalcyber.com/references/8e9d05c9-6783-5738-ac85-a444810a8074)]</sup><sup>[[Symantec FIN8 Jul 2023](https://app.tidalcyber.com/references/9b08b7f0-1a33-5d76-817f-448fac0d165a)]</sup>","group_attack_id":"G0061","group_id":"b3061284-0335-4dcb-9f8e-a3b0412fd46f","name":"FIN8","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[The Hacker News March 7 2025](/references/bef86725-c540-4241-bf3b-4b5a81aadebe)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0360e655-3290-4bb6-83ff-0f89c06ec394","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"41be663f-ecc9-4ab6-afeb-c52737f84858","name":"Sc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3280","tidal_id":"d7dfbde3-c095-566f-bc35-3b3d398012a4","created":"2024-01-12T14:48:10.617660Z","modified":"2024-01-12T14:48:10.617664Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"19c380e9-1421-4a9b-a485-231c874a0123","name":"Service Control Manager","description":"<sup>[[Huntress December 22 2025](/references/853d719f-f41d-49e4-8752-7c0e3f7090df)]</sup>","source":"USER","associated_software_id":"2686d6b2-34c8-48a7-82d2-950c1c20e32c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"08617b0b-965b-486e-b3b9-860b74dcf100","name":"SC (Service Control)","description":"<sup>[[Cybereason The Gentlemen November 18 2025](/references/bc7807fd-020a-42b4-a311-1a1673a8f90a)]</sup>","source":"USER","associated_software_id":"5995477e-9499-4ab5-a1e5-914388479fd1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"d0649c70-e746-4f1a-a31b-fbf519ca80da","name":"Sc.exe","description":"<sup>[[Sc.exe - LOLBAS Project](/references/5ce3ef73-f789-4939-a60e-e0a373048bda)]</sup>","source":"Tidal Cyber","associated_software_id":"51b405bf-637a-46e7-960f-44f7e964ca7e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cybereason The Gentlemen November 18 2025](/references/bc7807fd-020a-42b4-a311-1a1673a8f90a)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Esentire August 27 2025](/references/8d40c966-331f-490c-b1b6-e33a095b888a)]</sup>","group_attack_id":"G3124","group_id":"bd33c962-4fc1-49d8-8416-259a032863b8","name":"Sinobi Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","group_attack_id":"G3134","group_id":"45a5d563-0e93-405a-ae8c-cca71e88f441","name":"J Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ANY.RUN's Cybersecurity Blog 10 01 2025](/references/87535fb7-8916-494e-94ff-cf28c125f0b4)]</sup>","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a771c8e8-3b1e-42db-af28-b1b281b29eac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"6330945d-fd8a-4750-b27a-7aafb36fea6f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"7759fb72-fedf-4e03-921b-a2c535b02b69","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"cb15821a-bead-4165-a278-ea97f366523f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"1471a4f4-c2d0-4807-bdc8-f816ea2dc0a2","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"da077c2b-9e7a-4f35-b187-af2876496799","name":"Scarab Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3181","tidal_id":"6fa54dec-ddaa-5b33-b586-e02f70edac26","created":"2024-09-13T19:21:25.800431Z","modified":"2024-09-13T19:21:25.800434Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[WeLiveSecurity Scarab August 22 2023](/references/7cbf97fe-1809-4089-b386-a8bfd083df39)]</sup>","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"53e6829b-a88a-4ff8-816a-7fba337a5277","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"74aaa1dd-fafc-4348-bd3e-a1fcd4afc1d8","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"019f52a3-3c00-4e49-97e0-3e90a749ec18","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b79c59c3-5458-4dd7-9db6-7f2d4dd70820","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5033f388-8574-4b44-993e-b647786223af","name":"SCCM Remote Control","type":"tool","source":"Tidal Cyber","software_attack_id":"S3652","tidal_id":"531b2006-3bd5-5cdd-a0a7-489032b3296d","created":"2025-11-19T17:45:42.277992Z","modified":"2025-11-19T17:45:42.277995Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f6fc4c5e-44f8-4137-9a6e-cadf47ffc616","name":"System Center Configuration Manager Remote Control","description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","source":"USER","associated_software_id":"5d6652e2-6e39-4c86-bbe2-17c3730d0a62","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e0c81a28-004b-4d08-a370-377e96197cac","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0a23b658-ce82-47bd-9910-c919094cc117","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6afcbccc-4f65-4731-85c8-2c678f5baead","name":"SCCMVNC","type":"tool","source":"Tidal Cyber","software_attack_id":"S3653","tidal_id":"7a5e5f05-b9d5-5240-bec4-9f864eb0e790","created":"2025-11-19T17:45:42.417478Z","modified":"2025-11-19T17:45:42.417481Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"878193ff-a78c-470a-b47f-8d7517e474b9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f04ef5ea-0f8b-4b1f-82c8-4afc0a52dcc5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3d3f0187-d08a-468a-8956-b3502fdeaea5","name":"ScHackTool","type":"malware","source":"Tidal Cyber","software_attack_id":"S3180","tidal_id":"e35b7254-6628-5f08-aab8-cd3f0dae4d7d","created":"2024-09-13T19:21:25.607443Z","modified":"2024-09-13T19:21:25.607446Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ca0d8e3a-93d4-4b32-9849-8dc4c9402193","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"5af65baf-a151-4f59-8dac-705b25c974f4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"43cb00e8-756a-4a67-88ee-3d55cad85fa8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1d687522-be8f-4ac8-b613-fddc09abe438","name":"Scheduled Task (Schedule.Service COM object)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3931","tidal_id":"f47e842a-f77c-5b46-aa03-975c9747b6d1","created":"2026-01-14T13:31:37.502017Z","modified":"2026-01-14T13:31:37.502021Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"eebc3ae5-497f-4cc7-ac49-9ccb5f4aa578","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"2f3e1135-09ec-43a7-8590-96fdcab9031d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"01b2ff3d-ad0d-4310-b1bf-81897a9b96ae","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2aacbf3a-a359-41d2-9a71-76447f0545b5","name":"schtasks","type":"tool","source":"MITRE","software_attack_id":"S0111","tidal_id":"ce6526ea-5776-5954-9f9e-ccc6cdfaacbc","created":"2017-05-31T21:33:07.218000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c650c8b0-d37a-4332-aa0b-2f2cb3732b5c","name":"Task Scheduler (schtasks)","description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","source":"USER","associated_software_id":"7fc33489-5e89-469e-8231-056ace4bd60b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"15ecc267-9e36-4be6-9314-2597c81cfef6","name":"Scheduled Tasks (schtasks.exe)","description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","source":"USER","associated_software_id":"3cc71caf-4b7e-4069-bc24-4430999dc9f7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"b53bbc48-3164-4f6a-b1cd-786db1c41656","name":"Windows Task Scheduler","description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","source":"USER","associated_software_id":"fcc3f021-923a-45d9-acf3-a6fd60fd2155","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"2816d9c5-f748-4086-a177-2e36686c5537","name":"Task Scheduler","description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","source":"USER","associated_software_id":"85973e3c-7d04-4c6c-a575-f7e1c0ed7581","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"cef89380-3b62-4a3d-a5b3-f26643c108ec","name":"schtasks.exe","description":"","source":"MITRE","associated_software_id":"8e0f3e81-6583-40f4-824c-2f5ba6b7e19d","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Ukraine Targeting October 29 2025](/references/08b6d849-2837-4af9-bb8a-e0425e6a02e4)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","group_attack_id":"G3178","group_id":"3be36063-6383-42b5-ad7e-f41abf84f1ae","name":"Autumn Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybereason The Gentlemen November 18 2025](/references/bc7807fd-020a-42b4-a311-1a1673a8f90a)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","group_attack_id":"G3210","group_id":"abc6d74d-e425-4181-93ed-bb16f911871b","name":"Donot Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[FireEye Operation Double Tap](https://app.tidalcyber.com/references/4b9af128-98da-48b6-95c7-8d27979c2ab1)]</sup>","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Kimsuky November 2020](https://app.tidalcyber.com/references/ecc2f5ad-b2a8-470b-b919-cb184d12d00f)]</sup><sup>[[KISA Operation Muzabi](https://app.tidalcyber.com/references/8742ac96-a316-4264-9d3d-265784483f1a)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Bitdefender Naikon April 2021](/references/55660913-4c03-4360-bb8b-1cad94bd8d0e)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Volexity SolarWinds](/references/355cecf8-ef3e-4a6e-a652-3bf26fe46d88)]</sup><sup>[[FireEye SUNBURST Backdoor December 2020](/references/d006ed03-a8af-4887-9356-3481d81d43e4)]</sup><sup>[[CrowdStrike SUNSPOT Implant January 2021](/references/3a7b71cf-961a-4f63-84a8-31b43b18fb95)]</sup><sup>[[Mandiant No Easy Breach](/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cycraft Chimera April 2020](/references/a5a14a4e-2214-44ab-9067-75429409d744)]</sup><sup>[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET Lazarus Jun 2020](/references/b16a0141-dea3-4b34-8279-7bc1ce3d7052)]</sup><sup>[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]</sup><sup>[[ESET Twitter Ida Pro Nov 2021](/references/6d079207-a7c0-4023-b504-1010dd538221)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro EarthLusca 2022](/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Rancor Unit42 June 2018](/references/45098a85-a61f-491a-a549-f62b02dc2ecd)]</sup>","group_attack_id":"G0075","group_id":"021b3c71-6467-4e46-a413-8b726f066f2c","name":"Rancor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"2f489e7b-6294-4f55-a94a-ec0868d404d7","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"3eaaba45-3f42-4d75-aecb-60d80c56a0c3","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"92d89a2a-9ce7-4684-9fab-8410de0d2acd","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"cbecfb63-ab09-4125-bfa4-7abbbe2a8f45","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"4007fc5c-45d8-4332-9742-cfbffc14d4ae","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"6f98fd10-f369-443e-be9b-db72f8d91742","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a66cbe6f-0c07-4ba2-8289-bfa8cde2fb0d","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a323fdb2-1ee1-4568-b4b1-41094072d90c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"3b21529c-c167-4040-880b-37f2c9054173","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"3c155408-7cad-4bb1-a4c5-0f6fd4c7ec45","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"ff15c6e5-fe0b-404c-9cd2-28476ef9c5f6","tag":"f0c54030-956a-4bac-9f98-deb2349183ac"},{"id":"fdf5ed9e-d250-41cb-b213-0f26632bf46a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"aa93763d-acfc-4aa3-ba6a-3b0d8dfbe400","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"99ce4ccb-7ef5-4650-9b7c-59704ca8e2da","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"cd7e56b3-d5d8-4489-9368-7fcffc634652","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"34964908-7162-4bcc-ab2a-d0dc1b3b82ef","name":"ScRansom","type":"malware","source":"Tidal Cyber","software_attack_id":"S3178","tidal_id":"61ac6489-e718-5aed-823a-3155f7446f7d","created":"2024-09-13T19:21:25.230760Z","modified":"2024-09-13T19:21:25.230763Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[WeLiveSecurity CosmicBeetle September 10 2024](/references/8debba29-4d6d-41d2-8772-f97c7d49056b)]</sup>","group_attack_id":"G3053","group_id":"04b73cf2-33f4-4206-be9e-c80c4c9b54e8","name":"CosmicBeetle","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a9181d24-444f-4591-a890-fea2812e1abd","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"30ecfa87-2501-4c65-a832-5438e73b8795","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"1b26819a-e097-41c6-8d84-509d750bfb27","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"518d827d-fdb7-4fab-83ee-317f65724673","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ba4d8522-9656-462e-b25e-32a9bba85a60","name":"Scriptrunner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3282","tidal_id":"599b3149-2685-5c59-8009-6dcb87f17570","created":"2024-01-12T14:48:10.963035Z","modified":"2024-01-12T14:48:10.963039Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4882dbf4-7d84-45fc-9a06-055d8b429bfd","name":"Scriptrunner.exe","description":"<sup>[[Scriptrunner.exe - LOLBAS Project](/references/805d16cc-8bd0-4f80-b0ac-c5b5df51427c)]</sup>","source":"Tidal Cyber","associated_software_id":"371af2c7-299d-48e3-ace1-a3e33ba2fedd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b85420b1-dc69-4659-a8cf-ecde24d2a791","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5f9b1f0e-439c-4db4-8ab9-36abe2612021","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"101f7867-9c5c-482e-b26e-9fdb8ff9b2c7","name":"Scrobj","type":"tool","source":"Tidal Cyber","software_attack_id":"S3315","tidal_id":"24994b64-1856-5c56-b5cf-3c5151de2133","created":"2024-01-12T14:48:23.167478Z","modified":"2024-01-12T14:48:23.167482Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac56e479-6cf2-4c56-85cb-0c0d4c82c605","name":"Scrobj.dll","description":"<sup>[[Scrobj.dll - LOLBAS Project](/references/c50ff71f-c742-4d63-a18e-e1ce41d55193)]</sup>","source":"Tidal Cyber","associated_software_id":"922a431d-1ebd-4ad2-a16d-054e3eb24a1f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"474c8768-fa5a-4e18-96ec-8ddf31ae960c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8e15d8c1-3ebc-4b17-9443-af2345ede1a0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f9840d08-eb55-4c19-a1af-964e10dae0d4","name":"ScService","type":"malware","source":"Tidal Cyber","software_attack_id":"S3179","tidal_id":"298682b4-93cb-52dd-b83f-0520c474e118","created":"2024-09-13T19:21:25.416705Z","modified":"2024-09-13T19:21:25.416708Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3269533a-6cc5-42e3-a921-dcf6869d096b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0bdb170e-4076-4c64-9e66-2b61910550fb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a3480f03-d03f-4c1e-94fb-f6d8e998c14b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"046bbd0c-bff5-46fc-9028-cbe46a9f8ec5","name":"SDBbot","type":"malware","source":"MITRE","software_attack_id":"S0461","tidal_id":"132b5b52-2680-53c9-a1ff-f99ae9a52203","created":"2020-06-01T12:29:05.241000Z","modified":"2022-07-18T16:01:14.539000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA505 October 2019](https://app.tidalcyber.com/references/711ea2b3-58e2-4b38-aa71-877029c12e64)]</sup><sup>[[IBM TA505 April 2020](https://app.tidalcyber.com/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"befd8cc6-2668-478f-aabb-810a0a6f682e","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"3d4be65d-231b-44bb-8d12-5038a3d48bae","name":"SDelete","type":"tool","source":"MITRE","software_attack_id":"S0195","tidal_id":"87ff0b4f-cbfb-57a9-af21-6f8b46d148cf","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) has used [SDelete](https://app.tidalcyber.com/software/3d4be65d-231b-44bb-8d12-5038a3d48bae) for wartime operations in 2022-2023.<sup>[[mandiant_apt44_unearthing_sandworm](https://app.tidalcyber.com/references/cc03d668-e4d9-5dc1-b365-203db84938f2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Group IB Silence Sept 2018](https://app.tidalcyber.com/references/10d41d2e-44be-41a7-84c1-b8f39689cb93)]</sup>","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[PTSecurity Cobalt Dec 2016](https://app.tidalcyber.com/references/2de4d38f-c99d-4149-89e6-0349a4902aa2)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant No Easy Breach](https://app.tidalcyber.com/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup>","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"3d9ab177-76ae-4fed-9f93-ebf2c0515ba4","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"ae30d58e-21c5-41a4-9ebb-081dc1f26863","name":"SeaDuke","type":"malware","source":"MITRE","software_attack_id":"S0053","tidal_id":"a4a40e19-9e1b-536e-8e4b-9000667a3d6f","created":"2017-05-31T21:32:37.767000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"90ca5f13-d1d1-4bc4-930b-3559db96efa7","name":"SeaDaddy","description":"","source":"MITRE","associated_software_id":"a2b8e082-e238-4bcc-89e0-f6fe424c1d89","owner_id":null,"owner_name":null},{"id":"5dcc7cce-10fc-4a9b-922f-4b5b3bac6f17","name":"SeaDesk","description":"","source":"MITRE","associated_software_id":"be5732aa-a2d1-4088-89af-caf36034f360","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[F-Secure The Dukes](https://app.tidalcyber.com/references/cc0dc623-ceb5-4ac6-bfbb-4f8514d45a27)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup><sup>[[Symantec Seaduke 2015](https://app.tidalcyber.com/references/5ec05c01-8767-44c1-9855-e1b0e5ee0002)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"771b72e6-f16b-45c5-8e38-a842540aa72b","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"c36c774b-7e6d-43e9-bbdf-378e70b7c816","name":"SEAELF","type":"malware","source":"Trellix TIG","software_attack_id":"S3450","tidal_id":"94a4cfa9-0d30-577f-a722-cb226bde2006","created":"2025-04-11T15:06:50.602790Z","modified":"2025-04-11T15:06:50.602794Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"3527b09b-f3f6-4716-9f90-64ea7d3b9d8a","name":"Seasalt","type":"malware","source":"MITRE","software_attack_id":"S0345","tidal_id":"3b40c72e-9ef7-5206-9043-893c83967a7e","created":"2019-01-30T15:27:06.404000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1 Appendix](https://app.tidalcyber.com/references/1f31c09c-6a93-4142-8333-154138c1d70a)]</sup><sup>[[McAfee Oceansalt Oct 2018](https://app.tidalcyber.com/references/04b475ab-c7f6-4373-a4b0-04b5d8028f95)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"42c8504c-8a18-46d2-a145-35b0cd8ba669","name":"SEASHARPEE","type":"malware","source":"MITRE","software_attack_id":"S0185","tidal_id":"0a76fb68-ef80-5500-9812-c9bfb370b282","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT34 Webinar Dec 2017](https://app.tidalcyber.com/references/4eef7032-de14-44a2-a403-82aefdc85c50)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8056dc80-e2d0-45fd-ae4f-cd48c6ddf857","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"ab9bcfb8-3b0d-4780-871c-3266a5138c1a","name":"SEASIDE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3527","tidal_id":"67f8a51c-693c-5be5-a094-c889f32c2b7f","created":"2025-08-28T19:35:48.389405Z","modified":"2025-08-28T19:35:48.389408Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud June 15 2023](/references/beb7f804-f6b7-4b9c-996b-61136b97a546)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6932e34b-2f04-421c-abb2-ae9ccbb2143d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f099d03d-46fd-4015-853d-10693188954e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"19163797-02d5-44e5-8434-ed68cec55955","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d0d8d0c5-55fd-4fac-acdb-c425ae647d42","name":"SEASPRAY","type":"malware","source":"Tidal Cyber","software_attack_id":"S3529","tidal_id":"4aee3960-8eed-58f6-ac43-12a0be197120","created":"2025-08-28T19:35:48.676982Z","modified":"2025-08-28T19:35:48.676985Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud June 15 2023](/references/beb7f804-f6b7-4b9c-996b-61136b97a546)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5e9911ba-cda7-4853-a8fc-f3593b3838a4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a5e88a50-e898-42ca-88a9-51a1887d35c7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0c3b2bf0-ea83-429e-904d-8d76349c8aaf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9dd7c884-d489-4955-8664-2d109585b06c","name":"SEASPY","type":"malware","source":"Tidal Cyber","software_attack_id":"S3525","tidal_id":"473df3a1-2834-564b-b3ca-8cd5c725aa21","created":"2025-08-28T19:35:48.084503Z","modified":"2025-08-28T19:35:48.084506Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud June 15 2023](/references/beb7f804-f6b7-4b9c-996b-61136b97a546)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2ffaae55-3ba1-4e80-8521-c77765803613","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"2ef59fc1-f73f-401e-a552-98ef23ea6966","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"56c0a908-8c06-4b8f-9ae3-1d5895ae29b5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"970fb1dc-a60c-4eec-b87f-17d02d3ba7eb","name":"SEASPY V2","type":"malware","source":"Tidal Cyber","software_attack_id":"S3523","tidal_id":"39e200b1-9914-5234-8965-0ccaaa452b38","created":"2025-08-28T19:35:47.796782Z","modified":"2025-08-28T19:35:47.796785Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant UNC4841 August 29 2023](/references/f990745d-06c1-4b0a-8394-66c7a3cf0818)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7d79dd9b-a587-47a0-8de6-d25ec5282150","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d5613ae1-85d7-47d3-a323-a404c38bec5d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6ba52488-59da-4119-a68b-cb04e49890f4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"74beac1c-8468-4f1e-8990-11a4eb7b0110","name":"Seatbelt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3044","tidal_id":"d6d5f71f-fc4b-5308-aa1d-dbb5254758d7","created":"2023-08-18T18:56:23.488234Z","modified":"2023-08-18T18:56:23.488242Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"5421190b-d25b-4d17-8c7e-c09639a53cb3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"9dffb2f8-a72b-4f02-96b4-95a1336745b8","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"25a0e5e7-2f46-4bc7-b087-0d8df66ff35e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"e4451a89-0178-49a9-aa1c-bf885325cce3","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"24938cdf-e5e1-4e4c-93e3-e615c2bf4230","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"6d715aaf-35fa-4d53-bcdb-6c0ba36a5c1f","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"6ff9306d-ec01-4aac-82b9-2b5acc568484","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"abc98594-cc6d-43e5-880a-a3398d989c22","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"11bc18cf-c359-4e8b-a650-2aad767c7220","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"16715451-0f6f-43cb-adb0-14a5b37734b4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7fcd9886-9968-4684-b316-52fd1338424e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a1fef846-cb22-4885-aa14-cb67ab38fce4","name":"secretsdump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3097","tidal_id":"29c98931-5a9d-53e9-944d-5700c9d6179a","created":"2023-11-17T17:09:26.789225Z","modified":"2023-11-17T17:09:26.789229Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f7e571a6-c6db-47ec-b4cd-a9587115eea2","name":"secretsdump.py","description":"","source":"Tidal Cyber","associated_software_id":"8e8fdcd6-5b2f-4672-91fe-740555345883","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA LockBit Citrix Bleed November 21 2023](/references/21f56e0c-9605-4fbb-9cb1-f868ba6eb053)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Unit 29155 September 5 2024](/references/9631a46d-3e0a-4f25-962b-0b2501c47926)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog September 26 2024](/references/bf05138b-f690-4b0f-ba10-9af71f7d9bfc)]</sup>","group_attack_id":"G3057","group_id":"de72d564-6487-4cf3-be3e-0a961cf15d5d","name":"Storm-0501 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"634f032e-90a6-43c0-b821-fcef37fa9611","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"9803c76e-fb69-4b94-9001-de1d566a7e91","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"3c8d65f1-193c-4959-8385-f5a65f4c1f49","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"4f5bd981-c7c6-4442-b083-fd252cc9cea5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"fdeeb12a-1fc9-4e8e-8d3e-35fb5f6de3a4","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fe92119c-d2b2-41b6-8ffd-a94f6682a7bc","tag":"61b7b81d-3f98-4bed-97a9-d6c536b8969b"},{"id":"eb1d2cd3-5165-4891-a355-7825dd670bf3","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"ad789102-9692-48ac-8407-68618f434c70","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0e34c5b5-09a1-4172-927c-2210b1f14d60","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"e5f4c869-da81-4564-a4a0-c5c5c18a8437","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"3f7be496-6c05-4169-9dae-e0bb6b53cdfe","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"500fb259-92a5-4098-8086-77f39b2f017c","name":"secret stealer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3559","tidal_id":"750b013c-68e8-52ce-ad82-098efbf7a740","created":"2025-10-07T14:07:33.803265Z","modified":"2025-10-07T14:07:33.803268Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f86ae5ec-1af8-4f07-b624-d41f69802c7f","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"1a568524-0f69-41c5-8de9-d24d9b64f47d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"57c2ba76-f44c-4207-90a5-4af8a5b800c5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"aa572a36-a333-4e89-89a0-b74163ef5465","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d6aaf8a8-45bf-41cc-9176-117848fc123a","name":"secure.chase.ps1","type":"malware","source":"Tidal Cyber","software_attack_id":"S3950","tidal_id":"a7f0bf83-915f-5739-81bc-c0bd161d69b7","created":"2026-01-14T13:31:40.651486Z","modified":"2026-01-14T13:31:40.651490Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f86d8401-e266-42d7-9b2f-a43e33947a9b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"39612b7d-96ab-4fd6-9a88-4a130480176f","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"f881a0d5-49dd-4138-b08c-18c0b312db7b","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"85a880f4-28c5-47a9-9856-e4072ca1d065","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ef43d06d-3b37-4c44-87ba-058aa78854b5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"80b9180e-bae5-44a7-8016-8c1463bbd054","name":"Secure Socket Funneling","type":"tool","source":"Tidal Cyber","software_attack_id":"S3144","tidal_id":"5f21292f-472c-5d9c-9ff5-3768f58a9a7c","created":"2024-07-10T18:01:17.878736Z","modified":"2024-07-10T18:01:17.878741Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"dee1e0ca-09c7-4284-981f-0d5aa0fec1b5","name":"SSF","description":"<sup>[[GitHub securesocketfunneling ssf](/references/077ab224-9406-4be7-8467-2a6da8dc786d)]</sup>","source":"Tidal Cyber","associated_software_id":"e039a58f-0838-466f-b9de-34653491b7d3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA APT40 July 8 2024](/references/3bf90a48-caf6-4b9d-adc2-3d1176f49ffc)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"17b15604-a1e1-4714-a687-7d58d8a9fb92","tag":"96d58ca1-ab18-4e53-8891-d8ba62a47e5d"},{"id":"18321641-b94f-45b4-a44a-0ff549491b5a","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"82e42390-b4fb-4cdd-88d2-052d320b4718","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"f62d0e75-3378-4752-b4c0-c11d086141e3","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"cf059581-25bc-4b31-a829-b2fa3747e085","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"300af65b-7f7b-4db9-93be-e22718bd3586","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"c248632f-7ef0-4f61-905d-c88d27bd8947","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"266b7f51-0fe5-405c-ac50-efed11e97188","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4fe9a566-9dee-4813-9663-275115c7fdab","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d30a658b-60db-4b33-ab32-5411f1b77cbb","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"931dd033-62cc-4e91-9005-0d9414be13bc","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"bd7bee8e-3546-4245-98bc-7980769d74ab","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"15edf669-eeda-4171-86a9-4cb749640e5a","name":"SecurityCheck","type":"tool","source":"Tidal Cyber","software_attack_id":"S3829","tidal_id":"acdf6008-4246-5404-82ec-4fca6e845674","created":"2025-12-29T17:41:05.420331Z","modified":"2025-12-29T17:41:05.420335Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"249580ff-98da-4eee-8fc8-d7c0622b6938","name":"sc.msi","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"2e504dc4-6a01-4217-be9d-bba3e2e88ba4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5df59046-243e-484b-8941-5e22a22f3d09","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"339f3653-c8e4-4080-aa95-4a666063e201","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5fafddeb-9a20-4ef6-ab0a-36c462f38345","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e05edc08-be14-4354-a140-b48f2ac5bee5","name":"sed","type":"tool","source":"Tidal Cyber","software_attack_id":"S3560","tidal_id":"584137bd-744e-5d14-99ba-7807d39fb6a3","created":"2025-10-07T14:07:33.942781Z","modified":"2025-10-07T14:07:33.942783Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"9c6704f2-214b-415e-9ce3-10ff329ee797","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ddd2e44b-0ee2-4f80-9a43-f5e1ac0b90c0","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"eb4a39c0-b220-4a4d-b9fa-13be3c4cd8d0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2337b8cc-7223-4f37-9de0-ed98b78d5575","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"411eb6ad-f938-45f9-a4bc-4b20baaa82af","name":"SenseSampleUploader.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3565","tidal_id":"44a01c48-b27e-5883-b41d-3ef3aa6d73b9","created":"2025-10-07T14:07:34.662825Z","modified":"2025-10-07T14:07:34.662828Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research 09 22 2025](/references/e813f0cf-b9de-429a-8699-aadd90b5de4f)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5faa347c-17fd-41eb-bcca-35a05b479e4d","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"63b82db9-16a0-4783-a0db-ba344ca53db7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"93dd2501-f319-4b31-aa98-0ee9ec5a171b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b18ae7da-0e7d-4f2e-ab03-22644f112e13","name":"SentinelAgentCore.dll (trojanized)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3777","tidal_id":"2c79bbb6-e4da-5cc0-a1fb-5f89967958ca","created":"2025-12-17T14:18:53.434372Z","modified":"2025-12-17T14:18:53.434375Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ReliaQuest December 09 2025](/references/d01a6573-49f4-415b-a778-778d08255afd)]</sup>","group_attack_id":"G3175","group_id":"2a834c03-7339-481f-8fcb-787e13f990c6","name":"Storm-0249","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8a5f9871-950f-45ae-aa8a-024eb8babe1f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"86bc5732-0e96-4b1d-b323-eb80341f4bc6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"935c5a81-209c-47cf-af0d-dd76cf3f6742","name":"SentinelAgentWorker.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3778","tidal_id":"ab487fdc-26f4-50c5-93b0-e7f8249b142e","created":"2025-12-17T14:18:53.583096Z","modified":"2025-12-17T14:18:53.583099Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ReliaQuest December 09 2025](/references/d01a6573-49f4-415b-a778-778d08255afd)]</sup>","group_attack_id":"G3175","group_id":"2a834c03-7339-481f-8fcb-787e13f990c6","name":"Storm-0249","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b7b2e8f3-fde1-4ae6-9c6b-c28a996d8d69","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f2e5cac8-7c59-49bc-a483-5425cb3b5f63","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b57820c1-a035-44f6-a708-0116b62e128b","name":"SerialVlogger","type":"malware","source":"Tidal Cyber","software_attack_id":"S3969","tidal_id":"d04c6535-23ab-5daa-90df-3f7b30f5bb50","created":"2026-01-23T20:31:09.861551Z","modified":"2026-01-23T20:31:09.861554Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ab95b7b5-c6a1-4e78-9d8f-11797c2d7bd4","name":"SerialVlogger","description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","source":"USER","associated_software_id":"1792376e-e25e-443b-b565-a92eb24009c7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f097c8a2-1f36-4cde-beb9-225b6b5327fb","name":"SeriallVlogger","description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","source":"USER","associated_software_id":"b52a0faa-d88e-4f15-8ccf-93241638aac4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"0ba31a64-7df0-4a10-8f06-0729d8807864","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"033b59a1-8724-4cab-b133-b32f7d061407","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"2bd55fca-e5f0-4c68-a573-e1c2b9203425","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7ddd046b-bbcb-4eac-a15e-2c026497c4a5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"704ed49d-103c-4b33-b85c-73670cc1d719","name":"ServHelper","type":"malware","source":"MITRE","software_attack_id":"S0382","tidal_id":"3f270b20-cf62-5864-998b-d1a5ba693f3b","created":"2019-05-29T13:14:38.638000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA505 Jan 2019](https://app.tidalcyber.com/references/b744f739-8810-4fb9-96e3-6488f9ed6305)]</sup><sup>[[Cybereason TA505 April 2019](https://app.tidalcyber.com/references/076f2b95-97d2-4d50-bb9b-6199c161e5c6)]</sup><sup>[[Deep Instinct TA505 Apr 2019](https://app.tidalcyber.com/references/529524c0-123b-459c-bc6f-62aa45c228d1)]</sup><sup>[[Trend Micro TA505 June 2019](https://app.tidalcyber.com/references/e664a0c7-154f-449e-904d-335be1b72b29)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"48523f0f-a6f9-4d4f-84b6-2c850d4c6c95","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"84c87112-52b1-47d8-8918-21c5f0f7d14a","name":"Service Control Manager","type":"tool","source":"Tidal Cyber","software_attack_id":"S3665","tidal_id":"aab72cab-f625-5a77-bef2-f67468e08602","created":"2025-11-26T19:38:19.737154Z","modified":"2025-11-26T19:38:19.737157Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"2e38b3aa-4570-41ea-b0d0-db04dcf23a53","name":"SCM","description":"<sup>[[BleepingComputer November 19 2025](/references/ec75f7aa-a908-46b5-896f-bc4ed40d58c0)]</sup>","source":"USER","associated_software_id":"0ae0cd5d-667c-4ae9-8c32-1e0a71bdb4aa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[BleepingComputer November 19 2025](/references/ec75f7aa-a908-46b5-896f-bc4ed40d58c0)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"be5df0b2-be3b-4055-94be-7298762da320","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"90ead083-6b19-4259-9d20-a9096f27290f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"28504042-b5be-456e-8508-b8bbfe776a12","name":"SesameOp","type":"malware","source":"Tidal Cyber","software_attack_id":"S3628","tidal_id":"551ed798-c669-5837-ac9c-e5bf3f7e80ad","created":"2025-11-19T17:45:38.650095Z","modified":"2025-11-19T17:45:38.650098Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0cd215bb-0cbe-4c75-9996-9fc789748390","name":"OpenAIAgent.Netapi64","description":"<sup>[[Microsoft Security Blog November 03 2025](/references/4fc98ad2-fabe-46a7-8546-db22dd737177)]</sup>","source":"USER","associated_software_id":"e09d9d79-60b0-4326-b533-36c506698c50","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Security Blog November 03 2025](/references/4fc98ad2-fabe-46a7-8546-db22dd737177)]</sup>","group_attack_id":"G3148","group_id":"83996f9f-7f96-479b-9295-6582b13905c2","name":"SesameOp threat actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"67ae365f-8e61-417a-8ee0-40b690b5c296","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5200e84a-1a76-48ab-89ac-9e9af2ebde7a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"179ed67a-6142-49c2-8e71-927b9c47e6f5","name":"SessionGopher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3411","tidal_id":"ce39d702-df72-53d1-a67e-5276da83220c","created":"2024-11-25T18:01:20.063459Z","modified":"2024-11-25T18:01:20.063464Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7db78bfa-666b-4c4a-bea4-c1c4b3e2228c","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"98b7b614-1974-47aa-9e34-9225e85663f4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"1bed16f9-fcb1-4a94-b87e-6ba5d2e8233c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5672593e-914f-4ed1-9b94-b37e86035eb3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"f601865e-9162-4e8a-8444-6db2eb54c128","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"20300766-a6a9-4e49-8ac7-8ad914555936","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"4f4ff3ed-7d2e-4cd3-b02c-1d568690a1ee","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"fb47c051-d22b-4a05-94a7-cf979419b60a","name":"Seth-Locker","type":"malware","source":"MITRE","software_attack_id":"S0639","tidal_id":"6c5a177e-910d-5ae4-88bc-1fa6bc04493f","created":"2021-08-13T14:57:39.387000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"0314e860-8f16-4575-8a8b-47a9da69b04e","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"80242cf6-335d-4b31-89a2-70ec04c368b3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"ad872ead-f3be-49df-b2f3-2526246acdf5","name":"Setres","type":"tool","source":"Tidal Cyber","software_attack_id":"S3283","tidal_id":"56671872-fe8e-556c-baec-18f94e417344","created":"2024-01-12T14:48:11.312314Z","modified":"2024-01-12T14:48:11.312319Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ee17b779-c555-4ae0-9a76-56a24d647675","name":"Setres.exe","description":"<sup>[[Setres.exe - LOLBAS Project](/references/631de0bd-d536-4183-bc5a-25af83bd795a)]</sup>","source":"Tidal Cyber","associated_software_id":"87bd69bf-cada-4225-a91e-a32add673522","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ecf4e884-92b6-4caf-98fb-b76e342944de","tag":"d75511ab-cbff-46d3-8268-427e3cff134a"},{"id":"a5840fc9-9ffb-4622-944d-a8db5af97939","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"fb560c03-90af-4bc5-bf0f-7a1c01dfc537","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e46a42d6-ca6e-4237-ab66-b0d102a580c7","name":"SettingSyncHost","type":"tool","source":"Tidal Cyber","software_attack_id":"S3284","tidal_id":"a2d69aeb-3ccc-5886-84b6-bbec5692574e","created":"2024-01-12T14:48:11.656452Z","modified":"2024-01-12T14:48:11.656456Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0ab3517f-f1b5-4b85-81b7-1e887acf7cbf","name":"SettingSyncHost.exe","description":"<sup>[[SettingSyncHost.exe - LOLBAS Project](/references/57f573f2-1c9b-4037-8f4d-9ae65d13af94)]</sup>","source":"Tidal Cyber","associated_software_id":"ff7ceff1-6f98-4a50-9461-368b16d96b4b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c7fe679a-cbc1-4f91-8c17-7587a9a8a5e2","tag":"8929bc83-9ed6-4579-b837-40236b59b383"},{"id":"0c0fd086-001b-4d38-95af-f93b72d55d07","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"68bb376d-a2cd-4be8-82ec-27f64e3b1f42","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7d450ec-dd29-455f-8d26-f8a563e1e88d","name":"Setupapi","type":"tool","source":"Tidal Cyber","software_attack_id":"S3316","tidal_id":"90a73aec-a1a6-51ba-9034-f8e669860740","created":"2024-01-12T14:48:23.526256Z","modified":"2024-01-12T14:48:23.526262Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"da642a14-5517-47b9-b2d7-09b461f8164c","name":"Setupapi.dll","description":"<sup>[[Setupapi.dll - LOLBAS Project](/references/1a8a1434-fc4a-4c3e-9a9b-fb91692d7efd)]</sup>","source":"Tidal Cyber","associated_software_id":"ff4e0a76-a50f-4605-9e19-2cb2309bbda7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e3f88c1d-e630-4f67-aa38-3c08437695b2","tag":"da405033-3571-4f98-9810-53d9df1ac0fb"},{"id":"dfec98ed-75b4-481a-9ecc-f4cb7a3efc0c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f11a14cc-d20c-4746-bff1-8fb4439d812c","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"1d1fa645-0161-4e01-ab74-9add0f9688cf","name":"SetWindowsHookEx","type":"tool","source":"Tidal Cyber","software_attack_id":"S3915","tidal_id":"97797edc-4ef2-556e-9fe2-842cbeca59bc","created":"2026-01-14T13:31:34.815424Z","modified":"2026-01-14T13:31:34.815429Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Medium January 11 2026](/references/6cb12d3f-0296-47f7-9131-fc21ea806383)]</sup>","group_attack_id":"G3199","group_id":"ff36ede1-9375-4b1a-83f3-38b12d1ec3f4","name":"ValleyRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f2f32dcb-0098-4212-9848-b8d615be00ab","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"0d70f018-475e-437a-ace7-b99ffc2061dc","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"df25283f-1204-47b7-82ab-d0e74831f3ee","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb2d392a-6def-4eb3-adeb-d14b24320fb7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fc08537b-95af-4aa7-b161-74558d09dde4","name":"SFTP","type":"tool","source":"Tidal Cyber","software_attack_id":"S3723","tidal_id":"69437a8d-3d1d-5349-9e88-cf4cec32a5f7","created":"2025-12-10T14:15:00.425618Z","modified":"2025-12-10T14:15:00.425621Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[{"id":"1dad1b36-e721-42b9-a90b-d3e8c00b9cc7","name":"Secure File Transfer Protocol","description":"<sup>[[CrowdStrike.com December 04 2025](/references/24d4a6ac-2f5a-4155-bb14-7fb68a977fce)]</sup>","source":"USER","associated_software_id":"181e0c0c-e733-4b54-95ed-fa68b42e569d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CrowdStrike.com December 04 2025](/references/24d4a6ac-2f5a-4155-bb14-7fb68a977fce)]</sup>","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e44843cc-94be-4824-a48c-fe3d3a0708d4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"258dbeda-f9c0-4056-a4db-72aae497524b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e94c0e50-f7df-4b1b-b8e9-b76ee190870f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7751a962-281e-420d-9d29-f83ae9985fd5","name":"ShadowLink","type":"malware","source":"Tidal Cyber","software_attack_id":"S3442","tidal_id":"4b55152c-e962-5297-ab65-751f83c36b4b","created":"2025-03-04T15:55:25.447450Z","modified":"2025-03-04T15:55:25.447454Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0e8c9bc4-7851-44f2-8fd5-8fee380d5574","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3292de0a-32da-4b24-be45-67414e2ccf74","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"},{"id":"8e5ac7d8-488b-4811-b980-ea5a7546176a","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"e2ff7614-673a-4b56-be84-038887218c60","tag":"2e85babc-77cd-4455-9c6e-312223a956de"}],"owner_name":"TidalCyberIan"},{"id":"5190f50d-7e54-410a-9961-79ab751ddbab","name":"ShadowPad","type":"malware","source":"MITRE","software_attack_id":"S0596","tidal_id":"c1d11ca1-7b17-5c28-ab8e-e498edd2d20e","created":"2021-03-23T20:49:39.954000Z","modified":"2022-10-17T19:31:36.083000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e503dc0d-9c53-4110-a7da-bfc7ebcc3b3a","name":"POISONPLUG.SHADOW","description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","source":"MITRE","associated_software_id":"86e74984-d06d-4b3e-be56-8c3af2060e99","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Recorded Future RedEcho Feb 2021](https://app.tidalcyber.com/references/6da7eb8a-aab4-41ea-a0b7-5313d88cbe91)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) used [ShadowPad](https://app.tidalcyber.com/software/5190f50d-7e54-410a-9961-79ab751ddbab) as a remote access tool to victim environments.<sup>[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)]</sup>","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup><sup>[[Recorded Future RedEcho Feb 2021](https://app.tidalcyber.com/references/6da7eb8a-aab4-41ea-a0b7-5313d88cbe91)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[RedEcho](https://app.tidalcyber.com/groups/a6dea520-12ab-5c7b-8142-db3a308122de) has used [ShadowPad](https://app.tidalcyber.com/software/5190f50d-7e54-410a-9961-79ab751ddbab) during intrusions.<sup>[[RecordedFuture RedEcho 2021](https://app.tidalcyber.com/references/644fa2c1-ed3e-5203-96d5-27acfc1947a0)]</sup><sup>[[RecordedFuture RedEcho 2022](https://app.tidalcyber.com/references/3bd1c189-8cb8-5e87-9d3a-15d24a8df16f)]</sup>","group_attack_id":"G1042","group_id":"a6dea520-12ab-5c7b-8142-db3a308122de","name":"RedEcho","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3179","group_id":"66b0f5f6-3377-4f5d-ac79-605dad9221f1","name":"Ink Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3074","group_id":"62f010b9-707f-4161-99dc-69e3c6e54e13","name":"Stately Taurus","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky CactusPete Aug 2020](https://app.tidalcyber.com/references/1c393964-e717-45ad-8eb6-5df5555d3c70)]</sup>","group_attack_id":"G0131","group_id":"9f5c5672-5e7e-4440-afc8-3fdf46a1bb6c","name":"Tonto Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Recorded Future RedEcho Feb 2021](https://app.tidalcyber.com/references/6da7eb8a-aab4-41ea-a0b7-5313d88cbe91)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e00566f3-7933-42f7-8f87-a839153a93e7","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"b7412dfb-ab2c-473d-bf35-33ca518571ad","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"097bffc1-3450-4757-b666-34732a82f0b4","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"e76a730b-2e2e-47a6-8768-293bf82752e2","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"8552d27f-3074-4b99-b861-fa7b7661ea0e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a9611327-c37f-421a-88ab-7d1023de1b4b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d73a3a77-9f38-429b-9bb2-b09cd306a6d6","name":"ShadowV2","type":"malware","source":"Tidal Cyber","software_attack_id":"S3708","tidal_id":"9a15c466-b41b-5fbd-b531-74b83fc25a12","created":"2025-12-10T14:14:57.615842Z","modified":"2025-12-10T14:14:57.615845Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"6ff996ed-42f8-48d7-b203-8417c48c94cb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"678b27fc-21ee-407a-964b-ba9e606eab47","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4a5a456e-2d79-406c-81a6-7e2e056fbfe7","name":"Shai-Hulud Worm","type":"malware","source":"Tidal Cyber","software_attack_id":"S3554","tidal_id":"d074e2ea-e9ed-5ab3-9483-563bff31ae0b","created":"2025-09-19T19:48:16.664073Z","modified":"2025-09-19T19:48:16.664076Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"bc2ba7b5-9e09-451a-8226-fa95777cc768","name":"Shai Hulud","description":"","source":"USER","associated_software_id":"ff591506-9576-4514-9a71-19dbaffb4297","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f299f54c-2df0-47e8-91f7-90d071e5535f","name":"Shai-hulud 2.0","description":"<sup>[[Trend Micro Shai-hulud 2.0 November 27 2025](/references/8ef2673c-0d9a-4b8d-b529-154ad16d7ce7)]</sup>","source":"USER","associated_software_id":"d2ea3447-4049-404b-88f5-fa58bb707672","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"5ae08bf9-e0e9-4e70-a256-f4b188953be5","name":"Sha1-Hulud","description":"<sup>[[Trend Micro Shai-hulud 2.0 November 27 2025](/references/8ef2673c-0d9a-4b8d-b529-154ad16d7ce7)]</sup>","source":"USER","associated_software_id":"eac14745-6162-46c1-b809-9ecf74849088","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c045f342-88e4-46d4-867d-af25637a0afd","name":"Shai-hulud","description":"<sup>[[Trend Micro Shai-hulud 2.0 November 27 2025](/references/8ef2673c-0d9a-4b8d-b529-154ad16d7ce7)]</sup>","source":"USER","associated_software_id":"0e9b6fe6-ef8d-4c79-88fd-a14e0fb850fc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"3632d21b-1497-4955-b553-c6dd68eaa01b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"f22e4c9f-e28d-4f1d-8bf9-3c0ae39e3485","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"29187c84-4634-4894-bb74-01e71e0b1df9","tag":"d20efbce-b76a-434b-aab7-5b268ed4b2e6"},{"id":"1c37fb86-b7d9-424b-94fb-01bc4df7206c","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"671d1f30-20dd-466f-bc7b-aa7ad7ed71cc","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"146aedde-6d46-4bec-afe3-ee2ae839f45c","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"204b93d0-4824-4c9e-a2c6-c5f1ce022497","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"b6a3502e-cb89-4c95-b2a8-61ab06701f0d","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"8d95338a-d70b-472a-a832-42ca6f697e74","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"89a11607-8263-4fc9-a2e6-687b09b9dba6","tag":"4a457eb3-e404-47e5-b349-8b1f743dc657"},{"id":"4a5f4507-f786-43e5-ae4c-97888233444e","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"d523a4fa-ed13-4a0a-a554-6ad315f18d9f","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"a539304f-4cda-4738-b13a-ba88aefe117f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d8b51d35-da1e-4b38-a29d-2f1a93769b0f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"840db1db-e262-4d6f-b6e3-2a64696a41c5","name":"Shamoon","type":"malware","source":"MITRE","software_attack_id":"S0140","tidal_id":"38a8d313-e17e-5ccd-8534-9f74a770059d","created":"2017-05-31T21:33:20.223000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ab151071-4f92-4e56-8108-d5f298a320f6","name":"Disttrack","description":"<sup>[[Palo Alto Shamoon Nov 2016](https://app.tidalcyber.com/references/15007a87-a281-41ae-b203-fdafe02a885f)]</sup>","source":"MITRE","associated_software_id":"a834945d-2e57-44e0-9795-8bdc73208f61","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"59850eb8-9fe2-4c25-b0a5-015859703116","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"9aec053a-4705-4d25-8e85-241f8c0c89c6","name":"Shanya Packer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3761","tidal_id":"bad54891-7d77-5a3e-b6dc-b40ad3a3752b","created":"2025-12-17T14:18:50.997420Z","modified":"2025-12-17T14:18:50.997423Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aac1418d-2479-49b9-a9b6-58ef33bb4fcc","name":"version.dll","description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","source":"USER","associated_software_id":"9eee5752-2191-4c27-9537-5c11277e4626","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6af412c6-084f-45b3-b2ec-0dc250fcb794","name":"VX Crypt","description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","source":"USER","associated_software_id":"266a80de-1b1c-44e1-9175-d169d5b0748c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"eec5ed1f-1af2-4422-a898-a27ca7b08455","name":"Armillaria Loader","description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","source":"USER","associated_software_id":"0fc20ba8-8c27-42b8-933c-6eff102467f2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","group_attack_id":"G3170","group_id":"dddd119f-edac-4077-958b-6a775dd4a147","name":"Shanya Packer Operator","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"90aa3568-9c17-4da7-b1b2-91f8e1d2f086","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"969682ff-06df-493f-8ade-7642d306e741","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"34e09f9f-fd2e-468f-9f7b-36890795689a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d6f7950b-f2bd-4894-8f7c-d018e399feff","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"055e70b5-c279-41d4-ad11-c2a884929d88","name":"ShapNBTScan","type":"tool","source":"Tidal Cyber","software_attack_id":"S3434","tidal_id":"4473ec7a-6eb6-50bd-a080-bc1e7ed38067","created":"2025-02-24T20:29:01.581218Z","modified":"2025-02-24T20:29:01.581222Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"37ad9587-5e6d-4586-9bb3-2c1dc2b13fd7","name":"NBT.exe","description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","source":"Tidal Cyber","associated_software_id":"2ad365a1-7ae1-4522-9c28-1b5c43f3c1d7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"fe962179-3d8c-4ccb-8271-68a6dc102410","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"f5e05785-8a35-49ef-977e-50e38af219f5","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ee618dc0-9761-4a75-8a42-72bf0eb41179","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"56ca2052-8c8c-44d9-9dd1-03205b71aa7f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cca87d1b-5dcd-4f5a-a17e-6192ec2f4fea","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"4fbb5a51-8dcd-4402-a934-35437383264b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"3529cfa8-469c-4267-a1ea-47109ce483ba","name":"ShareFinder","type":"tool","source":"Tidal Cyber","software_attack_id":"S3468","tidal_id":"8c873f0f-9d40-509f-9dd5-33a014e19ac0","created":"2025-04-15T17:47:54.712719Z","modified":"2025-04-15T17:47:54.712723Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"babeb7b9-f4d4-4699-a435-2b35d0c568bb","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"82c8df80-40a6-4838-90cf-3a6b8457af62","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"f880e932-e551-4158-b271-b32d5a8b8a26","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"1c763597-2261-440a-ad72-dde8407e629b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb6aa85d-96d9-4395-bcf2-c4e88f927948","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e67dcfc9-c187-4dea-aef4-646b879430cb","name":"SharePoint","type":"tool","source":"Tidal Cyber","software_attack_id":"S3978","tidal_id":"67180057-aa46-58bc-b810-f808d2dcc9de","created":"2026-01-23T20:31:11.239265Z","modified":"2026-01-23T20:31:11.239268Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[],"tags":[{"id":"e6c5ae6c-f021-4941-a34c-1290ce92ea69","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"a02b9290-c7f9-483a-9bb8-943a0a4c2941","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c9d83020-ad6d-49d6-a03e-4225febad982","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"278da5e8-4d4c-4c45-ad72-8f078872fb4a","name":"Shark","type":"malware","source":"MITRE","software_attack_id":"S1019","tidal_id":"cc9fb176-ac6d-52cb-8369-822d3d27a4dc","created":"2022-06-10T19:45:53.538000Z","modified":"2022-08-31T21:47:57.382000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky Lyceum October 2021](https://app.tidalcyber.com/references/b3d13a82-c24e-4b47-b47a-7221ad449859)]</sup><sup>[[Accenture Lyceum Targets November 2021](https://app.tidalcyber.com/references/127836ce-e459-405d-a75c-32fd5f0ab198)]</sup>","group_attack_id":"G1001","group_id":"eecf7289-294f-48dd-a747-7705820f4735","name":"HEXANE","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"54731ee1-68f7-4b95-9513-e4eb70679677","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"4a4b286e-55e5-56f7-8d6f-e95fd7176034","name":"SharkBot","type":"malware","source":"Mobile","software_attack_id":"S1055","tidal_id":"4a4b286e-55e5-56f7-8d6f-e95fd7176034","created":"2026-01-28T13:08:09.938553Z","modified":"2026-01-28T13:08:09.938555Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"311e8944-2157-4616-8b95-d75020e21c35","name":"SharpChromium","type":"tool","source":"Tidal Cyber","software_attack_id":"S3100","tidal_id":"afc43624-de13-5feb-84f1-2b783724e0b7","created":"2023-12-14T19:26:31.388498Z","modified":"2023-12-14T19:26:31.388502Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA SVR TeamCity Exploits December 2023](/references/5f66f864-58c2-4b41-8011-61f954e04b7e)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"89f92b69-b45a-421e-a58d-11cd62e949c5","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"c819b96d-3877-46a7-b436-59ed85f42abe","name":"SharpDecryptPwd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3619","tidal_id":"db234bd6-bda2-52f7-84d4-9ef86b369868","created":"2025-11-11T13:26:33.639416Z","modified":"2025-11-11T13:26:33.639421Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 27 2025](/references/0eede7ae-6637-4f1a-b3b8-425d585025d8)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"61d7d603-04b9-426a-920d-d989b9ad8f34","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"b5ea01aa-ec45-4044-9020-a5d3ca5d379f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f78b1d5e-9879-4942-9eec-332a00c48ef0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4ed1e83b-a208-5518-bed2-d07c1b289da2","name":"SharpDisco","type":"malware","source":"MITRE","software_attack_id":"S1089","tidal_id":"f6047b23-904a-5597-bd43-90891322535d","created":"2023-11-07T00:35:45.526007Z","modified":"2023-11-07T00:35:45.526012Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MoustachedBouncer ESET August 2023](https://app.tidalcyber.com/references/9070f14b-5d5e-5f6d-bcac-628478e01242)]</sup>","group_attack_id":"G1019","group_id":"f31df12e-66ea-5a49-87bc-2bc1756a89fc","name":"MoustachedBouncer","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"20e472dd-dc65-40e4-b655-c8b4fae7714a","name":"SharpExfiltrate","type":"tool","source":"Tidal Cyber","software_attack_id":"S3142","tidal_id":"a1e98cd6-0d1a-5ac5-80f3-8385c79573a0","created":"2024-06-24T15:00:25.262006Z","modified":"2024-06-24T15:00:25.262012Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kroll Royal Ransomware February 13 2023](/references/de385ede-f928-4a1e-934c-8ce7a6e7f33b)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d5f1eb9b-ae41-48c5-823f-94d6ba4c4c85","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"6cc67305-97fe-46f7-bba6-6972ae61b68e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"656f33bc-e6dc-4b1e-8f48-3ccb8e6c8abe","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fdb9cd3d-8192-4141-9703-88163f6c3f77","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"529e95a5-7e66-4805-9067-729b63cdba57","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"17f7945a-5ffd-4f02-a152-2c5d61d9d6c9","name":"SharpGPOAbuse","type":"tool","source":"Tidal Cyber","software_attack_id":"S3900","tidal_id":"ea1d7a49-91bb-5d92-86fe-4b1cea472c10","created":"2026-01-14T13:31:32.239241Z","modified":"2026-01-14T13:31:32.239245Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5a111b8f-3b67-462d-8bd4-7a8b3cbc269b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"df286111-7991-47dc-9bb0-2027a26b0aae","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"a9eefd00-1f05-4c03-9d15-ab4d304aa7d5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"61b30e60-b5f3-4fdc-986c-2886a972e901","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"72ac13f5-2436-46dc-bf3f-b4b1364ba4f8","name":"SharpGPPPass","type":"tool","source":"Tidal Cyber","software_attack_id":"S3436","tidal_id":"1ecb948d-72d1-52f8-869a-98bd3f99c3f8","created":"2025-02-24T20:29:02.157493Z","modified":"2025-02-24T20:29:02.157497Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7754b69f-d7bb-43fc-9f35-517c45373dd0","name":"SharpGPPPass.exe","description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","source":"Tidal Cyber","associated_software_id":"85532c62-557c-4019-9a3a-3eb90fe2deb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"16846122-3125-4962-8a38-1be2d116dd53","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"eb764548-b012-49a7-b9d7-2199a90a5730","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"256243ca-b65b-4e74-ae3b-e5d52f8c93c6","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fef13a9c-0225-4c86-b4d2-4cc90b1bb545","tag":"ef782523-005c-47ef-9640-5eb51560a44e"},{"id":"7a9a6e09-72ef-44f4-a190-099d36248843","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"cd049ed3-194f-491a-bba2-fc9fa25850dc","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fe5cea24-26ac-4ddf-9355-dfb9223a1606","tag":"7de7d799-f836-4555-97a4-0db776eb6932"}],"owner_name":"TidalCyberIan"},{"id":"0bcf0dae-315f-491f-bc65-b1772ffa31c1","name":"SharpHound","type":"tool","source":"Tidal Cyber","software_attack_id":"S3115","tidal_id":"7aa55945-0323-5b6b-8503-f502802105aa","created":"2024-03-07T21:01:08.037303Z","modified":"2024-03-07T21:01:08.037306Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Tropic Trooper December 14 2021](/references/0d4aea26-56ac-48cf-9b5a-d878bf30c503)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"67b01c1c-1bcf-4679-af9c-b74f9800d2e6","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"df7d86e0-080e-4c0c-8d6e-5e14af9e5efd","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"216f66e3-1093-4f7e-bf10-7360e13905cb","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b5eee804-40d1-48f6-beb5-3e8c2d84f06d","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"c9e57a95-5299-475d-9c0e-e3fa897286aa","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2e3d54aa-4534-4b19-8b87-f4e27e526b74","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"2cb456f1-2b62-4df5-a5ff-0894783216b0","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c28898df-a4af-471f-b1bf-70ea2fdbbf7a","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"dda600ed-2950-4838-89d1-1f76dd276468","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"54a5c881-c1ad-40d0-88c0-6c32b9ef95cb","name":"SharpRoast","type":"malware","source":"Tidal Cyber","software_attack_id":"S3083","tidal_id":"4e8487c3-fb27-5032-95c6-eba5754db24f","created":"2023-09-22T15:01:33.450956Z","modified":"2023-09-22T15:01:33.450964Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2d7d7232-1b03-43ae-93ba-806d32a545bf","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a2a82f73-369d-49ea-a093-c45e65b529cd","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"}],"owner_name":"TidalCyberIan"},{"id":"a202b37f-5c61-410b-bb14-a3e6b2b82833","name":"SharpShares","type":"tool","source":"Tidal Cyber","software_attack_id":"S3013","tidal_id":"0a76082b-c3e9-54d3-96b2-d0385106baab","created":"2023-07-14T12:56:37.974109Z","modified":"2023-07-14T12:56:37.974113Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"50ccce2d-be10-4432-993f-5cd5ff228ef7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"76b98bbd-4633-4afc-bde4-5fb30f56540c","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"577f26c7-b8e6-4dcb-b013-9a724b273835","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"f5642f17-d8a2-4799-b154-cf1a13c7f584","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7522d5d9-8a16-4e8f-a47c-7fdad02825be","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"75607d18-94c4-482c-ac71-cc136bdf8a41","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"26b2f1d9-fb56-4ada-a540-85f2fa8492dc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"564643fd-7113-490e-9f6a-f0cc3f0e1a4c","name":"SharpStage","type":"malware","source":"MITRE","software_attack_id":"S0546","tidal_id":"2ad3940b-c4fe-5e72-974d-32cc7a233b62","created":"2020-12-22T17:02:52.954000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)]</sup>","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f655306f-f7b4-4eec-9bd6-ac75142fcb43","name":"SHARPSTATS","type":"malware","source":"MITRE","software_attack_id":"S0450","tidal_id":"ddbf8a0a-0723-529c-9f44-3b11f666d840","created":"2020-05-18T19:51:37.488000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro POWERSTATS V3 June 2019](https://app.tidalcyber.com/references/bf9847e2-f2bb-4a96-af8f-56e1ffc45cf7)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b1b3ef97-d32a-48a6-b4f1-e4c776fad14b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"e2f1673e-aff2-4445-a51c-376ad51a519e","name":"SharpTokenFinder","type":"tool","source":"Tidal Cyber","software_attack_id":"S3680","tidal_id":"24b1adf8-8b91-53b0-9774-41731ee52cdd","created":"2025-12-10T14:14:53.166278Z","modified":"2025-12-10T14:14:53.166281Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SecureList ToddyCat November 21 2025](/references/889c7685-43ce-4156-a142-4b4605d8fec9)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"be723621-7d36-4389-9f6b-9f3ce3cabc2e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"12f0dcd2-59d0-4741-9afc-893eb5d9f9bf","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"dcfd3dfd-bfad-41dc-b17c-4435209d552d","name":"SharpZeroLogon","type":"tool","source":"Tidal Cyber","software_attack_id":"S3435","tidal_id":"8ae6e2a1-0d31-5b38-9ef1-70e67cc62ae5","created":"2025-02-24T20:29:01.963727Z","modified":"2025-02-24T20:29:01.963731Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"48b05d34-b7cc-4f46-a501-3a55f5381c05","name":"SharpZeroLogon.exe","description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","source":"Tidal Cyber","associated_software_id":"62705c1e-c13f-4452-82c8-e7f38d36705e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f310814a-7031-4406-b392-5ce737bd7ea1","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"928c8ad8-b908-4e05-bd5d-99f63a236cc9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"acf43eab-6893-4734-b1bf-70e27d4caf99","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"9d6e320c-222f-4f54-9c42-3f558634ef73","tag":"89c5b94b-ecf4-4d53-9b74-3465086d4565"},{"id":"8f74bc17-83a7-42b9-a31b-bc0818b8d2d2","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"e60862b3-edcd-4c2e-b916-c4e552d2d8e3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"86e442e1-2147-41c5-af73-a008da3ee2fa","tag":"7de7d799-f836-4555-97a4-0db776eb6932"}],"owner_name":"TidalCyberIan"},{"id":"67323b8a-e805-4503-8a40-d47f229453a0","name":"Shdocvw","type":"tool","source":"Tidal Cyber","software_attack_id":"S3317","tidal_id":"8b287b6f-9684-5487-9ea6-ef15ab577cd5","created":"2024-01-12T14:48:23.865584Z","modified":"2024-01-12T14:48:23.865589Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"89e74cc6-79a8-4d02-9d12-46076a8b56ae","name":"Shdocvw.dll","description":"<sup>[[Shdocvw.dll - LOLBAS Project](/references/0739d5fe-b460-4ed4-be75-cff422643a32)]</sup>","source":"Tidal Cyber","associated_software_id":"8a0c4826-3d7a-4eac-9f53-1a82316ea81f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"aa5e7204-2ac4-45e2-9f95-ec3319ac79ef","tag":"2c0f0b44-9b09-49a0-8dc5-d9fdcc515825"},{"id":"4daa56da-3c65-4e58-8401-00bb6a6691bd","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f045a566-677e-4bea-ae57-1560ff3dd4df","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"edf31b62-e9db-43c8-b9ef-55afd6b0404c","name":"Shell32","type":"tool","source":"Tidal Cyber","software_attack_id":"S3318","tidal_id":"9e7c2669-3bab-5307-b991-1c9c54a19b1d","created":"2024-01-12T14:48:24.249142Z","modified":"2024-01-12T14:48:24.249147Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f83926fc-f19b-4c3c-9b02-f8e8e06eceed","name":"Shell32.dll","description":"<sup>[[Shell32.dll - LOLBAS Project](/references/9465358f-e0cc-41f0-a7f9-01d5faca8157)]</sup>","source":"Tidal Cyber","associated_software_id":"d60406be-9e87-4325-b130-ca74a8e3cb6f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"287dc1f0-0d85-431a-96ec-3cec6c22a6a1","tag":"e0b9882e-b9bb-4c16-b3d9-9268866eded0"},{"id":"136d56e2-9da3-4b8a-9de2-5843e16145f6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"97bb9c9b-aac0-410f-b36c-2be3cd86da69","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5df9360b-d8fb-4149-8276-5b132de0b032","name":"ShellExecuteExA","type":"tool","source":"Tidal Cyber","software_attack_id":"S3916","tidal_id":"c1ecfcd6-8720-5b59-8a35-b9efcb9ab506","created":"2026-01-14T13:31:34.980565Z","modified":"2026-01-14T13:31:34.980569Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Medium January 11 2026](/references/6cb12d3f-0296-47f7-9131-fc21ea806383)]</sup>","group_attack_id":"G3199","group_id":"ff36ede1-9375-4b1a-83f3-38b12d1ec3f4","name":"ValleyRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"65c6a9f7-6ada-4123-8bae-db6055bb7ad8","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"6f3f8557-7e44-407f-b1f9-8e65a5687f39","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"68b2fd98-6022-4584-9aba-bb9128ab42ba","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b2e98521-f0e1-4e50-b09b-b5fc236a1f61","name":"SHEmptyRecycleBinA","type":"tool","source":"Tidal Cyber","software_attack_id":"S3974","tidal_id":"27f3cab5-f649-57cd-ae72-5f7dcc0de32c","created":"2026-01-23T20:31:10.661705Z","modified":"2026-01-23T20:31:10.661709Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6ee26a15-30d4-452b-b11e-cd416d478238","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"0d08a6bb-42e8-4155-b75a-b20d120f9ae9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"aabb42a1-0f64-4678-8dba-0d60fd315b24","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c35c0c53-1016-5523-9295-f2a680104dff","name":"ShiftyBug","type":"malware","source":"Mobile","software_attack_id":"S0294","tidal_id":"c35c0c53-1016-5523-9295-f2a680104dff","created":"2026-01-28T13:08:09.938875Z","modified":"2026-01-28T13:08:09.938876Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"691b3a37-af46-47d2-a027-d93d901e0dac","name":"Shimgvw","type":"tool","source":"Tidal Cyber","software_attack_id":"S3319","tidal_id":"735651e3-7507-5190-97d4-e41608fd057f","created":"2024-01-12T14:48:24.603185Z","modified":"2024-01-12T14:48:24.603189Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"406ba722-6a7d-4cc4-82f6-18cfe36ddcc9","name":"Shimgvw.dll","description":"<sup>[[Shimgvw.dll - LOLBAS Project](/references/aba1cc57-ac30-400f-8b02-db7bf279dfb6)]</sup>","source":"Tidal Cyber","associated_software_id":"03cadf3b-6313-4f0f-8ff1-b9944d6f86f2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"973c1ff3-b424-444a-8ab8-a236e9750591","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6ebb3aa0-072b-4d8f-9ea3-71b5c84fc454","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a3287231-351f-472f-96cc-24db2e3829c7","name":"ShimRat","type":"malware","source":"MITRE","software_attack_id":"S0444","tidal_id":"bb15355b-b3df-5177-b6c9-3f9505700a64","created":"2020-05-12T21:28:20.934000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G0103","group_id":"8bc69792-c26d-4493-87e3-d8e47605fed8","name":"Mofang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"77d9c948-93e3-4e12-9764-4da7570d9275","name":"ShimRatReporter","type":"tool","source":"MITRE","software_attack_id":"S0445","tidal_id":"8fb6792f-b659-55c7-8527-70ba4a1faba8","created":"2020-05-12T21:29:48.294000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G0103","group_id":"8bc69792-c26d-4493-87e3-d8e47605fed8","name":"Mofang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"fdf54237-84b6-4890-a3cf-71beeb307d97","name":"ShinySp1d3r","type":"malware","source":"Tidal Cyber","software_attack_id":"S3663","tidal_id":"3d0af961-40b0-5dfe-9259-9d84ab59497b","created":"2025-11-26T19:38:19.451019Z","modified":"2025-11-26T19:38:19.451023Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"375b1921-7a85-4b35-9197-4540c54da7b1","name":"Sh1nySp1d3r","description":"<sup>[[BleepingComputer November 19 2025](/references/ec75f7aa-a908-46b5-896f-bc4ed40d58c0)]</sup>","source":"USER","associated_software_id":"84509b26-a874-4b4d-ac63-ff9e41d650c5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[BleepingComputer November 19 2025](/references/ec75f7aa-a908-46b5-896f-bc4ed40d58c0)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b7165e4f-f247-483f-bf0c-d0f4bbd79316","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3eed1ca3-4205-4044-9c90-291acb70b743","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3db0b464-ec5d-4cdd-86c2-62eac9c8acd6","name":"SHIPSHAPE","type":"malware","source":"MITRE","software_attack_id":"S0028","tidal_id":"178f28f6-0c83-5603-b271-5e5c98f76bab","created":"2017-05-31T21:32:21.366000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]</sup>","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"aeb8aefb-ee0b-4025-a3cd-3bc4b391a4e5","name":"ShortURL","type":"tool","source":"Tidal Cyber","software_attack_id":"S3921","tidal_id":"34a735f0-0345-52aa-84cc-d409eafd07a9","created":"2026-01-14T13:31:35.891689Z","modified":"2026-01-14T13:31:35.891694Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.recordedfuture.com January 09 2026](/references/fb8ee1dd-bf96-4d28-9d9f-807cc351190b)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a5ffef88-4489-4ffa-9626-2ad78b44f64f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"27695827-095f-4262-98e3-b64ed1fd6b2c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7d6b5887-f9ff-437b-8802-9b4e673c60db","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"49351818-579e-4298-9137-03b3dc699e22","name":"SHOTPUT","type":"malware","source":"MITRE","software_attack_id":"S0063","tidal_id":"a50fa0c7-38d4-538b-a006-f05315d876cf","created":"2017-05-31T21:32:42.754000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c7d4b1ec-bd3a-455c-92a7-b45249bb4e56","name":"Backdoor.APT.CookieCutter","description":"<sup>[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]</sup>","source":"MITRE","associated_software_id":"1632745f-2d2f-4720-8ce4-53750459cb33","owner_id":null,"owner_name":null},{"id":"da5aae0a-6a9c-4d09-b65a-75db8eaf3365","name":"Pirpi","description":"<sup>[[FireEye Clandestine Fox Part 2](https://app.tidalcyber.com/references/82500741-984d-4039-8f53-b303845c2849)]</sup>","source":"MITRE","associated_software_id":"9e091930-0bc1-48d3-b49a-046d0ef9819c","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye Clandestine Wolf](https://app.tidalcyber.com/references/dbb779c4-4d75-4fb4-ad3a-7d1f0f74e26f)]</sup>","group_attack_id":"G0022","group_id":"9da726e6-af02-49b8-8ebe-7ea4235513c9","name":"APT3","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9baf920c-9a17-5037-8a6b-1ce1bcd570dc","name":"ShrinkLocker","type":"malware","source":"MITRE","software_attack_id":"S1178","tidal_id":"9baf920c-9a17-5037-8a6b-1ce1bcd570dc","created":"2025-04-22T20:46:57.348184Z","modified":"2025-04-22T20:46:57.348188Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c0d0db09-0ca8-4673-8e21-30379c69af00","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"216dd9b7-e0f0-4328-a8b8-27a7cb8cb817","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"5b2d82a6-ed96-485d-bca9-2320590de890","name":"SHUTTERSPEED","type":"malware","source":"MITRE","software_attack_id":"S0217","tidal_id":"a3920a1a-a458-5d29-a6a6-fed49b0e2436","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ea0a1282-f2bf-4ae0-a19c-d7e379c2309b","name":"Sibot","type":"malware","source":"MITRE","software_attack_id":"S0589","tidal_id":"944398b3-4271-500f-8c08-03470ea5ad4b","created":"2021-03-12T18:08:23.552000Z","modified":"2022-10-18T23:33:55.403000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC NOBELIUM Mar 2021](https://app.tidalcyber.com/references/8688a0a9-d644-4b96-81bb-031f1f898652)]</sup><sup>[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]</sup><sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup><sup>[[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d5691c57-b420-4ab6-8331-8b1507793953","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"61227a76-d315-4339-803a-e024f96e089e","name":"SideTwist","type":"malware","source":"MITRE","software_attack_id":"S0610","tidal_id":"c1d3398c-8216-55cd-a32c-a2adfa54511b","created":"2021-05-06T14:44:50.494000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point APT34 April 2021](https://app.tidalcyber.com/references/593e8f9f-88ec-4bdc-90c3-1a320fa8a041)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ca6af4a0-b161-4a5f-aae4-8bb3680a02b7","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"c9ebe8ca-2e6d-4379-91d0-edc19da699e6","name":"SIGHTGRAB","type":"malware","source":"Tidal Cyber","software_attack_id":"S3645","tidal_id":"a717b0db-fa6f-567b-9d82-2c70ce70563a","created":"2025-11-19T17:45:41.169011Z","modified":"2025-11-19T17:45:41.169014Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"567a7daa-0724-4a86-8975-ee06b2ecc807","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"058a9869-b0ce-4c46-9547-0e4b2eef39cd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"eb53dfc0-9dc1-4edd-91b7-fbe411c4e5e0","name":"SilentPrism","type":"malware","source":"Tidal Cyber","software_attack_id":"S3715","tidal_id":"dd62647b-98b3-558a-bd9e-35ec2f173e2b","created":"2025-12-10T14:14:58.787392Z","modified":"2025-12-10T14:14:58.787396Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Water Gamayun March 28 2025](/references/feaae1f3-fccc-491a-bd07-7ecaea2cb813)]</sup>","group_attack_id":"G3157","group_id":"271cfdb6-e918-4a86-9289-c6a4d6b99ce4","name":"Water Gamayun","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2390f49e-3e55-4c0e-a2f5-1c3c0a0fc6e1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"09ab3658-e27a-4f3d-a0c9-e07df6b64ac1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"52d0f993-6a4d-499d-bb76-c8e8701b53b4","name":"SilentRaid","type":"malware","source":"Tidal Cyber","software_attack_id":"S3938","tidal_id":"34bf1659-cd7f-5c64-a641-8a30b799d85b","created":"2026-01-14T13:31:38.680064Z","modified":"2026-01-14T13:31:38.680069Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"f0623e0a-0477-4708-a28b-8d87fdf8aacf","name":"MystRodX","description":"<sup>[[Cisco Talos Blog January 08 2026](/references/74959041-08ca-41fc-8ceb-675f1fefd765)]</sup>","source":"USER","associated_software_id":"a4222ef5-6193-4d9e-945a-d4d0834c9b3f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cisco Talos Blog January 08 2026](/references/74959041-08ca-41fc-8ceb-675f1fefd765)]</sup>","group_attack_id":"G3203","group_id":"6df06da1-6f73-45a9-afb7-9087cd24cbff","name":"UAT-7290","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2456731f-c4f5-4aae-a899-0c0c167ff008","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"5759c498-caf5-4a59-be39-26b1d46de546","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"0079ce11-817d-4c18-8cef-b945290efbf1","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"bf4ee3ea-7644-4230-a381-316497b57570","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"879be75c-26a7-48a1-928f-b16ce3c8f13c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"84cd2573-3ec9-4afe-a73e-61d78174aaf0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c74ede9e-2a8b-4a40-9a5e-167b7e42eb85","name":"SilentSiphon","type":"malware","source":"Tidal Cyber","software_attack_id":"S3787","tidal_id":"b8de177d-c9ae-5dfa-a850-be44892ec4d6","created":"2025-12-24T14:57:24.863348Z","modified":"2025-12-24T14:57:24.863352Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"86f66005-a7ad-498b-9d13-992bc2c09baf","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"a18a7f71-a7f2-41ca-bd19-d613b898141b","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"4c617f7e-08a2-4104-801c-626cc976b64b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"30219a61-d297-4daf-a01d-769e20877daa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"58139013-85a9-4a42-927c-e0b1e0ae0446","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4765999f-c35e-4a9f-8284-9f10a17e6c34","name":"SILENTTRINITY","type":"tool","source":"MITRE","software_attack_id":"S0692","tidal_id":"0f475e03-5ce1-5ae5-81c1-50270e48f00d","created":"2022-03-23T19:34:30.486000Z","modified":"2022-04-21T12:01:12.083000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b667dee0-534a-586f-b283-c5b1ca5e8010","name":"SilkBean","type":"malware","source":"Mobile","software_attack_id":"S0549","tidal_id":"b667dee0-534a-586f-b283-c5b1ca5e8010","created":"2026-01-28T13:08:09.939050Z","modified":"2026-01-28T13:08:09.939051Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8ea75674-cc08-40cf-824c-40eb5cd6097e","name":"Siloscape","type":"malware","source":"MITRE","software_attack_id":"S0623","tidal_id":"c95e77fe-3dd8-5db6-b03c-ec8ddbbbf677","created":"2021-06-18T15:26:55.509000Z","modified":"2021-10-18T13:42:10.432000Z","platforms":[{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"369f733e-71da-4a56-850f-90ac9af6f28f","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"}],"owner_name":null},{"id":"2b08c4a7-e329-5de4-b514-f157cc910b9b","name":"SimBad","type":"malware","source":"Mobile","software_attack_id":"S0419","tidal_id":"2b08c4a7-e329-5de4-b514-f157cc910b9b","created":"2026-01-28T13:08:09.939256Z","modified":"2026-01-28T13:08:09.939257Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d8eb26fa-03c1-47e2-ae61-3971c8617b24","name":"SimpleHelp","type":"tool","source":"Tidal Cyber","software_attack_id":"S3449","tidal_id":"18e76450-7ce9-554a-b5d1-5466ea2f08da","created":"2025-03-17T18:33:48.716476Z","modified":"2025-03-17T18:33:48.716481Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 02 2025](/references/fc19e816-1740-468e-966e-a7cb1165e16e)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog October 06 2025](/references/242bd97d-dad0-49af-9ed6-f150542b8ded)]</sup>","group_attack_id":"G3139","group_id":"0aa009a3-4c8d-44d9-aa5f-6f68eb7d846c","name":"Storm-1175","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos DragonForce Attack May 27 2025](/references/edb4359f-f12a-4ab1-9116-9c4b3220120d)]</sup>","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"c208d56e-31dc-4195-8b16-4c01c78c9c7e","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"05ecfb5b-1495-4d16-b6e9-24cfff18c486","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"07756e1c-f5a3-4305-9a42-7d5e62a39aac","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"56eb7657-c00e-4e62-8e53-642f1e730815","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"9d60fb83-8d3b-400b-b803-be649a59c355","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"18ebd7af-a474-487f-9c7f-d4d1c7002c79","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"d2631096-7842-4bb7-a0b5-60a3c52a1d5b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b7786617-20ec-4361-997d-a2e5b72376be","name":"Sinobi Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3543","tidal_id":"f79d6e3f-f994-5a8a-8d42-8b694fc54f4a","created":"2025-09-15T19:14:00.266502Z","modified":"2025-09-15T19:14:00.266507Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Esentire August 27 2025](/references/8d40c966-331f-490c-b1b6-e33a095b888a)]</sup>","group_attack_id":"G3124","group_id":"bd33c962-4fc1-49d8-8416-259a032863b8","name":"Sinobi Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"781afbe9-4940-40b0-9e0a-87e7eb183e8d","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"b6ddeeba-b244-4b73-8af6-b1a39790b5e0","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"4afd962a-0c7b-4ebf-a078-564998382713","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"445a89f8-4a69-4389-91f8-518364f3512f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d5168804-6a6c-4109-90ae-a49ff1bfca4d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"206453a4-a298-4cab-9fdf-f136a4e0c761","name":"Skeleton Key","type":"malware","source":"MITRE","software_attack_id":"S0007","tidal_id":"3edfe1f4-70cd-592c-bb92-c412f885dd01","created":"2017-05-31T21:32:13.407000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Secureworks BRONZE FLEETWOOD Profile](https://app.tidalcyber.com/references/4fbb113c-94b4-56fd-b292-1ccf84e1c8f3)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"cc91d3d4-bbf5-4a9c-b43a-2ba034db4858","name":"Skidmap","type":"malware","source":"MITRE","software_attack_id":"S0468","tidal_id":"69363788-12a0-5b5c-b06f-1488e41779cb","created":"2020-06-09T21:23:38.995000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b50951f5-c078-4fab-934b-3109343a2f3b","name":"SKIPJACK","type":"malware","source":"Tidal Cyber","software_attack_id":"S3520","tidal_id":"a8bcee15-24ef-5413-972c-01b8ddbc0a38","created":"2025-08-28T19:35:47.335380Z","modified":"2025-08-28T19:35:47.335383Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant UNC4841 August 29 2023](/references/f990745d-06c1-4b0a-8394-66c7a3cf0818)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"20f1b2e2-f4d4-49c7-b5f3-3ef268ca575a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0408dfdb-6dac-4db8-b67a-852dbfb034ff","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d8553888-0d10-4b17-b39b-f6bc656303a0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5d831f6f-1e08-5aa5-a486-3f71511c4eb4","name":"Skygofree","type":"malware","source":"Mobile","software_attack_id":"S0327","tidal_id":"5d831f6f-1e08-5aa5-a486-3f71511c4eb4","created":"2026-01-28T13:08:09.938007Z","modified":"2026-01-28T13:08:09.938009Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"988e6bfe-592b-4513-9a92-5d8a6fb89761","name":"SLAYSTYLE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3558","tidal_id":"2a8393e6-79de-5268-9a81-e3e1788ba3f5","created":"2025-10-07T14:07:33.655714Z","modified":"2025-10-07T14:07:33.655717Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"d6e93bf3-7de9-486b-8556-1c59b9bfa8c1","name":"BEEFLUSH","description":"<sup>[[Google Cloud Blog 09 24 2025](/references/e1f48b82-07b0-4d68-92ed-2aa27db6702a)]</sup>","source":"USER","associated_software_id":"a1aec364-f6ec-4310-8f9c-7aa23eae3fbe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"d2363c9c-a976-4c17-9211-6373f995b8a4","name":"JSP Web Shell","description":"<sup>[[CrowdStrike.com December 04 2025](/references/24d4a6ac-2f5a-4155-bb14-7fb68a977fce)]</sup>","source":"USER","associated_software_id":"9267ce6a-e424-48d2-8c3a-4b1cbe37387b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CrowdStrike.com December 04 2025](/references/24d4a6ac-2f5a-4155-bb14-7fb68a977fce)]</sup>","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"52a19c7a-6d72-4709-a554-8e4cd7634446","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"d61ba406-1bde-4609-90bd-bdbe16def9ff","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0e5dc2ae-b670-49c4-836b-ed1662cf22e5","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"a2dda6bf-34b1-46e9-970d-5a56e4eef26d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"79125b52-afe9-46ef-879d-2a2110afc980","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c8fed4fc-5721-5db2-b107-b2a9b677244e","name":"SLIGHTPULSE","type":"malware","source":"MITRE","software_attack_id":"S1110","tidal_id":"6d9c9adb-9e4e-5802-bb49-eaba52abbb42","created":"2024-04-25T13:28:21.571425Z","modified":"2024-04-25T13:28:21.571428Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)]</sup><sup>[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"bbd16b7b-7e35-4a11-86ff-9b19e17bdab3","name":"Sliver","type":"tool","source":"MITRE","software_attack_id":"S0633","tidal_id":"23d608fb-28d4-57d7-a5c1-55e294a1c2cb","created":"2021-07-30T15:43:17.770000Z","modified":"2021-10-15T15:49:25.284000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]</sup><sup>[[Secureworks IRON HEMLOCK Profile](https://app.tidalcyber.com/references/36191a48-4661-42ea-b194-2915c9b184f3)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":" <sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G1021","group_id":"8e059c6b-d278-5454-a234-a8ad69feb66c","name":"Cinnamon Tempest","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybereason Sliver Undated](https://app.tidalcyber.com/references/72744c10-c500-5691-9f28-6a66ee7f5ef2)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report September 30 2024](/references/b2ee9f5e-ed34-4141-9740-8f6e37ba4f28)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit42 Jumpy Pisces October 30 2024](/references/2da2d3c6-cf19-49c8-8a82-2119b14d4e03)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0e480532-3b88-414c-a8f7-0567839d5733","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a1efd2c9-11a2-48ea-95cd-5f4504ef4a0e","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"3c21f1b4-3dfc-4669-af57-d88b6581f273","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"fd216ec9-aafa-48cc-a70c-2701d69e4058","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e1e4bb99-c4cd-4bac-826a-f7ec4e58bcaa","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"b45b9120-5aae-4980-9480-1c7b2492f5d4","tag":"0fa3a7df-9e1e-4540-996e-590715e8314a"},{"id":"fe07ebbc-e685-4b49-b547-a94e599d928c","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"c027d539-3a12-4f5d-9573-cc1f011ac220","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"81e30b84-2411-4619-a7cd-4dc2ecf64495","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"171e58ed-2929-4dc7-92f5-9af43871b04e","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"}],"owner_name":null},{"id":"563c6534-497e-4d65-828c-420d5bb2041a","name":"SLOTHFULMEDIA","type":"malware","source":"MITRE","software_attack_id":"S0533","tidal_id":"a9f1c28c-226c-5f3f-91cc-0363015cf6e7","created":"2020-11-16T23:23:00.729000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1d818a0e-cba6-408b-a9ea-1adae7d31e5e","name":"QueenOfClubs","description":"Kaspersky Labs assesses [SLOTHFULMEDIA](https://app.tidalcyber.com/software/563c6534-497e-4d65-828c-420d5bb2041a) is an older variant of a malware family it refers to as the QueenOfClubs.<sup>[[Kaspersky IAmTheKing October 2020](https://app.tidalcyber.com/references/fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a)]</sup>","source":"MITRE","associated_software_id":"dba41372-a48f-412e-ad89-3acdfba47cd0","owner_id":null,"owner_name":null},{"id":"331ec335-52e8-4040-b21b-dac154e834de","name":"JackOfHearts","description":"Kaspersky Labs refers to the \"mediaplayer.exe\" dropper within [SLOTHFULMEDIA](https://app.tidalcyber.com/software/563c6534-497e-4d65-828c-420d5bb2041a) as the JackOfHearts.<sup>[[Kaspersky IAmTheKing October 2020](https://app.tidalcyber.com/references/fe4050f3-1a73-4e98-9bf1-e8fb73a23b7a)]</sup>","source":"MITRE","associated_software_id":"1defcdcc-c10d-40a8-afb2-5ebc68c4f752","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"7c047a54-93cf-4dfc-ab20-d905791aebb2","name":"SLOWDRIFT","type":"malware","source":"MITRE","software_attack_id":"S0218","tidal_id":"71fff5a0-cf67-5df6-8b08-77bc55825243","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"37e264a6-5ad3-5a79-bf2c-db725622206e","name":"SLOWPULSE","type":"malware","source":"MITRE","software_attack_id":"S1104","tidal_id":"0e6c2d43-3cb7-502c-b6db-435170b9bd7d","created":"2024-04-25T13:28:22.357897Z","modified":"2024-04-25T13:28:22.357900Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Pulse Secure Zero-Day April 2021](https://app.tidalcyber.com/references/0760480c-97be-5fc9-a6aa-f1df91a314a3)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"07588c4c-39a8-4687-92ac-1da9a16186c5","name":"SlowStepper","type":"malware","source":"Tidal Cyber","software_attack_id":"S3418","tidal_id":"550957a8-cf08-554c-9f5f-526a5b212112","created":"2025-01-28T15:54:08.069171Z","modified":"2025-01-28T15:54:08.069175Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET PlushDaemon January 22 2025](/references/f35fc467-17c4-4eff-a9cb-921bfb3cc5d1)]</sup>","group_attack_id":"G3069","group_id":"3a97e7d2-d3f3-4a6c-bd5f-0e82fcc08ae6","name":"PlushDaemon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7575c277-7297-4ce4-b40d-a72a02732443","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"49092701-b986-4b07-a241-4adc325b87f0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"a8aee32d-330b-494a-8708-f3e12a8ff858","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"811a071f-9fba-4845-b2ed-bf64fdb3c371","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c58028b9-2e79-4bc9-9b04-d24ea4dd4948","name":"Small Sieve","type":"malware","source":"MITRE","software_attack_id":"S1035","tidal_id":"5487ca96-a48f-592d-86bb-154770f58516","created":"2022-08-16T19:16:48.398000Z","modified":"2022-10-14T15:24:24.129000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd259728-5933-4e4d-a40c-9c831876038b","name":"GRAMDOOR","description":"<sup>[[Mandiant UNC3313 Feb 2022](https://app.tidalcyber.com/references/ac1a1262-1254-4ab2-a940-2d08b6558e9e)]</sup>","source":"MITRE","associated_software_id":"b4f0c7bd-888f-4b77-a269-0f85b9bd7bb0","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]</sup><sup>[[NCSC GCHQ Small Sieve Jan 2022](https://app.tidalcyber.com/references/0edb8946-be38-45f5-a27c-bdbebc383d72)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd968812-8bf2-45a9-8242-1712d8e0dbd6","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"9ae4154d-ee48-4aeb-b76f-6e40dbe18ff3","name":"SMOKEDHAM","type":"malware","source":"MITRE","software_attack_id":"S0649","tidal_id":"8f6748c3-a1df-5469-9e40-6bf16e9ac5f4","created":"2021-09-22T20:11:08.678000Z","modified":"2022-10-18T22:07:23.251000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"1e153f75-aed5-447b-94af-14cb33b41087","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"2244253f-a4ad-4ea9-a4bf-fa2f4d895853","name":"Smoke Loader","type":"malware","source":"MITRE","software_attack_id":"S0226","tidal_id":"41f7d611-c4db-5f7a-9761-bb77b0160c06","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"65b0d392-fe6d-4c7d-89a7-163164be6599","name":"Dofoil","description":"<sup>[[Malwarebytes SmokeLoader 2016](https://app.tidalcyber.com/references/b619e338-16aa-478c-b227-b22f78d572a3)]</sup> <sup>[[Microsoft Dofoil 2018](https://app.tidalcyber.com/references/85069317-2c25-448b-9ff4-504e429dc1bf)]</sup>","source":"MITRE","associated_software_id":"e85ca2c7-0bfc-4a70-b696-a7ccf0867ac0","owner_id":null,"owner_name":null},{"id":"bfeb6e82-d55c-43f7-bd7f-8b54eb9d2017","name":"Smokeloader","description":"","source":"Tidal Cyber","associated_software_id":"d18a5729-7267-422b-bc00-5bb274bf0be6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[VMWare 8Base June 28 2023](/references/573e9520-6181-4535-9ed3-2338688a8e9f)]</sup><sup>[[Acronis 8Base July 17 2023](/references/c9822477-1578-4068-9882-41e4d6eaee3f)]</sup>","group_attack_id":"G3014","group_id":"00b45c13-d165-44d0-ad6b-99787d2a7ce3","name":"8Base Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Google Cybercrime Report February 11 2025](/references/17685d5c-4255-445e-a546-e0dfb92378c2)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8803dd07-6802-45dc-9d2a-9f6cd963d6b0","tag":"85ca9835-fc2b-4f81-b69d-21ebb040dc3e"},{"id":"61cb01ca-2e61-4fd3-ba1a-ac476094c0e0","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"61ce7a82-4645-4853-9d3b-ef9d506c6847","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"8a3c757f-465d-4e02-871b-9f18b97bc043","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"0122a095-3e70-4f84-a5d6-82f4e9e5862c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d1e6e188-44bb-4084-bbc1-e587ede74f81","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"edd8f7bd-012e-428f-9ab8-2f02e7563d70","name":"Snaffler","type":"tool","source":"Tidal Cyber","software_attack_id":"S3495","tidal_id":"b08d4106-37d5-5fd0-8dc6-76c58357cab1","created":"2025-06-10T15:50:59.863878Z","modified":"2025-06-10T15:50:59.863881Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6d3ee5d9-94a8-4d37-bf52-a49a3ae3832d","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"bf36fdcc-1222-4c71-a3c4-5411ff7668d2","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"0bad74c0-b0b9-40e2-8408-f9fde33ae6a6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5836abed-81a6-43da-8638-30b8ce937467","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"658102ee-78c1-49d8-b65a-459db427de7a","name":"SNAPPYBEE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3609","tidal_id":"3366732d-8a86-5324-9d10-92534e14016f","created":"2025-10-24T16:13:48.716417Z","modified":"2025-10-24T16:13:48.716420Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5bc805e9-7bc5-448d-a642-386ee64f5eec","name":"Deed RAT","description":"<sup>[[Trend Micro November 25 2024](/references/8bf807bc-5103-4962-9a19-c12396cdb767)]</sup>","source":"USER","associated_software_id":"a7af1421-e8ef-4715-bc76-c22475610aa8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro November 25 2024](/references/8bf807bc-5103-4962-9a19-c12396cdb767)]</sup><sup>[[Darktrace Salt Typhoon October 20 2025](/references/10b7ccf8-9d41-489a-ad8e-e5bb61c95f4a)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"11d39015-f1f0-434c-9a6e-bcc092ca9373","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f8f75982-fcd9-49a4-97c7-94674a540b85","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"de0b4511-a8ef-4a37-8c5c-ee0977136029","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"11e2264b-4b38-4685-a84f-ecbdf75edd3c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"84a5fd07-5fd7-569f-98bf-6fdaa58bdc99","name":"SnappyTCP","type":"malware","source":"MITRE","software_attack_id":"S1163","tidal_id":"84a5fd07-5fd7-569f-98bf-6fdaa58bdc99","created":"2025-04-22T20:46:58.202047Z","modified":"2025-04-22T20:46:58.202050Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[Sea Turtle](https://app.tidalcyber.com/groups/a511f4e7-9a04-5f37-a599-0d0eee85cfec) used [SnappyTCP](https://app.tidalcyber.com/software/84a5fd07-5fd7-569f-98bf-6fdaa58bdc99) following initial access in intrusions from 2021 to 2023.<sup>[[PWC Sea Turtle 2023](https://app.tidalcyber.com/references/b018a875-559a-5998-b50a-b87b19cb3807)]</sup>","group_attack_id":"G1041","group_id":"a511f4e7-9a04-5f37-a599-0d0eee85cfec","name":"Sea Turtle","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d6674c55-da2b-453f-91a7-5882d0ed4384","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"f587dc27-92be-5894-a4a8-d6c8bbcf8ede","name":"Snip3","type":"malware","source":"MITRE","software_attack_id":"S1086","tidal_id":"8a85295b-c9ca-5d24-a47b-110f1d25dcd6","created":"2023-11-07T00:35:46.138950Z","modified":"2023-11-07T00:35:46.138955Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup><sup>[[Morphisec Snip3 May 2021](https://app.tidalcyber.com/references/abe44c50-8347-5c98-8b04-d41afbe59d4c)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"49252eb7-4597-4b0b-9721-c8194a20822f","name":"SN module","type":"malware","source":"Tidal Cyber","software_attack_id":"S3809","tidal_id":"0a0507a9-7cff-5d75-abd6-630c233572bd","created":"2025-12-24T14:57:28.185869Z","modified":"2025-12-24T14:57:28.185872Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit 42 December 11 2025](/references/be18bd4b-38de-4be3-a67b-ec20f7070c3b)]</sup>","group_attack_id":"G0090","group_id":"73da066d-b25f-45ba-862b-1a69228c6baa","name":"WIRTE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a559adba-7925-4753-b4e8-6bfac318a069","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"22572b78-c6b8-484e-b69d-79dc25965619","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8677312c-6fef-4cc3-b228-cd1df7973554","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f3fecb62-3512-44bb-80c5-209fcae6f5f9","name":"SNMPwalk","type":"tool","source":"Tidal Cyber","software_attack_id":"S3533","tidal_id":"4c0bce99-603b-5f92-9a62-7553c9ea1258","created":"2025-09-04T13:58:21.590901Z","modified":"2025-09-04T13:58:21.590904Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[{"id":"0bfee399-7007-442a-8ccc-6b1b4c90d4f4","name":"SNMP GET/WALK","description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA August 27 2025](/references/90d60b4c-7c10-4fb7-ac4b-3c2645f864e4)]</sup>","source":"USER","associated_software_id":"14ec7eb5-906f-4593-8da6-667b4cc72569","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA August 27 2025](/references/90d60b4c-7c10-4fb7-ac4b-3c2645f864e4)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b429b380-b953-4b98-aa66-db3032a3e91e","tag":"483a33e5-e6fb-49d8-b071-6d6d21706e15"},{"id":"8766dc43-4845-4b29-8fc1-f15afc36fcdd","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"2c106d2f-f6ca-4e4a-86f2-eac16659d902","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"2078700c-daac-4830-a363-e3e51ec010e2","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"200da818-03bd-457a-a987-037656f38b60","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"b100c152-81cd-4932-882f-bff549039fb6","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"38d01893-de46-4af7-9174-92b8c09c1d42","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"6468ef47-04e4-4d06-9423-e09b2e29c06f","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"e001e6f4-a3ad-4c5a-befe-3a0ca1e4deb8","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"c13161ad-9b85-4177-b308-4d946748dc40","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"bce0c791-4032-4605-bebc-8a8fe541c5b5","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"1d8379fb-5cb4-40eb-8c9f-abd983a58df8","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"e503e0dd-831c-45c8-a810-43a13bc1ca97","name":"Snowlight","type":"malware","source":"Tidal Cyber","software_attack_id":"S3738","tidal_id":"4beba503-c61e-5d8b-983f-95f41e111766","created":"2025-12-10T14:15:04.449198Z","modified":"2025-12-10T14:15:04.449202Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[BleepingComputer React2Shell December 07 2025](/references/4b67e021-f0d9-43c8-91aa-ae84c14e85db)]</sup>","group_attack_id":"G3078","group_id":"21df749a-1e70-4c11-921c-071a61d9a900","name":"UNC5174","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3160","group_id":"1313da23-bbc5-4724-a278-fd6ca5e561f0","name":"Earth Lamia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3161","group_id":"2b008386-ffdc-433d-9b09-1e2cf4f3a4a4","name":"Jackpot Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3163","group_id":"a80c62db-7e04-44a8-8692-945aa22e09d6","name":"UNC6586","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3164","group_id":"0ca3cd2f-9650-4b70-9a65-6a5b512554ca","name":"UNC6588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3165","group_id":"5f8d373c-6992-4a2b-8a86-a16cbd45165a","name":"UNC6595","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3166","group_id":"d92dff67-9704-4503-ad57-867bea3e6bfa","name":"UNC6600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3167","group_id":"0e6985de-e4c1-494b-8901-9aa491202f6f","name":"UNC6603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"68056ee2-9105-4cd5-967f-8e02f0f15bb9","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"1d0338d5-6c95-4aa2-b0d2-43dbd361c025","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"ab0aaaa9-b502-4d29-806e-394b805c8b84","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"31e99b56-571a-4d31-8413-ab8e6b1b3693","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a2ab2b54-bf05-4a25-8d19-b83fd87c952c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d6c24f7c-fe79-4094-8f3c-68c4446ae4c7","name":"SNUGRIDE","type":"malware","source":"MITRE","software_attack_id":"S0159","tidal_id":"3da4112f-cfa4-5c6c-8853-86678f575385","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT10 April 2017](https://app.tidalcyber.com/references/2d494df8-83e3-45d2-b798-4c3bcf55f675)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ab84f259-9b9a-51d8-a68a-2bcd7512d760","name":"SocGholish","type":"malware","source":"MITRE","software_attack_id":"S1124","tidal_id":"35a578ab-166e-5ca5-9172-321a460738cc","created":"2024-04-25T13:28:18.917795Z","modified":"2024-04-25T13:28:18.917797Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"38eeb191-e2ed-5094-b390-fcfd98f68f88","name":"FakeUpdates","description":"<sup>[[Red Canary SocGholish March 2024](https://app.tidalcyber.com/references/70fa26e4-109c-5a48-b9fd-ac8b9acf2cf3)]</sup>","source":"MITRE","associated_software_id":"8196092d-7509-42c8-8bbf-75f1fa888f21","owner_id":null,"owner_name":null},{"id":"374f8331-c4eb-47fc-9f25-00f89ded84eb","name":"FAKEUPDATE","description":"<sup>[[Arctic Wolf November 25 2025](/references/24a1832e-ffc5-4504-8e47-32ba0be97b0c)]</sup>","source":"USER","associated_software_id":"311793d2-ee81-41b3-85fb-b02e0339f70b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup><sup>[[Secureworks Gold Prelude Profile](https://app.tidalcyber.com/references/b16ae37d-5244-5c1e-92a9-e494b5a9ef49)]</sup><sup>[[SocGholish-update](https://app.tidalcyber.com/references/01d9c3ba-29e2-5090-b399-0e7adf50a6b9)]</sup>","group_attack_id":"G1020","group_id":"0898e7cb-118e-5eeb-b856-04e56ed18182","name":"Mustard Tempest","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bbfcea4b-e6de-479d-b296-f94b3f4709d7","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"26b099b3-961f-49d3-b029-20ad09ec2d4c","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"7b7ca42f-693a-4675-ac59-5a948729affc","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"f3ff7ef6-3ff1-41fe-816c-5f80509990f1","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"c1906bb6-0b5b-4916-8b29-37f7e272f6b3","name":"Socksbot","type":"malware","source":"MITRE","software_attack_id":"S0273","tidal_id":"99feeb27-77d2-5f1c-a62b-6f634d844b21","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"80c09948-6412-47e8-814f-63b759632862","name":"sockstress","type":"malware","source":"Tidal Cyber","software_attack_id":"S3689","tidal_id":"ff1106af-6dbc-5568-8cf1-bbf76a35bfc2","created":"2025-12-10T14:14:54.516545Z","modified":"2025-12-10T14:14:54.516548Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"14b325da-06d5-4ffa-a86b-efe72a45a155","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"69f15624-d86b-47ea-a8de-58aaec6fe0d8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6ecd970c-427b-4421-a831-69f46047d22a","name":"SodaMaster","type":"malware","source":"MITRE","software_attack_id":"S0627","tidal_id":"c5c2e1b9-eb4e-50e0-a9d3-6c33d2a00739","created":"2021-06-21T15:52:14.624000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bf3db8b9-4dc0-497b-8b02-729b1e900d85","name":"dfls","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"d5ae171f-4dcc-43b5-929f-eaa010c6721a","owner_id":null,"owner_name":null},{"id":"cef3602e-3b6c-47eb-9288-11f015690e71","name":"DelfsCake","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"59a29c95-59db-4106-aef4-704fcb723be6","owner_id":null,"owner_name":null},{"id":"3d4324f4-ea93-49d7-b95f-b5c690d78456","name":"DARKTOWN","description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","source":"MITRE","associated_software_id":"c1e3a23a-0680-4742-80ba-ae402c94ce02","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Securelist APT10 March 2021](https://app.tidalcyber.com/references/90450a1e-59c3-491f-b842-2cf81023fc9e)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"06288485-2e0f-48d8-95c5-a6486e447580","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"46a9ee9c-6c4a-4db9-9385-46d2617d8050","name":"SoftEther VPN","type":"tool","source":"Tidal Cyber","software_attack_id":"S3071","tidal_id":"fcbeb8db-8e03-5c4a-9aa7-ef0bdd9cd85a","created":"2024-06-13T20:12:30.033278Z","modified":"2024-06-13T20:12:30.033282Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Microsoft Security Blog July 14 2023](/references/a9cf756b-8157-4cc4-bdab-b10f320487df)]</sup>","group_attack_id":"G3064","group_id":"5a7121d1-1699-4878-afe3-b643b639fdf2","name":"Antique Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3083","group_id":"3444e9ed-d79a-4c53-90a2-a3bd2fcc3f7c","name":"PLUMP SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Flax Typhoon August 24 2023](/references/ec962b72-7b7f-4f7e-b6d6-7c5380b07201)]</sup>","group_attack_id":"G3018","group_id":"b39d8eae-12e3-4903-a387-4c31d16a73b2","name":"Flax Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"0035dc44-e08a-4d0c-b6c2-001d64a82022","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2c08a9d2-1984-43f5-be7f-1960cce4fdf7","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7f2c652d-2ef4-47b6-9eb8-282666ff33fa","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"4272447f-8803-4947-b66f-051eecdd3385","name":"SoftPerfect Network Scanner","type":"tool","source":"Tidal Cyber","software_attack_id":"S3045","tidal_id":"823bc25d-a31e-5526-877e-de85dde946c0","created":"2023-07-14T12:56:38.895790Z","modified":"2023-07-14T12:56:38.895794Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"aac3a856-9879-4958-b4ab-360ae366d077","name":"netscan.exe","description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","source":"Tidal Cyber","associated_software_id":"45421c64-2f28-47fa-998d-7d4a79f99c9e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"623ef98a-2f73-4c0a-95c8-3d29a899933b","name":"NetScan","description":"<sup>[[SoftPerfect Network Scanner Product Page](/references/c9c3251d-1852-4b33-80f9-6e321a05cc30)]</sup>","source":"Tidal Cyber","associated_software_id":"8cd048e0-9c03-4a6d-8c1a-e34a9bff5f36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Akira April 18 2024](/references/2e8cf25e-1c06-4f14-a6aa-cb7b876ad5be)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft BlackByte 2023](/references/5db473fd-7e98-5d4a-969a-c3daa8a67db7)]</sup>","group_attack_id":"G1043","group_id":"94f5c644-d36a-59b0-b7e2-7a1d3413443d","name":"BlackByte","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"fb659897-b5f6-4d7d-b2f9-b3a3a36fe674","tag":"ac469e6e-92f0-4fd6-898f-95656b663caf"},{"id":"3c20d2d5-0e25-4665-a49a-025f685e515d","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"5b1cd036-7dfa-468e-80f5-b52693724240","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"a39fb77c-a041-41c8-9a1c-c5eb54de85ec","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"c19d5aa6-55b3-4728-848e-95b064ad32e2","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d8520936-e18b-41d5-8546-3b9e7cf0ff20","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"17fc0c72-6551-4511-8d53-ee265ede12d2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c2f5f036-410d-4421-8eaa-4319366c7821","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"efa6d760-7300-4dad-a1f3-6d46639133ab","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"40001afc-2370-4575-8dfd-246447a35479","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"537ca44a-5ec3-46a6-a938-47b2a551fc1b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"4d8f331d-4113-41c9-92ca-855be3f29c38","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"e3133269-8773-4171-97f4-c7234e1c8b69","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"5206f977-36a3-4a12-8437-b03d1449d743","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"e790c0b8-b0e1-4a72-9a18-4d5ddd1b4615","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"40993dee-84d2-49cc-bc24-b89a49d55594","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"6b3cfb67-695b-4405-843b-6ec6ffaa2378","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"65c02049-93d4-4ba9-815b-7a6cd8c21aa4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d168da01-86ca-5392-80fb-4488b41ea704","name":"Solar","type":"malware","source":"MITRE","software_attack_id":"S1166","tidal_id":"d168da01-86ca-5392-80fb-4488b41ea704","created":"2025-04-22T20:47:00.557710Z","modified":"2025-04-22T20:47:00.557714Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig Campaigns Sep 2023](https://app.tidalcyber.com/references/799db594-6a65-5b80-9d64-c530fadbd9ae)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d0946927-d225-4119-9cae-eba73b866472","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"07a94239-bdde-42e7-ba9c-a1d0c81e0c3b","name":"Solar (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3161","tidal_id":"4fafdaad-3f72-5c34-95d8-db9f8f4630a4","created":"2024-09-04T12:51:12.709371Z","modified":"2024-09-04T12:51:12.709374Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET OilRig September 21 2023](/references/21ee3e95-ac4b-48f7-b948-249e1884bc96)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ae0f5868-d884-405a-84e4-db2129bef0a3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"4c0d2840-8159-4c96-aba4-57c3948150f7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0b9b2b31-f492-448b-97b6-90bfb9f3597c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0ec24158-d5d7-4d2e-b5a5-bc862328a317","name":"SombRAT","type":"malware","source":"MITRE","software_attack_id":"S0615","tidal_id":"5078feb3-4910-520b-9c0e-63de2be2b8ab","created":"2021-05-26T13:13:43.366000Z","modified":"2022-10-05T16:33:54.170000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a9daa6d7-3c7f-4822-b19e-e03a41d4b4bc","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"3e959586-14ff-407b-a0d0-4e9580546f3f","name":"SoreFang","type":"malware","source":"MITRE","software_attack_id":"S0516","tidal_id":"b199e906-f3c8-5827-8a77-a0e88b6c644f","created":"2020-09-29T19:33:35.122000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[NCSC APT29 July 2020](https://app.tidalcyber.com/references/28da86a6-4ca1-4bb4-a401-d4aa469c0034)]</sup><sup>[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"901c0df4-d338-437f-b776-df1507024c8c","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"069538a5-3cb8-4eb4-9fbb-83867bb4d826","name":"SOUNDBITE","type":"malware","source":"MITRE","software_attack_id":"S0157","tidal_id":"c2f0ba0c-d829-5c81-8b58-618e9c53888c","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"490216d8-609d-5af3-928a-153a52d4995c","name":"S.O.V.A.","type":"malware","source":"Mobile","software_attack_id":"S1062","tidal_id":"490216d8-609d-5af3-928a-153a52d4995c","created":"2026-01-28T13:08:09.938116Z","modified":"2026-01-28T13:08:09.938118Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"0f8d0a73-9cd3-475a-b31b-d457278c921a","name":"SPACESHIP","type":"malware","source":"MITRE","software_attack_id":"S0035","tidal_id":"9ff0e3c9-d3c9-5fd7-a76f-fbad8d8b91b7","created":"2017-05-31T21:32:28.257000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT30](https://app.tidalcyber.com/references/c48d2084-61cf-4e86-8072-01e5d2de8416)]</sup>","group_attack_id":"G0013","group_id":"be45ff95-6c74-4000-bc39-63044673d82f","name":"APT30","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"93f8c180-6794-4e9c-b716-6b31f42eb72d","name":"Spark","type":"malware","source":"MITRE","software_attack_id":"S0543","tidal_id":"96da00d6-9d0a-5685-8b22-0b09feeb6fc6","created":"2020-12-15T01:30:05.198000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Unit42 Molerat Mar 2020](https://app.tidalcyber.com/references/328f1c87-c9dc-42d8-bb33-a17ad4d7f57e)]</sup> <sup>[[Cybereason Molerats Dec 2020](https://app.tidalcyber.com/references/81a10a4b-c66f-4526-882c-184436807e1d)]</sup>","group_attack_id":"G0021","group_id":"679b7b6b-9659-4e56-9ffd-688a6fab01b6","name":"Molerats","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"02465438-b146-4ed1-81dc-ee1e8fd44561","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"d0ef47fd-bd66-4ece-ab53-67b32de8e016","name":"SparkGateway","type":"tool","source":"Trellix TIG","software_attack_id":"S3402","tidal_id":"f08f96bd-1021-53ab-96b5-20b4ecca684e","created":"2025-04-11T15:06:36.833395Z","modified":"2025-04-11T15:06:36.833398Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"5dd68837-4c22-4677-88f5-cd4d2f444631","name":"SparrowDoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3406","tidal_id":"131c41bd-57b4-58ec-ae59-73aa7a919506","created":"2024-10-25T19:44:34.954868Z","modified":"2024-10-25T19:44:34.954874Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET FamousSparrow September 23 2021](/references/f91d6d8e-22a4-4851-9444-7a066e6b7aa5)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"6ff4cada-0086-41e4-9a08-71ad18c95917","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"8a317df6-2da1-4831-a5e9-edc39fe1892c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1fecbae7-08da-45b1-9dbc-d170044d680f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b72ff7d0-2987-4390-9ac6-e7ecbe4bf8b5","name":"spctl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3852","tidal_id":"a6c47945-2854-50e7-acf6-b8528854a037","created":"2025-12-29T17:41:09.097361Z","modified":"2025-12-29T17:41:09.097364Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"741d2620-42b3-4a15-a867-13bc2d4ab929","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ec5e07ae-3299-4f06-97c7-30af34d5b13d","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"dcb465c9-8d26-45c6-b5f3-624885e660ec","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"19e703fe-f459-4547-a639-5f8d331e5a51","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b9b67878-4eb1-4a0b-9b36-a798881ed566","name":"SpeakUp","type":"malware","source":"MITRE","software_attack_id":"S0374","tidal_id":"a31f7d46-cf95-5877-bc77-d5db97a06f5f","created":"2019-04-17T18:43:36.156000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"25c85bfb-3833-4c57-867a-b7d9ff6c5a40","name":"Spearal","type":"malware","source":"Tidal Cyber","software_attack_id":"S3183","tidal_id":"0f937cf6-8ef8-5654-8c37-29d787b40056","created":"2024-09-20T15:10:53.240407Z","modified":"2024-09-20T15:10:53.240411Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research September 11 2024](/references/53320d81-4060-4414-b5b8-21d09362bc44)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"1bf8cf34-7e2f-4f11-af9c-b288c0728e26","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"48d301c8-d971-4b56-89cd-dacca52db77b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"cc2ea00b-fe16-4224-a36d-2cdbcdadb1ff","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"89e2bdbf-4839-4b35-bd19-316a953d7acf","name":"SpectralBlur","type":"malware","source":"Tidal Cyber","software_attack_id":"S3124","tidal_id":"c3f9e7b7-945b-5fdf-ac96-e301795e922e","created":"2024-06-13T20:12:32.652172Z","modified":"2024-06-13T20:12:32.652176Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Objective_See 1 4 2024](/references/c96535be-4859-4ae3-9ba0-d482f1195863)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"f77cf905-eeb9-4d82-9286-072913fe4aab","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"324493b2-c510-47ef-be99-fd449548284c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"582c1a9e-1016-4c8c-9e3d-c511a1c7b951","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cdbebd0a-3036-4a24-b1d5-a3f0ca9c758e","name":"Sphynx","type":"malware","source":"Tidal Cyber","software_attack_id":"S3078","tidal_id":"7c419c22-6822-5362-922b-44577bd5f043","created":"2023-09-14T20:18:05.176901Z","modified":"2023-09-14T20:18:05.176906Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[X-Force BlackCat May 30 2023](/references/b80c1f70-9d05-4f4b-bdc2-6157c6837202)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7b6c5abd-3686-4be6-a075-a727fbf34162","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"71d4520c-26d5-42c3-8fc3-b6892d125d6b","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"d64101f3-a31c-4176-9ded-ec7980765244","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"8a85fe96-fd08-55d1-ac4c-52d545b43bd1","name":"Spica","type":"malware","source":"MITRE","software_attack_id":"S1140","tidal_id":"8a85fe96-fd08-55d1-ac4c-52d545b43bd1","created":"2024-10-31T16:28:05.549332Z","modified":"2024-10-31T16:28:05.549335Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google TAG COLDRIVER January 2024](https://app.tidalcyber.com/references/cff26ad8-b8dc-557d-9751-530f7ebfaa02)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd525e2a-89f1-4f5f-95d8-797a6e403f75","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"2be9e22d-0af8-46f5-b30e-b3712ccf716d","name":"SpicyOmelette","type":"malware","source":"MITRE","software_attack_id":"S0646","tidal_id":"b6d86cfd-4689-555e-8ac8-6b6e5c7b96c8","created":"2021-09-21T14:55:00.996000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Secureworks GOLD KINGSWOOD September 2018](https://app.tidalcyber.com/references/cda529b2-e152-4ff0-a6b3-d0305b09fef9)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"639b17df-2c21-4702-aa21-d1d053f58934","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ecf8b878-19e5-425b-bc34-d5ed6e999fea","name":"Splashtop","type":"tool","source":"Tidal Cyber","software_attack_id":"S3046","tidal_id":"088e810a-2c4e-536d-bc08-42e8c8f75289","created":"2023-07-14T12:56:39.308487Z","modified":"2023-07-14T12:56:39.308491Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"13a6912b-5f12-4e1b-805d-828fdbc049e6","name":"Splashtop Streamer","description":"","source":"Tidal Cyber","associated_software_id":"04aa2e49-be3f-4fbe-970f-a79c8a1f0463","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos X-Ops Tweet September 13 2023](/references/98af96a6-98bb-4d81-bb0c-a550e765e6ac)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group Everest Ransomware July 13 2022](/references/33effb32-5c39-4bde-953d-12dc7be4db07)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kroll CACTUS Ransomware May 10 2023](/references/f50de2f6-465f-4cae-a79c-cc135ebfee4f)]</sup>","group_attack_id":"G3030","group_id":"fac6fbf1-935f-4106-ad8b-c8fd8389dd38","name":"CACTUS Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"45cbd136-9954-4f70-8849-6bdd3f4c50a5","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"a98b136a-7947-4b02-b0cc-d6c0e9250fde","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"bff88c5d-eff3-4b03-92e9-6f10233c056a","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"1c823eb3-bdec-4239-aec0-37e619f38c3d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"88ce8e6c-8fff-482d-beae-00a137e34b65","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"1549ebd9-83c7-49ee-8c8e-f9961755c454","tag":"9bc47297-864d-4f39-be37-ad9379102853"},{"id":"5967df06-cf8e-46a9-a5cb-be41b932e0df","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8feaf310-f86e-4e3b-bd39-9fe5c64a4853","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"68d52c07-4334-4b2d-b85c-b4ab378d9c91","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"d410e19c-0f80-48eb-b85d-88210299d42e","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"88c45844-7629-4fcc-a4e7-3f96b7ef66c0","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f18cdb21-db02-40e9-bc20-b70e3289435a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"13303649-0ffe-4717-b935-8411160ebcef","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"a53fa3fe-05d2-47ea-9bca-c740d1d9ca39","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"6b09e5b0-9fe7-4ad5-bb7b-29d0c3b20e49","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"e41608d6-6fc0-56eb-a9e6-6de96515549c","name":"SplatCloak","type":"malware","source":"MITRE","software_attack_id":"S1234","tidal_id":"e41608d6-6fc0-56eb-a9e6-6de96515549c","created":"2025-10-29T21:08:48.110809Z","modified":"2025-10-29T21:08:48.110809Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Zscaler PAKLOG CorkLog SplatCloak Splatdropper April 2025](https://app.tidalcyber.com/references/499c7ced-17e7-592b-ad58-5e3a40328554)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c5cbba77-a805-5b5c-a847-b9585e5fab2f","name":"SplatDropper","type":"malware","source":"MITRE","software_attack_id":"S1232","tidal_id":"c5cbba77-a805-5b5c-a847-b9585e5fab2f","created":"2025-10-29T21:08:48.110693Z","modified":"2025-10-29T21:08:48.110694Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Zscaler PAKLOG CorkLog SplatCloak Splatdropper April 2025](https://app.tidalcyber.com/references/499c7ced-17e7-592b-ad58-5e3a40328554)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9a20c7f3-4e17-4a79-994a-c577afef5c72","name":"SplitLoader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3137","tidal_id":"4653802f-4e25-52b9-97c5-58f54394d6a3","created":"2024-06-13T20:12:35.021149Z","modified":"2024-06-13T20:12:35.021153Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog 5 28 2024](/references/faf315ed-71f7-4e29-8334-701da35a69ad)]</sup>","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a9bcfa8d-71b5-468c-8c74-129d8a4de14f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fb5f7333-58c8-4382-a58a-ff722620db2b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"47f61974-e16e-4cd1-a2da-f1a6d2679d81","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"03e4d22a-83f5-46d9-9d40-d9c58a65d2cb","name":"SpnDump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3438","tidal_id":"0e7d2f5f-201c-58ee-9308-afffdb43172b","created":"2025-02-24T20:29:02.903988Z","modified":"2025-02-24T20:29:02.903992Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"03fad3af-308d-4a21-835c-65a3ea62cad6","name":"SpnDump.exe","description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","source":"Tidal Cyber","associated_software_id":"61ef54ac-3692-4ed1-b2ec-3bb86aafb6a4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Ghost Cring Ransomware February 19 2025](/references/d3b3cebd-3428-4d71-a81e-a7cb6248e3b7)]</sup>","group_attack_id":"G3079","group_id":"9dc09b70-b1c0-45d1-94a8-490943c69166","name":"Ghost Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"16cf9e0d-bc0a-486b-8e5d-e92f9b57e70e","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"53faee61-9d7b-4f09-b9db-0b89b4df72d9","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"6c06d5c8-5515-40c1-af37-4c027c062340","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"e4d20f01-92d4-4ba4-9c1a-2ef810f1fb02","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"1caa73a6-fabc-487b-8b77-59f73ce0ccc2","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"0fdabff3-d996-493c-af67-f3ac02e4b00b","name":"spwebmember","type":"tool","source":"MITRE","software_attack_id":"S0227","tidal_id":"b94723a2-7ec0-5f10-9425-4ee8d92ad998","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"eb22a331-3586-4baa-b17c-b31548786700","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"74af937d-83a5-446e-aee9-84281d508577","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"f5f0501d-3276-5469-b339-b1d4b91f3fc3","name":"SpyC23","type":"malware","source":"Mobile","software_attack_id":"S1195","tidal_id":"f5f0501d-3276-5469-b339-b1d4b91f3fc3","created":"2026-01-28T13:08:09.938505Z","modified":"2026-01-28T13:08:09.938506Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[welivesecurity_apt-c-23](https://app.tidalcyber.com/references/7196226e-7d0d-5e14-a4e3-9b6322537039)]</sup><sup>[[fb_arid_viper](https://app.tidalcyber.com/references/1dca5e73-0b6e-51cd-867c-927d081f228d)]</sup><sup>[[checkpoint_hamas_android_malware](https://app.tidalcyber.com/references/0c8bcc4a-4c9f-5d6e-9da5-13d9ba06381f)]</sup><sup>[[sophos_android_apt_spyware](https://app.tidalcyber.com/references/29d548ed-6147-5b67-81da-8acaa64e5935)]</sup>","group_attack_id":"G1028","group_id":"e3c5164e-49cf-5bb1-955d-6775585abb14","name":"APT-C-23","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"6bef1d0c-6314-5e72-84be-0b23e09a9479","name":"SpyDealer","type":"malware","source":"Mobile","software_attack_id":"S0324","tidal_id":"6bef1d0c-6314-5e72-84be-0b23e09a9479","created":"2026-01-28T13:08:09.938443Z","modified":"2026-01-28T13:08:09.938444Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5d00e162-f9ea-5fb5-9a7f-afdf70b3ffbf","name":"SpyNote RAT","type":"malware","source":"Mobile","software_attack_id":"S0305","tidal_id":"5d00e162-f9ea-5fb5-9a7f-afdf70b3ffbf","created":"2026-01-28T13:08:09.937681Z","modified":"2026-01-28T13:08:09.937682Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"146bd853-166b-4859-b4d7-b70f51bfd8e9","name":"Sqldumper","type":"tool","source":"Tidal Cyber","software_attack_id":"S3356","tidal_id":"411197de-c437-5cb9-8884-091aa12d9b62","created":"2024-01-12T14:48:38.540148Z","modified":"2024-01-12T14:48:38.540152Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"11508d6e-6991-444d-81cd-a7e8f2fbd4ee","name":"Sqldumper.exe","description":"<sup>[[Sqldumper.exe - LOLBAS Project](/references/793d6262-37af-46e1-a6b5-a5262f4a749d)]</sup>","source":"Tidal Cyber","associated_software_id":"1931b352-fd83-4da0-ad18-747ffdd69f67","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"678634f0-ce3b-4e19-8a5c-f8405d6924bd","tag":"e992169d-832d-44e9-8218-0f4ab0ff72b4"},{"id":"13d450d7-6d28-418d-98af-cc098917ff1b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"db54ee5a-a787-4648-9301-5d09c09dd98b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"96c224a6-6ca4-4ac1-9990-d863ec5a317a","name":"sqlmap","type":"tool","source":"MITRE","software_attack_id":"S0225","tidal_id":"e964a62a-4731-5dfa-a2cb-27bd9e71569b","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Rocket Kitten](https://app.tidalcyber.com/references/71da7d4c-f1f8-4f5c-a609-78a414851baf)]</sup>","group_attack_id":"G0130","group_id":"e38bcb42-12c1-4202-a794-ec26cd830caa","name":"Ajax Security Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Rostovcev APT41 2021](https://app.tidalcyber.com/references/b6e7fb29-7935-5454-8fb2-37585c46324a)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[SentinelOne July 14 2024](/references/b5453789-65b5-4057-84ce-14097f5215d7)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"de460f21-cb9d-4b36-8cf2-fc0337a020ba","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":null},{"id":"5b3c03d3-9ea1-4322-a422-ab2401ffc294","name":"Sqlps","type":"tool","source":"Tidal Cyber","software_attack_id":"S3357","tidal_id":"d973f54b-7f53-5924-96ca-15c269847f84","created":"2024-01-12T14:48:38.881708Z","modified":"2024-01-12T14:48:38.881713Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6826a73c-1aed-4dc5-b6db-8ba5c30c5ff7","name":"Sqlps.exe","description":"<sup>[[Sqlps.exe - LOLBAS Project](/references/31cc851a-c536-4cef-9391-d3c7d3eab64f)]</sup>","source":"Tidal Cyber","associated_software_id":"152e2ba8-bf02-42f4-abad-3205d6e8e4aa","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5b4f2ba9-d587-4fec-a3db-990e17421caf","tag":"da7e88fd-2d71-4928-81ce-e3d455b3d418"},{"id":"ed6e9214-d106-48f2-afe3-17483a6fa753","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"228077c1-5eb4-4df2-9f1e-9eb4840eeeb1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"612f780a-239a-4bd0-a29f-63beadf3ed22","name":"SQLRat","type":"malware","source":"MITRE","software_attack_id":"S0390","tidal_id":"9ae292b8-4b12-56b9-8fe4-616fac5b7570","created":"2019-06-18T18:40:33.671000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Flashpoint FIN 7 March 2019](https://app.tidalcyber.com/references/b09453a3-c0df-4e96-b399-e7b34e068e9d)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c26a7c29-2896-48d4-874a-822f3d35c7f4","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"9271e5cf-f788-4d7d-9c7a-8d5e37cbb9a6","name":"SQLToolsPS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3358","tidal_id":"e9306713-1686-538b-90b7-79d4f9f3d6cb","created":"2024-01-12T14:48:39.244797Z","modified":"2024-01-12T14:48:39.244800Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ca40ccd1-095f-4fc3-8ba6-fd9a402d82ba","name":"SQLToolsPS.exe","description":"<sup>[[SQLToolsPS.exe - LOLBAS Project](/references/612c9569-80af-48d2-a853-0f6e3f55aa50)]</sup>","source":"Tidal Cyber","associated_software_id":"3c46936b-f9c4-4a3a-bea7-ca48f4a0660b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"78f398ba-d891-4fbd-b6ff-566ce9d1566b","tag":"f4867256-402a-4bcb-97d3-e071ee0993c1"},{"id":"f65db025-950a-4649-9821-bcaf4a85a690","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"4feaa5a8-a108-4b7c-804a-b4ce6be58337","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"99226183-5275-4b6b-9d5d-5589a197bbc1","name":"SquarePhish2","type":"tool","source":"Tidal Cyber","software_attack_id":"S3833","tidal_id":"cfb56e33-26ff-5068-af73-1d46fdd8300f","created":"2025-12-29T17:41:06.072892Z","modified":"2025-12-29T17:41:06.072896Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"54c6d865-7562-47e0-a0f8-e4d098a43f05","name":"SquarePhish","description":"<sup>[[Proofpoint December 16 2025](/references/1f13a583-dbb1-462e-9a88-31fc8ef184c9)]</sup>","source":"USER","associated_software_id":"cff2a4c1-e072-490d-8fbd-3f74963f9702","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Proofpoint December 16 2025](/references/1f13a583-dbb1-462e-9a88-31fc8ef184c9)]</sup>","group_attack_id":"G3184","group_id":"e7f14039-1e63-4708-8565-bbd72f7b8d84","name":"TA2723","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Proofpoint December 16 2025](/references/1f13a583-dbb1-462e-9a88-31fc8ef184c9)]</sup>","group_attack_id":"G3185","group_id":"d0d11d5a-30a6-4513-a4c9-cefc97b0caed","name":"UNK_AcademicFlare","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"848b04b8-904b-49bf-88dd-70881e57a217","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"e8a9d031-4116-4d58-bfc4-8b7b84ce9ee5","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"d32011d4-2349-4b5e-8b54-01327e6a1c0c","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"1de61d93-c156-4007-a6bc-8132a2d296e2","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"6da5358d-80ac-4a1e-9f72-43779f3dc59b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f68ffd19-9c68-4839-85e1-f045ffbb07cb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"13d5d060-8462-4592-8efb-2243fd2138d1","name":"Squirrel","type":"tool","source":"Tidal Cyber","software_attack_id":"S3359","tidal_id":"32430c40-6356-539c-9779-6bd7080a69ab","created":"2024-01-12T14:48:39.587116Z","modified":"2024-01-12T14:48:39.587119Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0e821c02-47ec-4d22-9bfa-a02e48cb829f","name":"Squirrel.exe","description":"<sup>[[Squirrel.exe - LOLBAS Project](/references/952b5ca5-1251-4e27-bd30-5d55d7d2da5e)]</sup>","source":"Tidal Cyber","associated_software_id":"6a3de9d5-16e9-4467-b916-d4adeff389e1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5b8584f0-5ddd-4fc4-b339-5a344905b83a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"408b5777-0834-4b18-81b6-1742487b41e0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"46943a69-0b19-4d3a-b2a3-1302e85239a3","name":"Squirrelwaffle","type":"malware","source":"MITRE","software_attack_id":"S1030","tidal_id":"c32e1b26-42e3-53ad-87c9-5e52f9b074f3","created":"2022-08-09T16:45:36.234000Z","modified":"2022-08-26T21:08:39.890000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"13dbada0-2372-4f84-8fa2-0617ef75b2c7","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"142e579d-6bad-43bb-974f-a26805f7bd45","name":"SRWare Iron Browser","type":"tool","source":"Trellix TIG","software_attack_id":"S3428","tidal_id":"79b9e49a-b399-532c-bace-28bfdf508cb9","created":"2025-04-11T15:06:46.378851Z","modified":"2025-04-11T15:06:46.378855Z","platforms":[],"associated_software":[{"id":"64113dc3-8329-4d33-b426-b12a44e75b7b","name":"Iron Browser","description":"","source":"Trellix TIG","associated_software_id":"55ffa4c3-64f9-4468-bb3f-431efaa6056f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3004","group_id":"5e12e91a-8a8a-4966-8b56-83a152091094","name":"Automated Libra","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"7b607493-5035-4e29-9f95-55362f53b805","name":"ssh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3285","tidal_id":"7973e6b7-c49d-5339-830f-d786f1d1490a","created":"2024-01-12T14:48:12.009860Z","modified":"2024-01-12T14:48:12.009864Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8966a031-1ff0-42a6-9b32-bb818a83a23f","name":"ssh.exe","description":"<sup>[[ssh.exe - LOLBAS Project](/references/b1a9af1c-0cfc-4e8a-88ac-7d33cddc26a1)]</sup>","source":"Tidal Cyber","associated_software_id":"fa490d4d-26e4-4bb5-97b0-7bf89a8a99ed","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[CrowdStrike.com December 04 2025](/references/24d4a6ac-2f5a-4155-bb14-7fb68a977fce)]</sup>","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"ecf5f840-d930-4048-8376-0f03b8b17676","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"c0fa8672-7b6e-4741-aadf-76bfa3f52237","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f215c213-d1f3-4da0-8d07-63bb58987745","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"99704d92-a309-4fc8-bf43-b72e95e15d02","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"62a1cb5f-d749-46e0-b2a6-5bf8e2d0eb1a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b61a270f-107c-4978-b567-ea011396e68d","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"a0e52a27-f59d-4a8f-aa20-e830e4c56b17","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"31c9b3d7-76b1-4f83-9318-550058d71804","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"69d19f59-8214-418d-9b82-cd81e266e48c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"209b89e3-8fdb-41aa-86a3-ab5688abf99f","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"6ee37d0c-f479-45ff-a8e1-882cbde01855","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"29690ae1-36cf-4049-bc73-df359ce6f95d","tag":"64a55f86-15db-4599-b165-81be7f024397"},{"id":"362a7675-f689-434f-8c8e-5fdc2f669ec9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"686e7790-a83b-41cd-ab86-5c0dea36a458","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b85339c5-c1cc-4e31-b0fa-38d364fea1aa","name":"Sshdinjector","type":"malware","source":"Tidal Cyber","software_attack_id":"S3426","tidal_id":"396144b4-455f-5e68-aae0-01d6c9d06fa0","created":"2025-02-11T18:20:39.930298Z","modified":"2025-02-11T18:20:39.930301Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[{"id":"a831c07b-2a5c-4c5a-86c6-991d17357b0b","name":"SSHD Injector","description":"","source":"Tidal Cyber","associated_software_id":"fdc8afbd-c024-4a88-adbd-6fd8a970364e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Fortinet Blog February 4 2025](/references/11e51dbf-b982-462c-b19e-f8c48a66ca70)]</sup>","group_attack_id":"G1034","group_id":"f0dab388-1641-50aa-b0b2-6bdb816e0490","name":"Daggerfly","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"69413aa1-91a3-487b-b14f-8db655010ee4","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"},{"id":"21ee3485-95e8-4d04-88ba-caca5d4fddbf","tag":"a159c91c-5258-49ea-af7d-e803008d97d3"},{"id":"a8012312-1a15-413f-8648-9b24348f1cf0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"82d42410-6d45-4c0b-8149-3668e29394f6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"19b83c09-ca17-427d-8556-1e88209b78ad","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b47db1d0-e11e-4a23-b9bf-2a07af803c4e","name":"SSHFS","type":"tool","source":"Tidal Cyber","software_attack_id":"S3669","tidal_id":"bed50d52-cb38-5750-b2a8-ab388592469f","created":"2025-12-10T14:14:51.233347Z","modified":"2025-12-10T14:14:51.233351Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"c40633df-8443-4eee-a02e-000550d72bc2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"63fe6d3e-c5ef-47f8-89fa-3cc265a967da","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3334a124-3e74-4a90-8ed1-55eea3274b19","name":"SslMM","type":"malware","source":"MITRE","software_attack_id":"S0058","tidal_id":"dcb8cf64-e63e-5191-961d-3863d953544f","created":"2017-05-31T21:32:39.606000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup><sup>[[CameraShy](https://app.tidalcyber.com/references/9942b6a5-6ffb-4a26-9392-6c8bb9954997)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"fc18e220-2200-4d70-a426-0700ba14c4c0","name":"Starloader","type":"malware","source":"MITRE","software_attack_id":"S0188","tidal_id":"da814305-963c-5c94-a9b1-4d93fcb8c5f1","created":"2018-01-16T16:13:52.465000Z","modified":"2020-03-18T16:01:37.852000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Sowbug Nov 2017](https://app.tidalcyber.com/references/14f49074-fc46-45d3-bf7e-30c896c39c07)]</sup>","group_attack_id":"G0054","group_id":"6632f07f-7c6b-4d12-8544-82edc6a7a577","name":"Sowbug","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f08de95e-d015-519c-800f-35886d4d25db","name":"StarProxy","type":"malware","source":"MITRE","software_attack_id":"S1227","tidal_id":"f08de95e-d015-519c-800f-35886d4d25db","created":"2025-10-29T21:08:48.110798Z","modified":"2025-10-29T21:08:48.110799Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Zscaler](https://app.tidalcyber.com/references/443f560c-2bc7-575d-aab1-1cfa74064b5f)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"764c6121-2d15-4a10-ac53-b1c431dc8b47","name":"STARWHALE","type":"malware","source":"MITRE","software_attack_id":"S1037","tidal_id":"c9c2f3fe-4cb0-59ec-90c1-fd375f5abd95","created":"2022-08-18T15:00:32.571000Z","modified":"2022-10-14T15:23:17.961000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8e28032c-1c65-449d-bb5a-172fa6a84428","name":"CANOPY","description":"<sup>[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]</sup>","source":"MITRE","associated_software_id":"38298e66-6bbb-4ecf-b287-ccd3e47c6cd4","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[DHS CISA AA22-055A MuddyWater February 2022](https://app.tidalcyber.com/references/e76570e1-43ab-4819-80bc-895ede67a205)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bd328b08-8034-463c-b21f-191940776d44","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"18b54b45-a67a-5bbb-b8cb-ad50c861c108","name":"STATICPLUGIN","type":"malware","source":"MITRE","software_attack_id":"S1238","tidal_id":"18b54b45-a67a-5bbb-b8cb-ad50c861c108","created":"2025-10-29T21:08:48.110610Z","modified":"2025-10-29T21:08:48.110611Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Threat Intelligence Group MUSTANG PANDA PLUGX August 2025](https://app.tidalcyber.com/references/5fce4659-d82d-5498-a060-95b34984d66a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ea561f0b-b891-5735-aa99-97cc8818fbef","name":"STEADYPULSE","type":"malware","source":"MITRE","software_attack_id":"S1112","tidal_id":"82ef30d9-0472-56d1-b002-67270321d059","created":"2024-04-25T13:28:21.451953Z","modified":"2024-04-25T13:28:21.451956Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e81eb49a-1230-5fef-b55f-15046138705b","name":"StealBit","type":"malware","source":"MITRE","software_attack_id":"S1200","tidal_id":"e81eb49a-1230-5fef-b55f-15046138705b","created":"2025-04-22T20:47:00.996877Z","modified":"2025-04-22T20:47:00.996882Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"68071150-5fbd-4548-b628-f460001c3b71","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":null},{"id":"7ae6b9f0-3a50-4ebc-ae2c-9569f00dbd81","name":"Stealc","type":"malware","source":"Tidal Cyber","software_attack_id":"S3060","tidal_id":"76d1d079-71d0-59c0-b9e8-d8c47320225c","created":"2024-06-13T20:12:28.246680Z","modified":"2024-06-13T20:12:28.246685Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"f076add6-9d57-43b4-9e1d-485648156694","name":"StealC V2","description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","source":"USER","associated_software_id":"293d8cb5-1348-4b0d-b825-bfe28c9fae42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"07cb37fa-a349-400d-b1b2-8f98bec72400","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"108b1dca-5a02-4360-a79c-aa3c896bd81a","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"35a00a65-d889-4035-a4a8-1462eba461b8","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"39b6a948-3671-4cdb-a02c-8530ab049ff9","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"39aaa970-8c33-4fd3-a7f0-4b769f301460","name":"STEALDEAL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3019","tidal_id":"c56e7a9b-de3f-53da-a21f-e8338cb67d68","created":"2024-06-13T20:12:27.817238Z","modified":"2024-06-13T20:12:27.817242Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"58bafd1d-91ca-47e1-a80d-767d09b06b8c","name":"SneakyStealer","description":"","source":"Tidal Cyber","associated_software_id":"1399bdd2-4bc6-4a71-8bef-67c6c9b83925","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro Void Rabisu May 30 2023](/references/5fd628ca-f366-4f0d-b493-8be19fa4dd4e)]</sup>","group_attack_id":"G3009","group_id":"c2015888-72c0-4367-b2cf-df85688a56b7","name":"Void Rabisu","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"618dd527-952a-41a4-85be-daabf3da03aa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"35991c88-f214-418c-b594-a09241f0886b","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"3b70657d-872c-4699-8b7e-d56ea4b44ce4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3b4f98aa-8c49-4b49-9e40-d4487098776f","name":"StealerBot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3956","tidal_id":"16feb6dd-f30c-537b-a98c-3f3a358b7fe0","created":"2026-01-23T20:31:07.969748Z","modified":"2026-01-23T20:31:07.969753Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Acronis May 20 2025](/references/2a673731-bb40-4981-acb9-f27077e2e844)]</sup>","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"0c029524-a118-46f0-8517-a5bfd66ebc87","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"aaf18cb8-e2cb-4fdc-b662-7378cc0fc092","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"3dcfd535-4265-4446-8e99-2cbc8ab75469","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"40bc43d8-def0-471b-b2b5-82fa6cf65c41","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"aaf53ef6-64d9-4206-b331-6793b9871f15","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5838a595-7147-5a02-8741-da48d3d60d5a","name":"Stealth Mango","type":"malware","source":"Mobile","software_attack_id":"S0328","tidal_id":"5838a595-7147-5a02-8741-da48d3d60d5a","created":"2026-01-28T13:08:09.937523Z","modified":"2026-01-28T13:08:09.937525Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"81160bfa-c2d3-41ac-8d90-558f2db8f71b","name":"Stom Exfiltrator","type":"malware","source":"Tidal Cyber","software_attack_id":"S3962","tidal_id":"5328040e-60c6-5045-84c0-7ac7bbc2f0a2","created":"2026-01-23T20:31:08.837904Z","modified":"2026-01-23T20:31:08.837908Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ec565585-9e35-4f1a-85ef-911de2a77e94","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"9547b2ef-e4fe-4a0c-ab01-f3706857cd75","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6f7624fd-af62-41fa-b149-922d94228ccb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9eee52a2-5ac1-4561-826c-23ec7fbc7876","name":"StoneDrill","type":"malware","source":"MITRE","software_attack_id":"S0380","tidal_id":"08b290a8-7f12-5dd3-94e1-e085f45489b5","created":"2019-05-14T15:05:06.630000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7b763f9c-e0ea-4437-b880-19e4332173a3","name":"DROPSHOT","description":"<sup>[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)]</sup>","source":"MITRE","associated_software_id":"ab440fcd-bee3-42f5-a4a9-7edfd5c3992c","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9bff239a-1def-4aeb-87a6-4a31a6a51206","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"9bfeb8a3-5a5e-4e66-acfd-0b84d74e0e0d","name":"STONESTOP","type":"malware","source":"Tidal Cyber","software_attack_id":"S3152","tidal_id":"ba66d3c1-b265-5d8c-9ce6-f5fa3dd607c4","created":"2024-08-30T18:12:53.313694Z","modified":"2024-08-30T18:12:53.313699Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1b5dd4b2-625c-43b4-8381-4ea73c41b424","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"f4f97f1c-531c-4533-876a-3b93e46ba1af","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"df518f15-ad32-4457-b3ef-070f5cf56992","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7430c53f-41a0-4395-88c7-fc2c34ee52c7","name":"Stordiag","type":"tool","source":"Tidal Cyber","software_attack_id":"S3286","tidal_id":"33d30ea3-9f88-5bc2-aa83-4d857a8c5e7d","created":"2024-01-12T14:48:12.380095Z","modified":"2024-01-12T14:48:12.380099Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"18977de8-2103-4da3-8de1-9d6dd7641648","name":"Stordiag.exe","description":"<sup>[[Stordiag.exe - LOLBAS Project](/references/5e52a211-7ef6-42bd-93a1-5902f5e1c2ea)]</sup>","source":"Tidal Cyber","associated_software_id":"e93f9136-4ef0-4b23-85bd-93f2b56b2316","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"bcd794d7-1128-456e-8bc5-a8d91fd6ee33","tag":"f0e3d6ea-d7ea-4d73-b868-1076fac744a8"},{"id":"62ef2c76-265a-4b6a-9ee9-a4dc1cfe992b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"0c578c71-979b-498a-bc2e-dee1ecf7a6a6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5584835e-cc9d-4f65-a79f-f09e4464394e","name":"STOWAWAY","type":"tool","source":"Tidal Cyber","software_attack_id":"S3534","tidal_id":"db3eef0d-ac32-5be4-976c-28ef692f9408","created":"2025-09-04T13:58:21.732173Z","modified":"2025-09-04T13:58:21.732175Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA August 27 2025](/references/90d60b4c-7c10-4fb7-ac4b-3c2645f864e4)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e75371b8-90cd-4091-86e2-3e0595b1f741","tag":"483a33e5-e6fb-49d8-b071-6d6d21706e15"},{"id":"9fb843b1-3e1d-4c7c-abbb-a982aad8320b","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"f86e3395-3511-42ab-96fc-7f617ba54aac","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"cf0f1380-a5d5-4c11-a5e0-fc4b452e332e","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"7a8f239c-e428-4665-a865-cef7599cbd72","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"d1c59d22-4c8e-49c5-8059-38d5b3929f78","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"84730726-e43a-474e-851f-5cb3510e86b9","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"0d845ab2-7eb0-4b9c-a111-185c83d6458e","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"124fc66d-29c4-4947-b376-dfe17bc168f8","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"56c60219-14c2-4359-bff1-01d920aa135e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"87478527-5f56-418a-a5ec-899c2c2f967c","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"},{"id":"9cca6a45-83cb-4149-a3c3-c2536db6a1dd","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"ef5456cc-9ecf-4154-8294-76c58afd386e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"502b490c-2067-40a4-8f73-7245d7910851","name":"StreamEx","type":"malware","source":"MITRE","software_attack_id":"S0142","tidal_id":"8f18d221-dd0b-58e1-b967-16b891a45640","created":"2017-05-31T21:33:21.437000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cylance Shell Crew Feb 2017](https://app.tidalcyber.com/references/c0fe5d29-838b-4e91-bd33-59ab3dbcfbc3)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"65db3cca-2bc8-5e18-bca4-af230a0b220a","name":"StrelaStealer","type":"malware","source":"MITRE","software_attack_id":"S1183","tidal_id":"65db3cca-2bc8-5e18-bca4-af230a0b220a","created":"2025-04-22T20:46:59.565672Z","modified":"2025-04-22T20:46:59.565675Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"bd6d3b67-dfd9-4d36-b9c4-b553d6b41dfb","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"dd8bb0a3-6cb1-412d-adeb-cbaae98462a9","name":"StrifeWater","type":"malware","source":"MITRE","software_attack_id":"S1034","tidal_id":"79047bdb-280a-5f61-bacd-227715759391","created":"2022-08-15T16:31:56.856000Z","modified":"2022-10-11T18:34:04.838000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason StrifeWater Feb 2022](https://app.tidalcyber.com/references/30c911b2-9a5e-4510-a78c-c65e84398c7e)]</sup>","group_attack_id":"G1009","group_id":"a41725c5-eb3a-4772-8d1e-17c3bbade79c","name":"Moses Staff","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e24cfba8-7b9c-42e9-9b3b-d8dbc830344a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ed563524-235e-4e06-8c69-3f9d8ddbfd8a","name":"StrongPity","type":"malware","source":"MITRE","software_attack_id":"S0491","tidal_id":"e3a69d90-6d66-5270-9578-6ab0d70286a2","created":"2020-07-20T17:41:19.690000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Bitdefender StrongPity June 2020](https://app.tidalcyber.com/references/7d2e20f2-20ba-4d51-9495-034c07be41a8)]</sup><sup>[[Talos Promethium June 2020](https://app.tidalcyber.com/references/188d990e-f0be-40f2-90f3-913dfe687d27)]</sup>","group_attack_id":"G0056","group_id":"cc798766-8662-4b55-8536-6d057fbc58f0","name":"PROMETHIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3fdf3833-fca9-4414-8d2e-779dabc4ee31","name":"Stuxnet","type":"malware","source":"MITRE","software_attack_id":"S0603","tidal_id":"19a2edf0-39ff-5dcc-8e9d-bee6f05ba80b","created":"2020-12-14T17:34:58.457000Z","modified":"2022-10-20T20:31:32.664000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac3320a3-733a-4244-b351-64666640f7b1","name":"W32.Stuxnet","description":"<sup>[[Nicolas Falliere, Liam O Murchu, Eric Chien February 2011](https://app.tidalcyber.com/references/a1b371c2-b2b1-5780-95c8-11f8c616dcf3)]</sup>","source":"ICS","associated_software_id":"7948eb8a-e138-4365-81c4-aac07e632912","owner_id":null,"owner_name":null},{"id":"18e5b628-d583-4260-8ae4-64a744f9dcfc","name":"W32.Stuxnet","description":"<sup>[[Nicolas Falliere, Liam O Murchu, Eric Chien February 2011](https://app.tidalcyber.com/references/a1b371c2-b2b1-5780-95c8-11f8c616dcf3)]</sup> ","source":"MITRE","associated_software_id":"7948eb8a-e138-4365-81c4-aac07e632912","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"5012a303-b5d1-4b72-9500-255db7639058","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"79288ea0-13a2-4f89-8d33-2372abf76869","tag":"a98d7a43-f227-478e-81de-e7299639a355"}],"owner_name":null},{"id":"b19b6c38-d38b-46f2-a535-d0bfc5790368","name":"S-Type","type":"malware","source":"MITRE","software_attack_id":"S0085","tidal_id":"26c34ee2-2375-52d8-8307-aae83e4322c5","created":"2017-05-31T21:32:55.925000Z","modified":"2022-09-30T20:10:08.347000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"76e316d6-ea50-4aad-853b-86326870e38e","name":"subprocess (Python module)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3880","tidal_id":"5902b4c9-9e00-5ded-a90f-3a8d6c430cf2","created":"2026-01-06T18:05:07.406463Z","modified":"2026-01-06T18:05:07.406466Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"a1ca00f9-4fcc-473f-9eae-674fa5b44f09","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"ea1275e6-ee17-4b23-82a9-288e8110a04f","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"d295809d-e2c3-4bd3-a45c-e4fa20c942fc","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e3c6a97d-212f-4bba-a3aa-b548816ad7a1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c60465fc-5b38-4339-b8b9-d61967acf545","name":"sudo","type":"tool","source":"Tidal Cyber","software_attack_id":"S3720","tidal_id":"9ca11a91-0d59-5825-8a33-b089523c2e55","created":"2025-12-10T14:14:59.638149Z","modified":"2025-12-10T14:14:59.638153Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[],"tags":[{"id":"f2d0a8f6-64df-41e1-a9f7-9608c9e958ab","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3cf25a5f-1266-4bd6-8410-70bbd705447b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6ff7bf2e-286c-4b1b-92a0-1e5322870c59","name":"SUGARDUMP","type":"malware","source":"MITRE","software_attack_id":"S1042","tidal_id":"8e5a384b-9b90-59bf-a71f-c3529cee2c8a","created":"2022-09-21T21:02:02.388000Z","modified":"2022-10-04T21:03:54.834000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"004c781a-3d7d-446b-9677-a042c8f6566e","name":"SUGARUSH","type":"malware","source":"MITRE","software_attack_id":"S1049","tidal_id":"471de640-9a11-5be3-93bb-0725c91d62b2","created":"2022-10-04T21:48:00.086000Z","modified":"2022-10-04T21:50:36.241000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6166b05f-c5dd-5632-8846-b33989b4f16c","name":"Sunbird","type":"malware","source":"Mobile","software_attack_id":"S1082","tidal_id":"6166b05f-c5dd-5632-8846-b33989b4f16c","created":"2026-01-28T13:08:09.939316Z","modified":"2026-01-28T13:08:09.939317Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[{"description":"<sup>[[lookout_hornbill_sunbird_0221](https://app.tidalcyber.com/references/50f48f4b-64ee-5ce0-a34b-610985db617d)]</sup>","group_attack_id":"G0142","group_id":"d0f29889-7a9c-44d8-abdc-480b371f7b2b","name":"Confucius","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"6b04e98e-c541-4958-a8a5-d433e575ce78","name":"SUNBURST","type":"malware","source":"MITRE","software_attack_id":"S0559","tidal_id":"e7ed9627-f184-5922-a45c-0d5ab56d4628","created":"2021-01-05T22:42:05.965000Z","modified":"2022-07-29T19:52:40.476000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1b98b321-5262-4da9-bb56-4bca5dbe4a18","name":"Solorigate","description":"<sup>[[Microsoft Deep Dive Solorigate January 2021](https://app.tidalcyber.com/references/ddd70eef-ab94-45a9-af43-c396c9e3fbc6)]</sup>","source":"MITRE","associated_software_id":"a38c6f81-a115-4f16-bcba-7d8c163d4f08","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye SUNBURST Backdoor December 2020](https://app.tidalcyber.com/references/d006ed03-a8af-4887-9356-3481d81d43e4)]</sup><sup>[[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)]</sup><sup>[[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"939b80be-d7f1-4be2-abaf-736abb43c3bb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"66966a12-3db3-4e43-a7e8-6c6836ccd8fe","name":"SUNSPOT","type":"malware","source":"MITRE","software_attack_id":"S0562","tidal_id":"58826389-2ec1-597a-b50e-b7567303c4d3","created":"2021-01-12T16:14:28.845000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike SUNSPOT Implant January 2021](https://app.tidalcyber.com/references/3a7b71cf-961a-4f63-84a8-31b43b18fb95)]</sup><sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"97be0ca0-b55b-4b30-a093-b090de43e045","tag":"f2ae2283-f94d-4f8f-bbde-43f2bed66c55"},{"id":"930892b3-ddbc-4948-9280-9320d3a4ccc0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f02abaee-237b-4891-bb5d-30ca86dfc2c8","name":"SUPERNOVA","type":"malware","source":"MITRE","software_attack_id":"S0578","tidal_id":"6c974e96-5e6f-5e00-80dc-894b600271aa","created":"2021-02-18T17:35:13.361000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ee4dc353-5fe5-409f-aeab-1677c675ab15","name":"Supper Backdoor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3625","tidal_id":"f98caab5-ade8-5fd3-a038-3f173933bcdb","created":"2025-11-11T13:26:34.640321Z","modified":"2025-11-11T13:26:34.640324Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"606d7841-50a2-4566-9f25-5624fd320f2c","name":"Supper SOCKS5 Backdoor","description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","source":"USER","associated_software_id":"93f814b0-0a90-4354-bdd0-08697240e0ee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"72de6331-4f3e-49a5-a398-d76948695261","name":"TextShell","description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","source":"USER","associated_software_id":"10891232-1be3-4e25-b38a-b546262f3ae1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1c77db57-6a4f-43c9-b745-d713aa93cb30","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"830d5be4-6e9d-45e2-ba7b-dd3ff86a919c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"010e4274-bffd-46eb-b065-293a718e6f45","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a8110f81-5ee9-5819-91ce-3a57aa330dcb","name":"SVCReady","type":"malware","source":"MITRE","software_attack_id":"S1064","tidal_id":"b5836f39-46a0-5002-9b93-29ef00e02ff8","created":"2023-05-26T01:20:53.398183Z","modified":"2023-05-26T01:20:53.398187Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"af45aa4c-10a2-4203-9ace-7dd766126824","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"ae749f9c-cf46-42ce-b0b8-f0be8660e3f3","name":"Sykipot","type":"malware","source":"MITRE","software_attack_id":"S0018","tidal_id":"d3f18101-0b03-5225-b3a7-644e8dfb12b4","created":"2017-05-31T21:32:17.568000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"19ae8345-745e-4872-8a29-d56c8800d626","name":"SynAck","type":"malware","source":"MITRE","software_attack_id":"S0242","tidal_id":"ac709f3b-f6e7-50f4-975a-6189530a8c60","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"07a1be9a-de88-4e48-8172-07f97276a2e3","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"969038ea-1cde-4f30-aa55-d64404b6dfca","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"6af0eac2-c35f-4569-ae09-47f1ca846961","name":"Syncappvpublishingserver","type":"tool","source":"Tidal Cyber","software_attack_id":"S3382","tidal_id":"4b35ebfa-6543-5069-8a93-2fc39547c2b3","created":"2024-01-12T14:48:48.472795Z","modified":"2024-01-12T14:48:48.472799Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"daea197b-7684-450f-93f8-b60a0284469d","name":"Syncappvpublishingserver.vbs","description":"<sup>[[Syncappvpublishingserver.vbs - LOLBAS Project](/references/adb09226-894c-4874-a2e3-fb2c6de30173)]</sup>","source":"Tidal Cyber","associated_software_id":"815e5fef-a5fc-4c84-94d1-c57c2f9991e1","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dce3e3ce-54e2-41c8-97e9-c87d5b4c6bd6","tag":"9e504206-7a84-40a5-b896-8995d82e3586"},{"id":"5476f527-35eb-4ea8-b993-9791c739031a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b3e4b8ff-6e95-42ce-b38b-cde865802134","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f2928533-34e1-4599-a3ec-c8b4ef9d81b4","name":"SyncAppvPublishingServer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3287","tidal_id":"70eafa0b-7481-597f-bde2-e144c793cad5","created":"2024-01-12T14:48:12.726443Z","modified":"2024-01-12T14:48:12.726447Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9bd61023-e8f9-450b-9d23-299d756f3418","name":"SyncAppvPublishingServer.exe","description":"<sup>[[SyncAppvPublishingServer.exe - LOLBAS Project](/references/ce371df7-aab6-4338-9491-656481cb5601)]</sup>","source":"Tidal Cyber","associated_software_id":"3dbccfe5-d7f9-494f-9466-6aa4ca5d31c3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0c6ce266-20ff-490f-a04e-5db648b1604b","tag":"acda137a-d1c9-4216-9c08-d07c8d899725"},{"id":"020e9f3f-d744-44c1-ba92-d0c87ee230d7","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ba33a3ca-7794-4f67-92fe-7258283b42ed","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"dbaf96a0-fe83-4ff1-bb16-ca357fad7f7f","name":"Syncro","type":"tool","source":"Tidal Cyber","software_attack_id":"S3397","tidal_id":"434d62bf-847e-577b-9876-fd21c602cf9a","created":"2024-10-14T19:20:45.530016Z","modified":"2024-10-14T19:20:45.530026Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro Royal Ransomware March 15 2023](/references/0914ce86-86f2-4f17-af37-a0d4ca9ff615)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"18a5bece-efae-4a92-af18-118974717bb9","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"42ad9d34-fdab-45da-8042-02b061094cf0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"69ab291d-5066-4e47-9862-1f5c7bac7200","name":"SYNful Knock","type":"malware","source":"MITRE","software_attack_id":"S0519","tidal_id":"faa9a241-db8b-54aa-a816-7981576defd4","created":"2020-10-19T16:38:11.279000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Static Tundra August 20 2025](/references/8b207fa6-039b-4ff8-9126-928f3f31f65c)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"150a1475-1591-4092-8da5-1ba98c4c882e","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"83e42a3b-56e0-44e2-b411-69cef9c5d5da","tag":"b20e7912-6a8d-46e3-8e13-9a3fc4813852"}],"owner_name":null},{"id":"2df35a92-2295-417a-af5a-ba5c943ef40d","name":"Sys10","type":"malware","source":"MITRE","software_attack_id":"S0060","tidal_id":"8d1f7585-a152-5b86-b3b8-15069b24a623","created":"2017-05-31T21:32:40.391000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ea556a8d-4959-423f-a2dd-622d0497d484","name":"SYSCON","type":"malware","source":"MITRE","software_attack_id":"S0464","tidal_id":"75ac1f60-d291-5a8a-9fd2-1467c3cdc074","created":"2020-06-02T18:46:58.489000Z","modified":"2022-10-21T15:16:57.038000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"f5dbdf38-ffc4-4d0c-829a-55c34c53e38a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"5352cb45-030f-4dcd-8d43-66fd471294d3","name":"Sysinternals VolumeId","type":"tool","source":"Tidal Cyber","software_attack_id":"S3831","tidal_id":"85ff5eba-8083-5ad4-8e5d-80403acc5624","created":"2025-12-29T17:41:05.733141Z","modified":"2025-12-29T17:41:05.733144Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 21 2025](/references/57b3ee67-b2b8-4937-a557-411a870bb5b3)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5d67cb45-cd1f-4ade-9d34-b64121b08416","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"8cf5d302-f63c-4545-aaf2-37bdf4bb2586","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e8f25c9b-28e5-4682-8d79-5f0f0540b5a1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5d220e4f-db5f-4523-8dc5-63a604f3964b","name":"Syssetup","type":"tool","source":"Tidal Cyber","software_attack_id":"S3320","tidal_id":"3877cf89-7df4-5d69-9466-2f4cdc3f7002","created":"2024-01-12T14:48:25.161948Z","modified":"2024-01-12T14:48:25.161952Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"74ae8295-00a4-4a67-8892-14cf69005892","name":"Syssetup.dll","description":"<sup>[[Syssetup.dll - LOLBAS Project](/references/3bb7027f-7cbb-47e7-8cbb-cf45604669af)]</sup>","source":"Tidal Cyber","associated_software_id":"fcadb7cd-ab8b-48e8-aee1-f8aa0ae3649d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c7e5eb05-71c7-409b-8407-354054bae594","tag":"9105775d-bdcb-45cc-895d-6c7bbb3d30ce"},{"id":"33a1fe1f-4ec5-4bbe-870e-5590c6ee0d27","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ea54bd9f-1efa-40f3-bd70-bb604ee9e7b1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"c30929fb-28a1-407c-a1c3-a83374c63267","name":"SystemBC","type":"malware","source":"Tidal Cyber","software_attack_id":"S3081","tidal_id":"ed82adfc-a76e-5603-a4e2-9cfbc1505b95","created":"2023-09-22T15:01:32.927345Z","modified":"2023-09-22T15:01:32.927353Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9e992775-530e-4bd6-bd0e-b02ffc650535","name":"Coroxy","description":"","source":"Tidal Cyber","associated_software_id":"bfbd9f5b-1f12-4196-a3d9-0862306cf3a9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"ce29a1e6-d1be-4a46-9ae4-ef9dbcf1d48f","name":"DroxiDat","description":"","source":"Tidal Cyber","associated_software_id":"11ea8d63-aa36-4c63-a1a3-6950edc006dd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CERTFR-2023-CTI-007](/references/0f4a03c5-79b3-418e-a77d-305d5a32caca)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Darktrace July 4 2024](/references/30fc9cb9-0d58-4ab9-ac21-d6d02206c5d3)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Vice Society September 2022](/references/0a754513-5f20-44a0-8cea-c5d9519106c8)]</sup>","group_attack_id":"G3004","group_id":"2e2d3e75-1160-4ba5-80cc-8e7685fcfc44","name":"Vice Society","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[MSTIC DEV-0832 October 25 2022](/references/5b667611-649d-44d5-86e0-a79527608b3c)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Elastic September 7 2022](/references/a995a1f3-8420-4bbf-91c6-0b11049138c0)]</sup>","group_attack_id":"G3008","group_id":"5216ac81-da4c-4b87-86ce-b90a651f1048","name":"Cuba Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"9a583024-3b3e-4993-92d8-090e47b65fbb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"345bc211-50d3-44e3-9c4f-9ce2d3298e4f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"bda2fa5d-f048-454a-8146-e35d657fad6f","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"5fc68455-8dfc-4dbf-9d86-28347dd55078","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"cf09b926-488c-4f41-941b-372239a39ef0","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2c93b3c5-eb28-4d25-b566-2a47bbeff030","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"4d126baf-ac4c-4680-a724-9c763a494e86","name":"systemd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3695","tidal_id":"4ae3c8ec-fb10-567c-ae7f-7b120f1044c0","created":"2025-12-10T14:14:55.539568Z","modified":"2025-12-10T14:14:55.539571Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e05cba57-2639-4296-94a1-4fa188e59052","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"43c0ce5c-79c7-478d-8ae4-83dc41639b46","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cecea681-a753-47b5-9d77-c10a5b4403ab","name":"Systeminfo","type":"tool","source":"MITRE","software_attack_id":"S0096","tidal_id":"dc983368-1c4b-5e7b-8445-16f7656d73aa","created":"2017-05-31T21:33:00.969000Z","modified":"2022-10-12T21:29:48.567000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup><sup>[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DFIR Phosphorus November 2021](https://app.tidalcyber.com/references/0156d408-a36d-5876-96fd-f0b0cf296ea2)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye admin@338](https://app.tidalcyber.com/references/f3470275-9652-440e-914d-ad4fc5165413)]</sup>","group_attack_id":"G0018","group_id":"8567136b-f84a-45ed-8cce-46324c7da60e","name":"admin@338","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup><sup>[[ESET Turla Lunar toolset May 2024](https://app.tidalcyber.com/references/85040d41-b786-5b63-a510-976bc35e8fce)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Operation Ke3chang November 2014](https://app.tidalcyber.com/references/bb45cf96-ceae-4f46-a0f5-08cd89f699c9)]</sup><sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Symantec Orangeworm April 2018](https://app.tidalcyber.com/references/eee5efa1-bbc6-44eb-8fae-23002f351605)]</sup>","group_attack_id":"G0071","group_id":"863b7013-133d-4a82-93d2-51b53a8fd30e","name":"Orangeworm","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro BlackCat April 18 2022](/references/a04d89b1-3334-4d96-8c45-bb88f396e036)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"80f52548-946d-486c-af0f-60f3524b8d56","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"7b9e8272-1eea-4769-b4c9-30eff4efcb5a","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"fd07e70e-6472-4b77-b49c-79d290bdff87","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"b13052a5-fe32-49bd-8047-ed53d6b95382","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"6ab6b077-acdd-49a5-9877-80f9646f304b","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"841f1da7-96b1-4391-935a-5edcbf430b8b","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"b19666f5-73dc-4d46-b67b-f34bf38a574b","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ac8c294d-f6c0-4b86-813b-21ef43168a80","tag":"7b918200-2c8d-4b86-a81b-b2bdec5b2c2b"},{"id":"8396d4ee-6b45-495c-b04b-5509aa694bbb","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f3a23ec2-7d1e-4ed8-a5dd-c75f52b3acfb","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"fb7fac5a-2346-44ae-a66c-6f692e22de7f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9168e7af-9ab6-4b99-bfd1-72c2821615f3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"670dcd08-f1d0-4e1b-bb02-540e2d246559","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"aaacc007-f0d7-48e5-ac9e-a3d6d1fd5b95","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"c3723058-025e-49b6-b11c-161d2ba4f293","name":"SystemParametersInfoW","type":"tool","source":"Tidal Cyber","software_attack_id":"S3975","tidal_id":"ae971a28-ff42-52f9-9d10-58b7fe8d1ef1","created":"2026-01-23T20:31:10.799928Z","modified":"2026-01-23T20:31:10.799931Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","group_attack_id":"G3211","group_id":"41d6d175-2f69-45e6-9663-9ff0cf8649e3","name":"Cloak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"cad3de28-3a4a-4196-9baf-d4fcf751ca56","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f7ceec0d-fb45-4f68-9638-ea6be69ca065","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"98fbe5e1-d75d-4ff3-aa22-077bce4547a6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"148d587c-3b1e-4e71-bdfb-8c37005e7e77","name":"SysUpdate","type":"malware","source":"MITRE","software_attack_id":"S0663","tidal_id":"f165d3eb-f9c6-513f-910d-ae2a5cef85f3","created":"2021-11-29T18:37:40.308000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"63261928-0942-43f6-a85c-5d5b1d35d260","name":"HyperSSL","description":"<sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","source":"MITRE","associated_software_id":"0bfb3ec0-ee20-4de3-a69c-096402a0298b","owner_id":null,"owner_name":null},{"id":"1dbf10c2-9b78-4bc3-9f05-f969e7205447","name":"FOCUSFJORD","description":"<sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","source":"MITRE","associated_software_id":"01924f4b-e6b3-4118-9b3d-6aac519d4774","owner_id":null,"owner_name":null},{"id":"93ff18e4-d69f-4388-a2bb-f5d84108a9e2","name":"Soldier","description":"<sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","source":"MITRE","associated_software_id":"0bc0c9e4-a490-4ab1-a1c2-b8fd8dda05ce","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Trend Micro Iron Tiger April 2021](https://app.tidalcyber.com/references/d0890d4f-e7ca-4280-a54e-d147f6dd72aa)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"c5647cc4-0d46-4a41-8591-9179737747a2","name":"T9000","type":"malware","source":"MITRE","software_attack_id":"S0098","tidal_id":"6453231a-7403-5b29-9f06-743f7256fe96","created":"2017-05-31T21:33:01.951000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"6986d5a3-c702-4ea0-b3e5-0069eaa64151","name":"TABLEFLIP","type":"malware","source":"Trellix TIG","software_attack_id":"S3411","tidal_id":"883fd631-0f9b-5b88-ba7e-566003c7f05e","created":"2025-04-11T15:06:43.141762Z","modified":"2025-04-11T15:06:43.141766Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c0d0c9e7-4de7-4eb4-b8dd-df27849baac8","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"ba4777f9-bb3b-4143-8062-a510c30544ce","name":"Tactical RMM","type":"tool","source":"Tidal Cyber","software_attack_id":"S3091","tidal_id":"44fc7859-76d1-5d9d-939a-106596e0bbaa","created":"2023-11-17T17:09:25.482090Z","modified":"2023-11-17T17:09:25.482095Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET APT Activity Report Q4 2023-Q1 2024](/references/896cc899-b667-4f9d-ba90-8650fb978535)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"a603efb6-a635-4fd0-b8a1-e123c1185fa7","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"c9b63140-4778-45df-95d2-a6c316a7522d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"23850e84-8ee5-4d35-8c2a-83bfa122b4f2","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5e384b2c-3ed7-40df-b197-467176cd4f95","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"72a7d59a-4f2f-4a1f-b0c4-a55da55be982","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"9334df79-9023-44bb-bc28-16c1f07b836b","name":"Taidoor","type":"malware","source":"MITRE","software_attack_id":"S0011","tidal_id":"867464e1-264b-5901-b947-16dea5f6f5bd","created":"2017-05-31T21:32:14.900000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"130a5491-1b93-45fd-bd72-9e5f8ddeba2a","name":"Tailscale","type":"tool","source":"Tidal Cyber","software_attack_id":"S3094","tidal_id":"acaebd1d-6986-50fc-8b6e-adddc7efbce5","created":"2023-11-17T17:09:26.175714Z","modified":"2023-11-17T17:09:26.175719Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"3f52c280-866b-408d-b31c-b633580c4358","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"ee866045-1284-4071-b275-e002ad08dce1","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"4e16aaaa-785e-4bb9-bd57-596e4eae9f18","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f9630e01-7366-43fb-90fc-29b180720951","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"77bd5a00-a0b9-4327-94a1-386994657f53","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"1548c94a-fb4d-43d8-9956-ea26f5cc552f","name":"TAINTEDSCRIBE","type":"malware","source":"MITRE","software_attack_id":"S0586","tidal_id":"838b089f-3152-5c33-b3e4-19b9e06ae027","created":"2021-03-05T15:56:44.479000Z","modified":"2021-04-26T15:52:00.433000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA MAR-10288834-2.v1  TAINTEDSCRIBE MAY 2020](https://app.tidalcyber.com/references/b9946fcc-592a-4c54-b504-4fe5050704df)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b1b7a8d9-6df3-4e89-8622-a6eea3da729b","name":"TajMahal","type":"malware","source":"MITRE","software_attack_id":"S0467","tidal_id":"563778c0-ca96-5976-8885-b93c0fe0445f","created":"2020-06-08T14:57:32.842000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"63bd2a3f-d982-5180-b148-44eb21e233e3","name":"TAMECAT","type":"malware","source":"MITRE","software_attack_id":"S1193","tidal_id":"63bd2a3f-d982-5180-b148-44eb21e233e3","created":"2025-04-22T20:46:56.488062Z","modified":"2025-04-22T20:46:56.488066Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT42-untangling](https://app.tidalcyber.com/references/64b19eab-8190-5e22-89a0-f7555f9f7fa2)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e4dc653b-1dce-4b94-83c8-1946163402c8","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"4ed3dd1f-cce7-4289-bbf5-bfea5e3f0665","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"6b47ec9a-bf99-411f-b226-4462a03d2741","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"371554b8-76dd-4610-96d1-44ef6f1e2571","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"c959f0ae-40e1-4d44-83a9-11e226ada654","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"9b660393-d15e-404a-adaa-f88e98320f55","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"b8c52d67-6d9e-4792-b3e9-5ea60001c390","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"8d00b893-7492-4a67-a9b0-d817c5a21603","name":"TAMECAT (Deprecated)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3149","tidal_id":"04e3325c-50a6-56d8-8542-c029cb6c87d0","created":"2024-08-30T18:12:52.642052Z","modified":"2024-08-30T18:12:52.642056Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Uncharmed May 1 2024](/references/84c0313a-bea1-44a7-9396-8e12437852d1)]</sup>","group_attack_id":"G3050","group_id":"ce126445-6984-45bb-9737-35448f06f27b","name":"APT42 (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8bd408bf-9f57-4fad-9862-b1993e374127","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"294b1a1c-944b-4296-83f5-6e741610efe7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c5a2f456-d89d-4d89-9b41-8a0c4e7aff7a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"975fb99a-ccd3-53ce-88d2-259b9001d14e","name":"Tangelo","type":"malware","source":"Mobile","software_attack_id":"S0329","tidal_id":"975fb99a-ccd3-53ce-88d2-259b9001d14e","created":"2026-01-28T13:08:09.937962Z","modified":"2026-01-28T13:08:09.937964Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"609cdd55-b02d-5e39-a019-8dd40ad4dffb","name":"TangleBot","type":"malware","source":"Mobile","software_attack_id":"S1069","tidal_id":"609cdd55-b02d-5e39-a019-8dd40ad4dffb","created":"2026-01-28T13:08:09.938320Z","modified":"2026-01-28T13:08:09.938322Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"eb6828bc-68cb-4ef9-95f1-eb15e7db368c","name":"TapiUnattend.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3957","tidal_id":"c6c8a2f4-f455-5e43-acca-bf1eb6b6837d","created":"2026-01-23T20:31:07.669321Z","modified":"2026-01-23T20:31:07.669324Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[www.trellix.com October 22 2025](/references/a14fa007-b9de-4bc5-9431-d416bdc7b24d)]</sup><sup>[[Acronis May 20 2025](/references/2a673731-bb40-4981-acb9-f27077e2e844)]</sup>","group_attack_id":"G0121","group_id":"44f8bd4e-a357-4a76-b031-b7455a305ef0","name":"Sidewinder","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6df7a5d7-4dbf-476f-b0d7-1ddac01aabad","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5cac365f-c34c-4f99-b0b3-016cbf7dbbd6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"efeb1399-2f2b-4f71-994b-b3df65af95b6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"65e149a8-7c78-40d0-9cc5-9f420011facc","name":"Tar","type":"tool","source":"Tidal Cyber","software_attack_id":"S3288","tidal_id":"8ea1d0a8-be1f-52b7-a04d-a66a937d2499","created":"2024-01-12T14:48:13.085269Z","modified":"2024-01-12T14:48:13.085273Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5c2b387e-c772-4ad7-8ee2-3954bca90a06","name":"Tar.exe","description":"<sup>[[Tar.exe - LOLBAS Project](/references/e5f54ded-3ec1-49c1-9302-6b9f372d5015)]</sup>","source":"Tidal Cyber","associated_software_id":"13f7f0ae-b228-4453-b35e-cded8c9bcbb4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"2fb7b8fe-1f6f-4ed6-a60e-80325d0bc59d","tag":"25b4fafc-4691-4008-8baa-35dbbcce752a"},{"id":"b9358b4a-10c9-48da-a0b4-6bc5c07542de","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a89d85d4-8085-4f2f-a453-6cc838747928","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7bb9d181-4405-4938-bafb-b13cc98b6cd8","name":"Tarrask","type":"malware","source":"MITRE","software_attack_id":"S1011","tidal_id":"95348dc3-cb16-5c3b-beed-0ae6658b5880","created":"2022-06-01T17:01:32.151000Z","modified":"2022-10-18T15:53:30.609000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Tarrask scheduled task](https://app.tidalcyber.com/references/87682623-d1dd-4ee8-ae68-b08be5113e3e)]</sup> ","group_attack_id":"G0125","group_id":"1bcc9382-ccfe-4b04-91f3-ef1250df5e5b","name":"HAFNIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"55eddee0-3aed-484a-a129-4821ee70d62d","name":"taskkill.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3583","tidal_id":"d1f33835-a760-5e2c-ab2b-6ced3fa9687d","created":"2025-10-13T17:29:23.858058Z","modified":"2025-10-13T17:29:23.858062Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a43f0364-9dc4-4e3e-8900-66a519d31779","name":"taskkill","description":"","source":"USER","associated_software_id":"9e059f10-75d5-4f8d-bf53-b40ce8f26f7e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ANY.RUN's Cybersecurity Blog 10 01 2025](/references/87535fb7-8916-494e-94ff-cf28c125f0b4)]</sup>","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"34c3cc58-e0eb-48ea-92ba-1738ef8ad1d8","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"2d261dbd-7411-4118-ba5a-a670037b81c2","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"3379b54e-b9fd-4533-97f4-7c2748521d9c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"75df31b8-8a44-4019-8d75-99635cb9d1d6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"abae8f19-9497-4a71-82b6-ae6edd26ad98","name":"Tasklist","type":"tool","source":"MITRE","software_attack_id":"S0057","tidal_id":"a65e0169-768a-5d66-93d8-ad1739462a8c","created":"2017-05-31T21:32:39.233000Z","modified":"2022-10-12T21:30:23.536000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Palo Alto OilRig May 2016](https://app.tidalcyber.com/references/53836b95-a30a-4e95-8e19-e2bb2f18c738)]</sup><sup>[[FireEye APT34 Dec 2017](https://app.tidalcyber.com/references/88f41728-08ad-4cd8-a418-895738d68b04)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup><sup>[[Secureworks BRONZE SILHOUETTE May 2023](https://app.tidalcyber.com/references/77624549-e170-5894-9219-a15b4aa31726)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant Pulse Secure Update May 2021](https://app.tidalcyber.com/references/5620adaf-c2a7-5f0f-ae70-554ce720426e)]</sup>","group_attack_id":"G1023","group_id":"f46d6ee9-9d1d-586a-9f2d-6bff8fb92910","name":"APT5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Trend Micro DRBControl February 2020](https://app.tidalcyber.com/references/4dfbf26d-023b-41dd-82c8-12fe18cb10e6)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[NCC Group APT15 Alive and Strong](https://app.tidalcyber.com/references/02a50445-de06-40ab-9ea4-da5c37e066cd)]</sup>","group_attack_id":"G0004","group_id":"26c0925f-1a3c-4df6-b27a-62b9731299b8","name":"Ke3chang","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Alperovitch 2014](https://app.tidalcyber.com/references/72e19be9-35dd-4199-bc07-bd9d0c664df6)]</sup>","group_attack_id":"G0009","group_id":"43f826a1-e8c8-47b8-9b00-38e1b3e4293b","name":"Deep Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Storm-0501](https://app.tidalcyber.com/groups/416acbe3-8993-56e1-9a89-e65c2eefcc86) discovered running processes through `tasklist.exe`.<sup>[[Microsoft Storm-501 Sabbath Ransomware Embargo September 2024](https://app.tidalcyber.com/references/af1f0d36-3f0f-5f49-b5fa-8b6f8bf15020)]</sup>","group_attack_id":"G1053","group_id":"416acbe3-8993-56e1-9a89-e65c2eefcc86","name":"Storm-0501","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA SoreFang July 2016](https://app.tidalcyber.com/references/a87db09c-cadc-48fd-9634-8dd44bbd9009)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8776b93a-f56b-43d9-bf55-c340d723a397","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"046a53e9-e0c7-47d5-a0c8-4e413e68c2e3","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"70f0a427-0603-48df-8831-2087dfa77354","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"10a7b7cf-ac6c-488f-82dd-758d6739e5b4","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"c9b7154b-e604-4dd2-9ed9-b35162333156","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"40ee34e6-88ef-45c2-a60d-024beb92b42b","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"eacaec40-f410-4d7d-b0e8-e76b4bd13511","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"e6f609e7-4d96-4ca5-8668-94ee9efd8de7","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ff6806d4-5530-4e11-a1a4-fe646fd7f11d","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"761f13a6-763e-4aca-b5a2-e652e3c8a92b","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"6a62188d-1f8a-4256-84cc-88b4ccf39050","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9d8a6000-1390-40ea-9032-953695561303","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"5dc89c15-7e52-4a7b-8373-326578ff5157","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5ad6fc2e-1e5a-44f5-b277-0911e145d3d5","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"b478a6c7-a3a6-4bbf-8fb9-270bfeae57fc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"c6f6e63e-141b-4005-ada9-219511682665","name":"Task Scheduler COM API","type":"tool","source":"Tidal Cyber","software_attack_id":"S3917","tidal_id":"9bbeb36b-8902-5d18-bc4c-d2f184a9c4bb","created":"2026-01-14T13:31:35.168253Z","modified":"2026-01-14T13:31:35.168258Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Medium January 11 2026](/references/6cb12d3f-0296-47f7-9131-fc21ea806383)]</sup>","group_attack_id":"G3199","group_id":"ff36ede1-9375-4b1a-83f3-38b12d1ec3f4","name":"ValleyRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7b686699-a3af-4a26-a52a-05c9f03a67bb","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"57c06f6e-6f3f-4095-b34f-2157191615ff","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"11f30e6d-d29b-4613-8d52-6c72c1d80418","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7a5d457c-949c-4e8f-817a-7e2d33f6c618","name":"tcpdump","type":"tool","source":"Tidal Cyber","software_attack_id":"S3108","tidal_id":"6bfd9b9f-d7d8-553d-a444-7a8130f38073","created":"2024-03-01T20:23:48.421761Z","modified":"2024-03-01T20:23:48.421766Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA APT40 July 8 2024](/references/3bf90a48-caf6-4b9d-adc2-3d1176f49ffc)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4fe110d0-3309-4c05-b44f-a4e1f994daea","tag":"96d58ca1-ab18-4e53-8891-d8ba62a47e5d"},{"id":"8fa96a4c-50a8-45eb-a559-73a632609cee","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"f77b5bc2-2677-4e6a-93f8-f6707359fed1","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2071950a-1f61-49e1-a2bd-1d2b4df7cb7a","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"d609d0a3-d8e2-44df-985f-17be2e57d26e","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"b63ba70a-9b66-4679-8a30-7531cdb8e1ec","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"d7b40fa6-cf63-4677-bd32-a4cc99ae6579","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"6f0b0080-501d-4377-8b4f-107b6d408f6d","tag":"02495172-1563-48e7-8ac2-98463bd85e9d"},{"id":"71b67c97-e3ed-4091-992a-d5347de1b95a","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"1140696b-9362-41c2-9854-1cc0fc7c4c9d","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"cd6b9b6a-afc1-4efc-9741-d6fb4a8f1543","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"aa0b68e3-1511-4b94-8f9b-e136569289a3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"590a6b81-b374-49e0-a4c7-c8dba7316fcf","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"5812b539-396f-4254-9823-90be96ef9461","name":"TCSectorCopy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3681","tidal_id":"c1c6c0db-1512-5afa-b321-a943d1561811","created":"2025-12-10T14:14:53.338384Z","modified":"2025-12-10T14:14:53.338388Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1b403453-a53b-4684-a56f-4c823755e533","name":"xCopy.exe","description":"<sup>[[SecureList ToddyCat November 21 2025](/references/889c7685-43ce-4156-a142-4b4605d8fec9)]</sup>","source":"USER","associated_software_id":"54715b92-597d-4541-bf3a-ccd1346be49b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[SecureList ToddyCat November 21 2025](/references/889c7685-43ce-4156-a142-4b4605d8fec9)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"43b74814-ec33-456b-aea9-b247abdf90a8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4eea405d-d9be-490f-99bb-c8b6547a5dde","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c62b061a-b4d0-4b28-932c-3c9423443248","name":"TDSSKiller","type":"tool","source":"Tidal Cyber","software_attack_id":"S3047","tidal_id":"9fd3b671-0933-5466-a9c6-7eda1a93f301","created":"2023-08-18T18:56:24.446575Z","modified":"2023-08-18T18:56:24.446584Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ThreatDown RansomHub September 9 2024](/references/34422e6e-0e79-48ba-a942-9816e9b4ee7c)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b4a14396-6120-463c-a576-4e1a4c1f643a","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"74b5f158-01e1-435c-b723-e2f5207c1c85","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"afe20fa7-8abc-43c2-a32e-b6ac32f1734f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"320f9a2f-ea18-40ce-9a8d-f5a7057494c1","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"3808ba6c-612f-44a9-9a27-a2b0d037686b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"2edc1b6a-7c26-46d4-bb1f-187e808c7452","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"7fdbcaf1-4924-4283-b43d-08cdd0865067","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"3e89a982-68b2-4fa5-8ad5-1a6ad59e3792","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"bcf3803a-21d8-457c-adeb-50a44e4b74b6","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a9999c05-7261-4622-a4f2-c80b029a21c1","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"fab87e8c-25c1-4fa7-b657-7515e8caba64","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"e7116740-fe7c-45e2-b98d-0c594a7dff2f","name":"TDTESS","type":"malware","source":"MITRE","software_attack_id":"S0164","tidal_id":"5f1fbbd0-921c-5415-947e-af522a0d40f6","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ClearSky Wilted Tulip July 2017](https://app.tidalcyber.com/references/50233005-8dc4-4e91-9477-df574271df40)]</sup>","group_attack_id":"G0052","group_id":"6a8f5eca-8ecc-4bff-9c5f-5380e044ed5b","name":"CopyKittens","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"8eef4e4b-e294-47bb-befa-9cd97ceced57","name":"te","type":"tool","source":"Tidal Cyber","software_attack_id":"S3360","tidal_id":"06cbb746-4818-5764-9a25-a993e7b3ccf1","created":"2024-01-12T14:48:39.933326Z","modified":"2024-01-12T14:48:39.933330Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d4bd9095-2288-4092-a689-1c2bc6c8ed25","name":"te.exe","description":"<sup>[[te.exe - LOLBAS Project](/references/e7329381-319e-4dcc-8187-92882e6f2e12)]</sup>","source":"Tidal Cyber","associated_software_id":"7f9ba4e5-1bea-4620-855c-b9cf9e97da07","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"ff49d859-c55d-419a-8065-a0ae440d1111","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"10282a84-c4bc-4469-9cad-9e2c87df4f49","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"74ede7b9-3433-4e0f-95d9-637b15d35a2b","name":"TeamFiltration","type":"tool","source":"Tidal Cyber","software_attack_id":"S3501","tidal_id":"5a533b8a-55dc-5f0b-8507-fb539a2d4ab7","created":"2025-06-17T14:41:24.303243Z","modified":"2025-06-17T14:41:24.303247Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"611f20c7-ce22-4ba5-9587-7cbb75398a0b","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"49233e27-6860-4986-88a2-1fef6335e633","tag":"e81ba503-60b0-4b64-8f20-ef93e7783796"},{"id":"4d4caec2-7d14-4e9a-8ab9-ed56e2ad3da9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"614826c5-cdb4-4cee-a5c9-ab5690a33218","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"39220aec-5aad-4363-87d9-55e7a2ee1b3b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"13221a7b-6c23-48a7-97bd-21e2c689a391","name":"Teams","type":"tool","source":"Tidal Cyber","software_attack_id":"S3361","tidal_id":"08c7f2aa-9bd5-57c6-8da5-0390acb3afa0","created":"2024-01-12T14:48:40.304924Z","modified":"2024-01-12T14:48:40.304928Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3f59bae3-2ebe-46d4-97dd-4e56572cd130","name":"Teams.exe","description":"<sup>[[Teams.exe - LOLBAS Project](/references/ceee2b13-331f-4019-9c27-af0ce8b25414)]</sup>","source":"Tidal Cyber","associated_software_id":"386539ac-dcd7-4484-9dcb-3e4aa849fd7c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"03318c57-5a1c-4c55-8d8a-adef84044628","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6dd08f7f-5e20-4aef-a653-43e69b7feeef","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"35f97c5d-4afe-4133-8b02-ba3ac9ec9e37","name":"TeamsClutch","type":"malware","source":"Tidal Cyber","software_attack_id":"S3788","tidal_id":"d1313fc0-5c3a-5f48-9d8f-96515e0fba37","created":"2025-12-24T14:57:25.035243Z","modified":"2025-12-24T14:57:25.035246Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"69a00285-5184-4f89-a2db-bbfd081330e4","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"9a15afc6-dd72-49ef-aa28-fe41bb3c113d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"7b04484c-3a5e-4bc8-9ce7-626b4879ccda","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f68a0b20-4501-48a1-b3fd-418c2af466cd","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6b5f6eb4-4cdd-4383-8623-d1f7de486865","name":"TeamViewer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3048","tidal_id":"0015ee6b-57eb-57ae-b456-69ecd97260f2","created":"2023-07-14T12:56:39.551627Z","modified":"2023-07-14T12:56:39.551631Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CSRB LAPSUS$ July 24 2023](/references/f8311977-303c-4d05-a7f4-25b3ae36318b)]</sup>","group_attack_id":"G1004","group_id":"0060bb76-6713-4942-a4c0-d4ae01ec2866","name":"LAPSUS$","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET EvilNum July 2020](/references/6851b3f9-0239-40fc-ba44-34a775e9bd4e)]</sup>","group_attack_id":"G0120","group_id":"4bdc62c9-af6a-4377-8431-58a6f39235dd","name":"Evilnum","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Securelist Kimsuky Sept 2013](/references/f26771b0-2101-4fed-ac82-1bd9683dd7da)]</sup><sup>[[Crowdstrike GTR2020 Mar 2020](/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Secureworks BRONZE PRESIDENT December 2019](/references/019889e0-a2ce-476f-9a31-2fc394de2821)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Group IB RTM August 2019](/references/739da2f2-2aea-4f65-bc4d-ec6723f90520)]</sup>","group_attack_id":"G0048","group_id":"666ab5f0-3ef1-4e74-8a10-65c60a7d1acd","name":"RTM","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Group IB Cobalt Aug 2017](/references/2d9ef1de-2ee6-4500-a87d-b55f83e65900)]</sup>","group_attack_id":"G0080","group_id":"58db02e6-d908-47c2-bc82-ed58ada61331","name":"Cobalt Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Group-IB Anunak](/references/fd254ecc-a076-4b9f-97f2-acb73c6a1695)]</sup>","group_attack_id":"G0008","group_id":"72d9bea7-9ca1-43e6-8702-2fb7fb1355de","name":"Carbanak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The Register Everest Ransomware October 12 2023](/references/04bf21c9-1670-41d7-b52c-0e31ad846b43)]</sup>","group_attack_id":"G3106","group_id":"6636ab8d-871f-4353-a1a5-81c8d7cacca4","name":"Everest Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3081","group_id":"a1a03a84-1d75-40a3-916e-d3e0d1068d11","name":"CURLY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3083","group_id":"3444e9ed-d79a-4c53-90a2-a3bd2fcc3f7c","name":"PLUMP SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"882538c6-339e-45dc-9714-a9d2953e1aa0","tag":"224f0291-af3d-47e5-a259-4bfcb642645a"},{"id":"9c8d1dd5-71a3-4249-a1e5-14bc49266180","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"6fb2e9bb-03a6-4612-8d7b-ebdc3bcee6c1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"991e9494-3acb-4981-a9f1-51ccc07c9dac","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"84b607c1-9c71-4583-9131-e8bb654014f8","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"a3f28b9f-b35c-4b3e-b178-e48741620d7b","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"38b49e4d-4d70-42ab-ae17-702971f237d2","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"90e54c90-0090-44c9-a914-6a47ae2b4b74","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"2c535e8e-7faf-46a2-a810-4bef8bbb9c8b","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"23a32d56-8d58-4f46-a360-4a056d23266d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"955d3c01-ecef-4fe9-8a22-5d9148a25905","tag":"15b77e5c-2285-434d-9719-73c14beba8bd"},{"id":"045a9502-b652-42aa-af02-50c519466269","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"bae20f59-469c-451c-b4ca-70a9a04a1574","name":"TEARDROP","type":"malware","source":"MITRE","software_attack_id":"S0560","tidal_id":"723646ed-f595-5497-a2d7-59c3bba4728e","created":"2021-01-06T17:34:43.835000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye SUNBURST Backdoor December 2020](https://app.tidalcyber.com/references/d006ed03-a8af-4887-9356-3481d81d43e4)]</sup><sup>[[MSTIC NOBELIUM May 2021](https://app.tidalcyber.com/references/047ec63f-1f4b-4b57-9ab5-8a5cfcc11f4d)]</sup><sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup><sup>[[Secureworks IRON RITUAL Profile](https://app.tidalcyber.com/references/c1ff66d6-3ea3-4347-8a8b-447cd8b48dab)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d82365b0-518b-4ad6-86d3-32ee7ca1d725","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"1cb01fde-0d01-426a-a3c6-b5591d2e17c7","name":"Telegram","type":"tool","source":"Trellix TIG","software_attack_id":"S3386","tidal_id":"6f74ba73-f616-5a43-a86a-4f2dc94f44ea","created":"2025-04-11T15:06:34.001291Z","modified":"2025-04-11T15:06:34.001296Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[www.okta.com January 23 2026](/references/5ba030cc-d314-44ba-8eb1-8bd49319f6c4)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"b9a98499-c984-4199-ae64-d1381ebbaa1f","name":"Teleport","type":"malware","source":"Tidal Cyber","software_attack_id":"S3051","tidal_id":"466f7d18-1011-5e3b-ad92-e551ddf42a21","created":"2023-07-14T12:56:39.752500Z","modified":"2023-07-14T12:56:39.752504Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"3c5cb499-a89a-454b-b85c-a9f3b348edd4","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"bf81ff6b-1745-4cc8-a91c-263b2632845a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"2f530335-ddfa-4a6b-96ed-c9be3ceb0925","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"}],"owner_name":"TidalCyberIan"},{"id":"98bf86f8-00c8-4428-a288-9a44545050a2","name":"Teleport.sh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3513","tidal_id":"02ab9dd9-7f69-5478-a6f8-3decd5e87c80","created":"2025-08-06T14:57:16.445398Z","modified":"2025-08-06T14:57:16.445402Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA Scattered Spider Advisory November 2023](/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ab02a741-04ab-43d6-b554-b667023f03b6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"33149b1b-d859-4d54-8a44-d4f2599447a3","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"3ffdd48e-0e3c-4439-8e2b-380fae3d6c81","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"70507321-07e6-4cdd-9bd0-9988f477c1ce","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"ededdc21-770c-4895-a36f-330b0cfabf78","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"f2619c68-30da-4a0a-991e-ea97bfaa6da9","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"ac792eff-c684-4a55-a5db-b1031ac4fb29","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"},{"id":"41730029-aa2b-4a15-b682-6eef2c66bbc9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"ecc0615f-106d-492a-952d-f26cdac143dd","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":"TidalCyberIan"},{"id":"5cd0db7a-d47d-479b-89ac-9e78dfc0cd9d","name":"Terminator","type":"tool","source":"Tidal Cyber","software_attack_id":"S3122","tidal_id":"531c6ff6-49dc-5bd1-a720-2baad331a8d5","created":"2024-04-04T20:39:10.526797Z","modified":"2024-04-04T20:39:10.526800Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"35aa0d86-ef37-42db-a2a9-1fe3b569ba27","name":"Spyboy Terminator","description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","source":"USER","associated_software_id":"22e8f24e-27be-439a-a7c1-4e60e6227704","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"51d19819-f6aa-4195-adbf-70f9ff6280c9","name":"Zemana AntiMalware driver","description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","source":"USER","associated_software_id":"3c78bf7e-e03b-4af2-ac55-fbac1a4f7c0e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News December 05 2025](/references/30f373ed-0d2e-474a-b17f-29de7beec0c8)]</sup>","group_attack_id":"G3171","group_id":"bd08b74d-4f60-4615-9bde-19d6a899d1e9","name":"GOLD BLADE","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"280699c1-33f1-491c-8bf8-57c3c8a3d76c","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"a5c8a0d7-e015-4190-b3a3-b9bea96a397b","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"fb3777b6-922c-40e7-be12-00051d4627d9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"7bc48c99-8b71-4fcb-887a-6d71ed21c26b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"51a9d952-4cc3-4c4c-8f43-f4c25f44d830","name":"Termite Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3415","tidal_id":"ed463b82-7984-51d9-a076-3c79282e7f61","created":"2024-12-10T14:33:15.991564Z","modified":"2024-12-10T14:33:15.991569Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Infosecurity Magazine December 9 2024](/references/1a3f22b7-8585-44b7-845a-eaa13d8a5dc1)]</sup>","group_attack_id":"G3067","group_id":"286da832-f055-4ca4-a52a-9eb62461dc48","name":"Termite Ransomware Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"23ef3dcc-0115-4663-8ca4-b0b8bb9d8eca","tag":"d92fd4ee-09aa-4a32-9058-cd23f0c6238a"},{"id":"1f05573d-b80f-449d-bded-38501682a1dd","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"6b0ea53d-7efc-4835-90f5-cdb49d44f3f8","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"e30b4079-ee08-443d-af62-81eb4546862e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e57b9d36-be17-4e04-a9d7-1272d6e6b63b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5e7a1287-4320-5031-a38e-5ecff6d28638","name":"TERRACOTTA","type":"malware","source":"Mobile","software_attack_id":"S0545","tidal_id":"5e7a1287-4320-5031-a38e-5ecff6d28638","created":"2026-01-28T13:08:09.939110Z","modified":"2026-01-28T13:08:09.939112Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2143f749-d7b8-43c0-8041-8aeb486142c2","name":"TestWindowRemoteAgent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3362","tidal_id":"0f09e7bd-c93d-5ed8-a0ff-ced1eb0c6f50","created":"2024-01-12T14:48:40.662296Z","modified":"2024-01-12T14:48:40.662300Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c5f2f005-8e6e-4f0a-8f15-532e40fca1a7","name":"TestWindowRemoteAgent.exe","description":"<sup>[[TestWindowRemoteAgent.exe - LOLBAS Project](/references/0cc891bc-692c-4a52-9985-39ddb434294d)]</sup>","source":"Tidal Cyber","associated_software_id":"fcf88411-e0c2-403a-aa70-dc75fd1d488b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dd5317f7-7a79-4e13-abfc-8031fc5bef2f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"9175fe04-9a1b-48bd-85a7-afe168ee7bc0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"49d0ae81-d51b-4534-b1e0-08371a47ef79","name":"TEXTMATE","type":"malware","source":"MITRE","software_attack_id":"S0146","tidal_id":"29f6fcf4-1a69-539b-ac0e-057624eb6480","created":"2017-05-31T21:33:25.209000Z","modified":"2022-07-20T20:06:44.708000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1b0ec06d-0748-42ea-912f-e23f14d94b95","name":"DNSMessenger","description":"Based on similar descriptions of functionality, it appears S0146, as named by FireEye, is the same as Stage 4 of a backdoor named DNSMessenger by Cisco's Talos Intelligence Group. However, FireEye appears to break DNSMessenger into two parts: S0145 and S0146. <sup>[[Cisco DNSMessenger March 2017](https://app.tidalcyber.com/references/49f22ba2-5aca-4204-858e-c2499a7050ae)]</sup> <sup>[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]</sup>","source":"MITRE","associated_software_id":"6812793e-6342-4da6-b77f-ed29fab1fd9a","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye FIN7 March 2017](https://app.tidalcyber.com/references/7987bb91-ec41-42f8-bd2d-dabc26509a08)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"c5bbffad-2eb7-45fc-b366-17491768b2d7","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"913d66e2-2a5d-46bf-ac08-9571b7ff754f","name":"TFTP","type":"tool","source":"Tidal Cyber","software_attack_id":"S3798","tidal_id":"524cc709-6382-5e28-a064-4c7fadcdfde4","created":"2025-12-24T14:57:26.540931Z","modified":"2025-12-24T14:57:26.540934Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Amazon Web Services December 15 2025](/references/cb9ff075-d033-4990-b389-4760d089e255)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"fcc8d871-7057-456c-8feb-27808bdc6feb","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"af57423b-03f1-4c0c-9dc9-cd578eb95d2c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"22201423-57be-4994-b802-f3908a937819","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c6f1ee76-a6e4-469d-afc6-021339b93adf","name":"The Gentlemen Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3594","tidal_id":"a77ab9a0-c602-5526-adba-1fbde3bfaf69","created":"2025-10-17T17:09:53.611998Z","modified":"2025-10-17T17:09:53.612001Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b77d922c-5c51-4943-b8b8-b4935e1b6b66","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"45571975-d6ee-470d-9bfe-495486948ba2","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a942dad7-9884-408e-8de8-9e44f6876a2c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"9b499336-18c6-4885-9940-edcad31e5a39","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"97fdaec4-ea23-488f-8fa3-2b0463eef9da","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"e9f509c6-ccdc-47d5-b1bc-0ca7b604e8b7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"096cc3dd-aa93-40bd-a401-93b435812959","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"83bbd6a5-cc59-442b-ae0d-83c1a9854aac","name":"Themida","type":"tool","source":"Tidal Cyber","software_attack_id":"S3848","tidal_id":"8fa89e1f-b00f-52cf-8614-a4fd2c919316","created":"2025-12-29T17:41:08.498939Z","modified":"2025-12-29T17:41:08.498943Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ac30235c-05c8-475b-9c23-6d5f8e33aa12","tag":"166581ec-09a6-40b2-abfb-c3f5c733f89f"},{"id":"9336a10c-d2f4-4242-9c0c-f367b4eade46","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"209cd068-d940-4814-9cff-80a8f4e3a159","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"96aa42b9-8175-4e67-bb19-534335b9a241","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2ed5f691-68eb-49dd-b730-793dc8a7d134","name":"ThiefQuest","type":"malware","source":"MITRE","software_attack_id":"S0595","tidal_id":"54bd1a23-36fa-534d-af12-63b92110224b","created":"2021-03-19T16:26:04.260000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"cf6ccd95-6883-4dfb-bebf-c4c387a702c9","name":"MacRansom.K","description":"<sup>[[SentinelOne EvilQuest Ransomware Spyware 2020](https://app.tidalcyber.com/references/4dc26c77-d0ce-4836-a4cc-0490b6d7f115)]</sup>","source":"MITRE","associated_software_id":"6979dd37-4c1c-48bf-a0e1-c8f2a0606962","owner_id":null,"owner_name":null},{"id":"d10f0e4b-613c-4eca-8119-51837c58ba99","name":"EvilQuest","description":"<sup>[[Reed thiefquest fake ransom](https://app.tidalcyber.com/references/b265ef93-c1fb-440d-a9e0-89cf25a3de05)]</sup>","source":"MITRE","associated_software_id":"6161f604-0972-427e-802e-b5ac009b94fe","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"d5d93660-ff28-4a93-88ef-15e392a6aca4","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"f8a3d9bc-a24e-4349-9a12-b007a976aad7","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"17a96364-ef1c-421c-865c-2705c4e25636","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"4da066f9-5b15-5c1b-b913-ee0dab6f2f03","name":"THINCRUST","type":"malware","source":"MITRE","software_attack_id":"S1223","tidal_id":"4da066f9-5b15-5c1b-b913-ee0dab6f2f03","created":"2025-10-29T21:08:48.110621Z","modified":"2025-10-29T21:08:48.110622Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant Fortinet Zero Day](https://app.tidalcyber.com/references/7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7)]</sup>","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2252f6b1-4f53-4375-97ca-5375cbdbbfdb","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6ffd030d-4ad6-44d1-be54-6586c7cd70c8","name":"THINCRUST","type":"malware","source":"Trellix TIG","software_attack_id":"S3457","tidal_id":"9b9b4233-f8c5-5575-8ebc-22bd55e217da","created":"2025-04-11T15:06:51.785726Z","modified":"2025-04-11T15:06:51.785730Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"1c0956bb-e1da-4c17-bf1a-802d68f1fa59","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"c1e0eeb4-f462-46fc-bf0b-ed9a9307a968","name":"ThinSpool","type":"malware","source":"Trellix TIG","software_attack_id":"S3471","tidal_id":"01cd3b88-4d44-5382-910b-db8ccdde7f12","created":"2025-04-11T15:06:54.236402Z","modified":"2025-04-11T15:06:54.236405Z","platforms":[],"associated_software":[{"id":"66b9387c-ba76-4bae-958b-3d2a010bb7c5","name":"Thinspool Dropper","description":"","source":"Trellix TIG","associated_software_id":"1b8baefd-4771-4dc4-aec4-4f34e0e18612","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"d76edf02-5a92-4acf-ba34-a6b9f45cf9af","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"b31c7b8e-dbdd-4ad5-802e-dcdc72b7462e","name":"ThreatNeedle","type":"malware","source":"MITRE","software_attack_id":"S0665","tidal_id":"9d114eb9-ea66-5671-99c5-b1aa1d98ed36","created":"2021-11-30T15:46:36.159000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky ThreatNeedle Feb 2021](https://app.tidalcyber.com/references/ba6a5fcc-9391-42c0-8b90-57b729525f41)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ea573489-e1cd-4d90-aef8-3b12d5c4196b","name":"ThrottleStop.sys","type":"tool","source":"Tidal Cyber","software_attack_id":"S3762","tidal_id":"ff52cfe8-5d7d-5723-976c-6e8f4648454c","created":"2025-12-17T14:18:51.164197Z","modified":"2025-12-17T14:18:51.164202Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5f7d8288-ed7e-4cd0-9910-2ffc9fcef668","name":"ThrottleStop Driver","description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","source":"USER","associated_software_id":"cad4562e-8299-4e4f-a583-ea7a7533b7d2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"9444c6c5-30e0-4107-a40f-18c6618f1b42","name":"TechPowerUp ThrottleStop driver","description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","source":"USER","associated_software_id":"21c29a96-ffdd-4d80-b688-dd7a3ca87031","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"97c8ec89-fe6e-43b7-bc31-e3642c503c4c","name":"rwdrv.sys","description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","source":"USER","associated_software_id":"20d4fa01-fbae-43ba-9738-8a0d6c8f478c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 10 2025](/references/8dcd43e9-e28f-4536-93d3-9823aa064cdb)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a2ee75c0-1541-4cbf-b037-e0b8a503490b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"616144f2-9ae2-43eb-a83b-66a09dddfc7d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1cb0bf2d-ac2c-43c6-9db2-8f1a8a11ff6e","name":"Thunder.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3906","tidal_id":"95aa496f-fdec-59ae-912c-405a66776668","created":"2026-01-14T13:31:33.247489Z","modified":"2026-01-14T13:31:33.247499Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 26 2025](/references/0d6e9bfe-9c6c-40ba-9d12-30273b559d13)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3eb2f1bb-d491-448c-aafa-632c25a707a1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"a50db345-5c9f-46a9-bfba-c5c439fd1753","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c91b282b-83fd-43fc-80e8-fe0a168bb74c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"8fe38eda-30be-4c88-ae76-ac6ebc89d66b","name":"ThunderShell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3049","tidal_id":"b7513446-83e9-5c61-9db6-00ba22145624","created":"2023-08-18T18:56:24.715670Z","modified":"2023-08-18T18:56:24.715678Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"18b4b32c-29ea-4d9c-9f35-be531bf54a76","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"7af56b2f-1fd6-48fc-a519-26d20a3422a7","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"dd6fa047-7347-4d6f-8711-7ffe5ddff95d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"adc73117-a704-4c8b-879b-f738550cee73","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"8cb826c7-05d5-48b1-8e8d-87b68bc25355","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"c975f502-831f-4724-8491-bdbd956623e3","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5cddc325-d9e2-4a42-ad88-0a44f7b3a35e","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"5533ba4a-8d8b-4ad0-8ea0-713e036f17bb","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"f73fffb6-1df3-4af6-8590-617f4c9c73d5","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"e5533e56-e9b5-4583-bd89-b65aee24bc2c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"66ac8d9b-c18d-4652-9a46-8621fc1a3ea9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f98e220e-d486-5fb6-9dea-b20894c12da6","name":"TianySpy","type":"malware","source":"Mobile","software_attack_id":"S1056","tidal_id":"f98e220e-d486-5fb6-9dea-b20894c12da6","created":"2026-01-28T13:08:09.939301Z","modified":"2026-01-28T13:08:09.939302Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"},{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"b39d2bea-83f4-4450-b331-3c39dff89ee8","name":"Tickler","type":"malware","source":"Tidal Cyber","software_attack_id":"S3150","tidal_id":"0b9b847d-6193-5c0e-89dc-0bf2163a9e96","created":"2024-08-30T18:12:52.973973Z","modified":"2024-08-30T18:12:52.973977Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog August 28 2024](/references/940c0755-18df-4fcb-9691-9f2eb45e6441)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"33709ca4-3a8c-406d-85fd-33e949eb27c9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f5583db1-8450-49d3-bc70-a8bc80d6c585","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"808bd71d-853f-42c2-aeea-100636955bf4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6b0d5be9-5305-4b45-bed9-43dee66b85e8","name":"TightVNC","type":"tool","source":"Tidal Cyber","software_attack_id":"S3054","tidal_id":"9a79f382-c86b-524e-bad2-b340ac25a838","created":"2023-07-14T12:56:40.728167Z","modified":"2023-07-14T12:56:40.728171Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[BianLian Ransomware Gang Gives It a Go! | [redacted]](/references/fc1aa979-7dbc-4fff-a8d1-b35a3b2bec3d)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3006","group_id":"7c1a627e-7ea8-4919-a590-7637f1c887f3","name":"NoName057(16)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3035","group_id":"411e005e-95a4-4805-8296-0accf902d08d","name":"Cyber Army of Russia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[CrowdStrike Carbon Spider August 2021](/references/36f0ddb0-94af-494c-ad10-9d3f75d1d810)]</sup>","group_attack_id":"G0046","group_id":"4348c510-50fc-4448-ab8d-c8cededd19ff","name":"FIN7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA AA20-259A Iran-Based Actor September 2020](/references/1bbc9446-9214-4fcd-bc7c-bf528370b4f8)]</sup>","group_attack_id":"G0117","group_id":"7094468a-2310-48b5-ad24-e669152bd66d","name":"Fox Kitten","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC3944 September 14 2023](/references/7420d79f-c6a3-4932-9c2e-c9cc36e2ca35)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3168","group_id":"11cc9126-532c-4c37-944f-d4585840ead8","name":"Sector16","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybersecurity and Infrastructure Security Agency CISA December 09 2025](/references/ad9ca269-46d2-4de4-b65e-21602724df82)]</sup>","group_attack_id":"G3169","group_id":"34358e71-38c5-44e3-8467-6c84ab9eba4a","name":"Z-Pentest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8370188d-f29d-4f07-95b0-593e50976df5","tag":"cb35f72d-c98a-4018-ba66-8750533bc8fa"},{"id":"799b6b47-50bb-4ca7-b188-bf479793d88a","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"06d24075-6238-4a54-8d3f-e77e58a75c0a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"00be21bb-73d8-4e44-9679-a075117ec2f3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"3092e060-7318-4598-9de0-8b08a927f0a6","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"a2ec8bd6-398f-415c-b5f4-68e3154943c4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"48f23447-8fe6-4b2c-b1c4-501f8f7e4e6b","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"}],"owner_name":"TidalCyberIan"},{"id":"5b234c0a-a87b-5aad-be59-b75d890fa6e4","name":"Tiktok Pro","type":"malware","source":"Mobile","software_attack_id":"S0558","tidal_id":"5b234c0a-a87b-5aad-be59-b75d890fa6e4","created":"2026-01-28T13:08:09.938844Z","modified":"2026-01-28T13:08:09.938845Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"abb77e23-eb45-41f1-9851-2c0c1aa0a91e","name":"TinyShell","type":"malware","source":"Tidal Cyber","software_attack_id":"S3419","tidal_id":"1faafb52-5b9f-52f3-af88-650f4358f487","created":"2025-02-03T21:09:16.833956Z","modified":"2025-02-03T21:09:16.833961Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[crowdstrike.com December 19 2024](/references/cd7f7145-579d-4277-8ec9-c67e5ae00759)]</sup>","group_attack_id":"G3070","group_id":"f9f9358a-f708-4794-af35-784c532427cf","name":"LIMINAL PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4ca5613f-8944-4eb2-bd4e-9c4836899947","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"a8a50a42-08a9-49ad-bb2d-fb4e9ef837b9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"9f902981-e02f-4754-ae3c-ab41f33b2d53","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"5f303902-f1eb-4700-b263-44d4f7fb6162","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"39f0371c-b755-4655-a97e-82a572f2fae4","name":"TinyTurla","type":"malware","source":"MITRE","software_attack_id":"S0668","tidal_id":"bf1ca16c-5a64-52ac-8ea1-49d737d2c27a","created":"2021-12-02T15:09:20.899000Z","modified":"2022-04-21T16:08:09.275000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Talos TinyTurla September 2021](https://app.tidalcyber.com/references/94cdbd73-a31a-4ec3-aa36-de3ea077c1c7)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"9889e4c5-0a67-43de-b89e-6841abade428","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"0e009cb8-848e-427a-9581-d3a4fd9f6a87","name":"TINYTYPHON","type":"malware","source":"MITRE","software_attack_id":"S0131","tidal_id":"62d34472-0f5e-5d9f-b176-7ac31400e250","created":"2017-05-31T21:33:15.467000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e2b30f43-7a4b-4836-86eb-56ce7a2e840a","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"277290fe-51f3-4822-bb46-8b69fd1c8ae5","name":"TinyZBot","type":"malware","source":"MITRE","software_attack_id":"S0004","tidal_id":"edf52fea-6c84-5ea3-8c9c-1d599900194a","created":"2017-05-31T21:32:12.310000Z","modified":"2022-07-22T18:37:22.180000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cylance Cleaver](https://app.tidalcyber.com/references/f0b45225-3ec3-406f-bd74-87f24003761b)]</sup>","group_attack_id":"G0003","group_id":"c8cc6ce8-d421-42e6-a6eb-2ea9d2d9ab07","name":"Cleaver","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b39590ee-32f0-44c7-8fea-fa485dee2d87","name":"TODDLERSHARK","type":"malware","source":"Tidal Cyber","software_attack_id":"S3420","tidal_id":"4c54d2ea-b71a-501a-bd67-b0bd91ea9665","created":"2025-02-03T21:09:17.005357Z","modified":"2025-02-03T21:09:17.005361Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"50ccc7ae-54fb-4906-a040-2b902c7b5f50","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"4c896b43-f88c-4d24-b3f1-97888b63844e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"855a36fa-5a57-4c3b-a61c-fa2d3a38b653","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fd6a60e3-880e-422e-9e74-ffd7ca98cb0a","name":"TOLLBOOTH","type":"malware","source":"Tidal Cyber","software_attack_id":"S3803","tidal_id":"3b33ecba-546f-5e2d-b508-11e1cefe233b","created":"2025-12-24T14:57:27.281878Z","modified":"2025-12-24T14:57:27.281881Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3180","group_id":"92cbac61-7999-465a-9afc-5476f84b3a2e","name":"RudePanda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6579e802-17cd-4a5c-b090-6eed0435daa7","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"cc4e2643-a8ea-40fd-810f-e1e4580c2872","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"abe42dbb-2fdb-445d-94e9-7053cec87537","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"562fd759-5997-4eb8-8255-254f3b7f5b20","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2ae5da6a-4257-4588-a4e0-de59570b0c6c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3aedbaae-a370-41c4-ac2e-400081f751c7","name":"TomBerBil","type":"malware","source":"Tidal Cyber","software_attack_id":"S3679","tidal_id":"ae3a5b71-8fe0-5e34-9c64-2108c6be62df","created":"2025-12-10T14:14:52.981546Z","modified":"2025-12-10T14:14:52.981551Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[SecureList ToddyCat November 21 2025](/references/889c7685-43ce-4156-a142-4b4605d8fec9)]</sup>","group_attack_id":"G1022","group_id":"0f41da7d-1e47-58fe-ba6e-ee658a985e1b","name":"ToddyCat","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9bfff60b-2042-4ea0-8242-b2e5d5a362b6","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1079b3b2-cb2e-4680-bb72-2a450e4c62aa","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"eff417ad-c775-4a95-9f36-a1b5a675ba82","name":"Tomiris","type":"malware","source":"MITRE","software_attack_id":"S0671","tidal_id":"47073729-8b45-5a8b-bf5a-d715817f107b","created":"2021-12-29T14:47:19.862000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"c3511ec8-d1cd-4374-9280-a315fbf23fe3","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"30d1f244-4f64-5195-b4dd-d6a155674041","name":"TONESHELL","type":"malware","source":"MITRE","software_attack_id":"S1239","tidal_id":"30d1f244-4f64-5195-b4dd-d6a155674041","created":"2025-10-29T21:08:48.110579Z","modified":"2025-10-29T21:08:48.110580Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CSIRT CTI MUSTANG PANDA PUBLOAD TONESHELL JAN 2024](https://app.tidalcyber.com/references/28d9290f-de56-540e-9211-fa0a96f5d42d)]</sup><sup>[[2025_IBM_PUBLOAD_TONESHELL_HIUPAN_CLAIMLOADER_MUSTANG PANDA](https://app.tidalcyber.com/references/386af393-d4be-5590-9b9e-592d30d431f8)]</sup><sup>[[ATTACKIQ MUSTANG PANDA TONESHELL March 2023](https://app.tidalcyber.com/references/d05921d0-16f3-5ab4-837c-52a2df098a24)]</sup><sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup><sup>[[Trend Micro Mustang Panda Earth Preta Toneshell February 2025](https://app.tidalcyber.com/references/bd7fdacd-9e2c-5bc0-befd-2aeeedd16b0b)]</sup><sup>[[2022 November_TrendMicro_Earth Preta_Toneshell_Pubload](https://app.tidalcyber.com/references/0afb412d-45ea-5c50-99d9-d915d5796a60)]</sup><sup>[[Trend Micro Mustang Panda Earth Preta TONESHELL June 2023](https://app.tidalcyber.com/references/631c6e38-0253-5618-abeb-d67abe102da4)]</sup><sup>[[Zscaler](https://app.tidalcyber.com/references/443f560c-2bc7-575d-aab1-1cfa74064b5f)]</sup><sup>[[Unit42 Chinese VSCode 06 September 2024](https://app.tidalcyber.com/references/2157f860-0a64-50a1-b368-be96d5228bf3)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"fed6a885-e268-4c11-9d5b-348455f9321f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0a1fec1b-8734-47d0-b6e3-53a041f9d906","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"}],"owner_name":null},{"id":"8c70d85b-b06d-423c-8bab-ecff18f332d6","name":"Tor","type":"tool","source":"MITRE","software_attack_id":"S0183","tidal_id":"f5e728b0-97bf-5611-8735-5ab9ff61858b","created":"2018-01-16T16:13:52.465000Z","modified":"2022-10-05T16:37:49.999000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"bcf2b193-453e-4776-9024-94110fc3aa4f","name":"Tor Browser","description":"<sup>[[Red Canary December 09 2025](/references/6d71e655-029e-49b0-8285-30e036e63140)]</sup>","source":"USER","associated_software_id":"f96a2dd1-349f-4d8a-8c98-5ce6f86cd27b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"[Water Galura](https://app.tidalcyber.com/groups/93901942-0750-59a5-a244-3ee9ae3bc255) maintains a [Tor](https://app.tidalcyber.com/software/8c70d85b-b06d-423c-8bab-ecff18f332d6)-hosted data leaks site for [Qilin](https://app.tidalcyber.com/software/665807d7-ad5c-57ee-a710-14198c43ce38) ransomware and affiliates.<sup>[[BushidoToken Qilin RaaS JUN 2024](https://app.tidalcyber.com/references/a0fda9ef-31d3-529b-a0f2-342ac6fa23cd)]</sup><sup>[[Sophos Qilin MSP APR 2025](https://app.tidalcyber.com/references/04c49bb7-d96c-535c-8d91-ce27b01fcc3c)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DoublePulsar Cyber Toufan](/references/2fc1f6de-e01c-4225-bd29-8d547bf91e9e)]</sup>","group_attack_id":"G3048","group_id":"42a7c134-c574-430b-8105-bf7a00e742ae","name":"Cyber Toufan","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NVISO Labs November 13 2025](/references/f298523a-6f0e-4699-8dd2-cd1d6b48297c)]</sup>","group_attack_id":"G1052","group_id":"b436d32f-2667-5e00-a3d8-f58d2d5666d4","name":"Contagious Interview","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[NVISO Labs November 13 2025](/references/f298523a-6f0e-4699-8dd2-cd1d6b48297c)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has used [Tor](https://app.tidalcyber.com/software/8c70d85b-b06d-423c-8bab-ecff18f332d6) to communicate with targeted organizations.<sup>[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"MITRE"},{"description":"<sup>[[Salesforce November 22 2025](/references/dda44228-4820-414c-90c9-9865ac887249)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Secureworks GOLD IONIC April 2024](https://app.tidalcyber.com/references/e723e7b3-496f-5ab4-abaf-83859e7e912d)]</sup><sup>[[SOCRadar INC Ransom January 2024](https://app.tidalcyber.com/references/6c78b422-7d46-58a4-a403-421db0531147)]</sup><sup>[[SentinelOne INC Ransomware](https://app.tidalcyber.com/references/5f82878b-2258-5663-8694-efc3179c1849)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant No Easy Breach](https://app.tidalcyber.com/references/e7c49ce6-9c5d-483a-b476-8a48799df6fa)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Cybersecurity Advisory GRU Brute Force Campaign July 2021](https://app.tidalcyber.com/references/e70f0742-5f3e-4701-a46b-4a58c0281537)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA AA21-200A APT40 July 2021](https://app.tidalcyber.com/references/3a2dbd8b-54e3-406a-b77c-b6fae5541b6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Cyber Express KillSec June 26 2024](/references/9afb764a-84fb-4fea-b925-d7d36a24ac14)]</sup>","group_attack_id":"G3065","group_id":"0ed0c954-780d-46a7-a955-f1f4dc91f0ac","name":"KillSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog February 12 2025](/references/300bf6cb-582b-4e15-8cca-cb68c8856e6f)]</sup>","group_attack_id":"G3089","group_id":"785c4038-3c47-402c-93eb-9e4036a6366c","name":"Seashell Blizzard Subgroup","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA ALPHV Blackcat December 2023](/references/d28d64cf-b5db-4438-8c5c-907ce5f55f69)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bc93bfce-a68f-4f32-bd9d-82ca80bd867f","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"4614ca9b-fad2-4122-a1bb-484453d0e610","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"a200f7b5-227f-4fa1-8a8f-8feedd737b12","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"9c955368-b026-4cf9-9ba8-1e01edd142ef","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"506f37b0-6ea8-4849-b743-3d714cba45c6","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"5864fb8d-36c0-4563-a436-88603f8c7725","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"5ba02d7c-69b9-451c-b7b1-f48e468df149","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"e480b6e0-448f-4923-b47e-41204c7182f1","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"788c0253-9bd8-486c-ad52-2af6e0942392","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"4e5b949c-0574-4a65-9548-3d43aafcbfb2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"976ba673-92ec-4414-82f4-fad494033f4a","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"89a47daf-af81-4db3-9559-009ebe01084f","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"412be82c-f028-4c12-bf02-f6a729dfe01c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"99b870d1-abbb-443b-b65b-b5af40158ede","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"4bce135b-91ba-45ae-88f9-09e01f983a74","name":"Torisma","type":"malware","source":"MITRE","software_attack_id":"S0678","tidal_id":"43103023-7c74-59a2-8fab-e8bbd93c7b5b","created":"2022-02-01T16:21:13.097000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e7ab48d1-f705-4e69-812a-68e14d2a00f6","name":"touch","type":"tool","source":"Trellix TIG","software_attack_id":"S3455","tidal_id":"b6932f12-d411-5a9b-b975-997c156aae2d","created":"2025-04-11T15:06:51.436549Z","modified":"2025-04-11T15:06:51.436552Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"","group_attack_id":"G3005","group_id":"be7243cb-6031-4e2a-97d9-3522c002becd","name":"UNC5325","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"551bc0d3-3566-4857-87b2-fe45ae84661c","name":"TOUGHPROGRESS","type":"malware","source":"Tidal Cyber","software_attack_id":"S3491","tidal_id":"0444ca99-01c5-544c-8587-429d97b45806","created":"2025-06-03T14:14:46.967187Z","modified":"2025-06-03T14:14:46.967192Z","platforms":[{"id":"20fa180c-71f8-4b41-9d50-15771db15dbc","name":"Google Workspace"},{"id":"f424d1a0-ccb6-5616-8141-1c8a575d393b","name":"Office Suite"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud May 28 2025](/references/def3e3dd-8136-4714-a58f-ffbd00066dc0)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"bfd145b1-e5cd-4b30-820a-013112274d7b","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"33473774-b1fd-4e08-9355-8e7f08b5b30f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"2f95dff0-3e25-4b2d-9cee-8797ea58ec7c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0efb1883-2af3-43a6-abaf-26da8cca82bb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"77d3247c-e8b9-4a95-a764-4ea6d70422a9","name":"Tox","type":"tool","source":"Trellix TIG","software_attack_id":"S3390","tidal_id":"e0aaf9b7-69d3-5008-829d-00a1b658c182","created":"2025-04-11T15:06:34.846077Z","modified":"2025-04-11T15:06:34.846081Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"06f57bd1-4016-485e-b3e2-540e63bffbea","name":"tracerpt.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3907","tidal_id":"4c25ad44-af95-5fe2-80f1-11ddf2b18d72","created":"2026-01-14T13:31:33.430947Z","modified":"2026-01-14T13:31:33.430953Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 26 2025](/references/0d6e9bfe-9c6c-40ba-9d12-30273b559d13)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"039304db-712d-47d6-8742-6f8e9a87f37e","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"9a295647-d311-4045-99db-e62c4d9224c5","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b9c5b175-c784-4776-9fe3-a6c349e2f822","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"62ebde4b-4936-49f6-842b-8c0313ea26f5","name":"Tracker","type":"tool","source":"Tidal Cyber","software_attack_id":"S3363","tidal_id":"214b45d5-25da-5c6f-9908-9d4feebeae93","created":"2024-01-12T14:48:41.005349Z","modified":"2024-01-12T14:48:41.005353Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"02b85713-d721-4948-95a6-91a636ddc49a","name":"Tracker.exe","description":"<sup>[[LOLBAS Tracker](/references/f0e368f1-3347-41ef-91fb-995c3cb07707)]</sup>","source":"Tidal Cyber","associated_software_id":"5ad5e21b-789e-4b4e-92d3-377140d7274a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"55ddeac7-4be9-4ece-8816-f9ede613f74e","tag":"3c9b26cf-9bda-4feb-ab42-ef7865cc80fd"},{"id":"39a7b6d5-a2bd-41ca-b66b-6dd0f9523fe1","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"89e3b8bf-88ca-42bf-82b9-a862dbc5ecac","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7a6ae9f8-5f8b-4e94-8716-d8ee82027197","name":"TrailBlazer","type":"malware","source":"MITRE","software_attack_id":"S0682","tidal_id":"573c26ec-6191-5624-a026-681f46091c60","created":"2022-02-08T15:38:55.209000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike StellarParticle January 2022](https://app.tidalcyber.com/references/149c1446-d6a1-4a63-9420-def9272d6cb9)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"b96d9a3e-be57-402d-a3dd-0a04c3b135ad","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"6517296a-ec11-57c0-881c-6b62239ede92","name":"TRANSLATEXT","type":"malware","source":"MITRE","software_attack_id":"S1201","tidal_id":"6517296a-ec11-57c0-881c-6b62239ede92","created":"2025-04-22T20:46:57.699713Z","modified":"2025-04-22T20:46:57.699717Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Zscaler Kimsuky TRANSLATEXT](https://app.tidalcyber.com/references/7ee5dc4e-1c53-5f12-806d-37b290c6f569)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"57ec0efd-16c0-5e73-bb83-0fcf119b5fbb","name":"Triada","type":"malware","source":"Mobile","software_attack_id":"S0424","tidal_id":"57ec0efd-16c0-5e73-bb83-0fcf119b5fbb","created":"2026-01-28T13:08:09.939156Z","modified":"2026-01-28T13:08:09.939157Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d7d0a2dc-ae99-557f-b6ce-c1a92ef41825","name":"TriangleDB","type":"malware","source":"Mobile","software_attack_id":"S1216","tidal_id":"d7d0a2dc-ae99-557f-b6ce-c1a92ef41825","created":"2026-01-28T13:08:09.937601Z","modified":"2026-01-28T13:08:09.937603Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"c2bd4213-fc7b-474f-b5a0-28145b07c51d","name":"TrickBot","type":"malware","source":"MITRE","software_attack_id":"S0266","tidal_id":"68210e70-1e4f-5138-9a3f-2e5e2e43bc66","created":"2018-10-17T00:14:20.652000Z","modified":"2021-10-01T14:19:20.660000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fd5c3f7d-a11a-405f-bac5-fb4017edef1b","name":"Totbrick","description":"<sup>[[Trend Micro Totbrick Oct 2016](https://app.tidalcyber.com/references/d6419764-f203-4089-8b38-860c442238e7)]</sup> <sup>[[Microsoft Totbrick Oct 2017](https://app.tidalcyber.com/references/3abe861b-0e3b-458a-98cf-38450058b4a5)]</sup>","source":"MITRE","associated_software_id":"aabae1a3-d831-46f4-a65f-ab31f03fd687","owner_id":null,"owner_name":null},{"id":"5ff9588f-51e1-4e65-957b-d7331a1e8e1b","name":"TSPY_TRICKLOAD","description":"<sup>[[Trend Micro Totbrick Oct 2016](https://app.tidalcyber.com/references/d6419764-f203-4089-8b38-860c442238e7)]</sup>","source":"MITRE","associated_software_id":"4a8dc24e-e942-46f3-8026-91c1ed059bbb","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Proofpoint TA505 Sep 2017](https://app.tidalcyber.com/references/c1fff36f-802b-4436-abce-7f2787c148db)]</sup><sup>[[IBM TA505 April 2020](https://app.tidalcyber.com/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Mandiant FIN12 Group Profile October 07 2021](/references/7af84b3d-bbd6-449f-b29b-2f14591c9f05)]</sup>","group_attack_id":"G3005","group_id":"6d6ed42c-760c-4964-a81e-1d4df06a8800","name":"FIN12","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike Grim Spider May 2019](https://app.tidalcyber.com/references/103f2b78-81ed-4096-a67a-dedaffd67e9b)]</sup><sup>[[DHS/CISA Ransomware Targeting Healthcare October 2020](https://app.tidalcyber.com/references/984e86e6-32e4-493c-8172-3d29de4720cc)]</sup><sup>[[Sophos New Ryuk Attack October 2020](https://app.tidalcyber.com/references/bfc6f6fe-b504-4b99-a7c0-1efba08ac14e)]</sup><sup>[[CrowdStrike Wizard Spider October 2020](https://app.tidalcyber.com/references/5c8d67ea-63bc-4765-b6f6-49fa5210abe6)]</sup><sup>[[Mandiant FIN12 Oct 2021](https://app.tidalcyber.com/references/4514d7cc-b999-5711-a398-d90e5d3570f2)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup>","group_attack_id":"G0102","group_id":"0b431229-036f-4157-a1da-ff16dfc095f8","name":"Wizard Spider","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"62254dfe-79c5-476b-bfed-ab28b8bf767e","tag":"4db38a31-4d06-4f96-8cf0-b4f4ac3a6e48"},{"id":"1b2dbd6c-73c1-4f18-8d27-6c58f9d58058","tag":"c4b34e5f-79a2-4645-9e58-3b20a1ac93b6"},{"id":"34eca458-6ee8-47b6-8f47-f1eb3c63edc1","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"9f521ab1-889c-5114-9752-98470fc4df7f","name":"TrickMo","type":"malware","source":"Mobile","software_attack_id":"S0427","tidal_id":"9f521ab1-889c-5114-9752-98470fc4df7f","created":"2026-01-28T13:08:09.937696Z","modified":"2026-01-28T13:08:09.937697Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2dd4b5ca-e7a6-5f69-a986-196c45a72498","name":"Triton","type":"malware","source":"ICS","software_attack_id":"S1009","tidal_id":"2dd4b5ca-e7a6-5f69-a986-196c45a72498","created":"2026-01-28T13:08:18.118929Z","modified":"2026-01-28T13:08:18.118931Z","platforms":[],"associated_software":[{"id":"4813ab95-02ae-429f-8583-9af6408b1b79","name":"TRISIS","description":"","source":"ICS","associated_software_id":"df948983-9805-58e7-9f16-86e0a7a14d7a","owner_id":null,"owner_name":null},{"id":"dbee4420-e118-4101-8f16-49ff91603a8c","name":"HatMan","description":"","source":"ICS","associated_software_id":"0d703988-1766-58b1-8051-2582ef2ca928","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Dragos Xenotime 2018](https://app.tidalcyber.com/references/b20fe65f-df43-4a59-af3f-43afafba15ab)]</sup>","group_attack_id":"G0088","group_id":"3a54b8dc-a231-4db8-96da-1c0c1aa396f6","name":"TEMP.Veles","owner_id":null,"owner_name":null,"source":"ICS"}],"tags":[],"owner_name":null},{"id":"b88c4891-40da-4832-ba42-6c6acd455bd1","name":"Trojan.Karagany","type":"malware","source":"MITRE","software_attack_id":"S0094","tidal_id":"4c81565d-a01d-518e-8e58-28d67cabb5f6","created":"2017-05-31T21:33:00.176000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b63763ce-e59e-49ef-891c-0eef6d0cbb46","name":"Karagany","description":"<sup>[[Secureworks Karagany July 2019](https://app.tidalcyber.com/references/61c05edf-24aa-4399-8cdf-01d27f6595a1)]</sup>","source":"MITRE","associated_software_id":"0ef3a4a1-cad0-45da-9eea-70f85cd888af","owner_id":null,"owner_name":null},{"id":"25984079-3d11-4cee-ad8c-af969f8552a8","name":"xFrost","description":"<sup>[[Secureworks Karagany July 2019](https://app.tidalcyber.com/references/61c05edf-24aa-4399-8cdf-01d27f6595a1)]</sup>","source":"MITRE","associated_software_id":"e8b885ae-4bf3-42c0-8b9e-a410c08eb441","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Symantec Dragonfly](https://app.tidalcyber.com/references/9514c5cd-2ed6-4dbf-aa9e-1c425e969226)]</sup><sup>[[Secureworks Karagany July 2019](https://app.tidalcyber.com/references/61c05edf-24aa-4399-8cdf-01d27f6595a1)]</sup><sup>[[Gigamon Berserk Bear October 2021](https://app.tidalcyber.com/references/06b6cbe3-8e35-4594-b36f-76b503c11520)]</sup>","group_attack_id":"G0035","group_id":"472080b0-e3d4-4546-9272-c4359fe856e1","name":"Dragonfly","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f8a4213d-633b-4e3d-8e59-a769e852b93b","name":"Trojan.Mebromi","type":"malware","source":"MITRE","software_attack_id":"S0001","tidal_id":"84a9e369-2b4c-56af-a5d9-4430e4efa740","created":"2017-05-31T21:32:11.148000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8aaae15d-a4ec-51ee-9a74-e33bbcb95b5c","name":"Trojan-SMS.AndroidOS.Agent.ao","type":"malware","source":"Mobile","software_attack_id":"S0307","tidal_id":"8aaae15d-a4ec-51ee-9a74-e33bbcb95b5c","created":"2026-01-28T13:08:09.938614Z","modified":"2026-01-28T13:08:09.938615Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"f96fcb04-ca6e-5e27-b129-2b66306b6f4a","name":"Trojan-SMS.AndroidOS.FakeInst.a","type":"malware","source":"Mobile","software_attack_id":"S0306","tidal_id":"f96fcb04-ca6e-5e27-b129-2b66306b6f4a","created":"2026-01-28T13:08:09.937803Z","modified":"2026-01-28T13:08:09.937805Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"48eb15bd-c90d-57b7-b19b-5b39f527bee4","name":"Trojan-SMS.AndroidOS.OpFake.a","type":"malware","source":"Mobile","software_attack_id":"S0308","tidal_id":"48eb15bd-c90d-57b7-b19b-5b39f527bee4","created":"2026-01-28T13:08:09.939019Z","modified":"2026-01-28T13:08:09.939020Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"9d4c38dc-6549-5bde-9ce4-a54ae8ca596e","name":"Troll Stealer","type":"malware","source":"MITRE","software_attack_id":"S1196","tidal_id":"9d4c38dc-6549-5bde-9ce4-a54ae8ca596e","created":"2025-04-22T20:47:01.143235Z","modified":"2025-04-22T20:47:01.143240Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Troll Stealer](https://app.tidalcyber.com/software/9d4c38dc-6549-5bde-9ce4-a54ae8ca596e) is exclusively linked to [Kimsuky](https://app.tidalcyber.com/groups/37f317d8-02f0-43d4-8a7d-7a65ce8aadf1) operations.<sup>[[S2W Troll Stealer 2024](https://app.tidalcyber.com/references/5fbb0dcb-c882-597f-ade8-4b8afb8b55a8)]</sup><sup>[[Symantec Troll Stealer 2024](https://app.tidalcyber.com/references/ebb98b4b-062a-5b48-8318-e5f1244f907c)]</sup><sup>[[ASEC Troll Stealer 2024](https://app.tidalcyber.com/references/6c4b92ae-93d4-5851-9cbb-c98e6603b870)]</sup>","group_attack_id":"G0094","group_id":"37f317d8-02f0-43d4-8a7d-7a65ce8aadf1","name":"Kimsuky","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"f037a25b-5f66-4d0f-9490-6a2d74febf89","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"669f8b7a-2404-47ab-843d-e63431faafec","name":"Truebot","type":"malware","source":"Tidal Cyber","software_attack_id":"S3005","tidal_id":"c0aa9c93-2d13-5cd9-9847-5902ef64a18b","created":"2023-07-14T12:56:37.078111Z","modified":"2023-07-14T12:56:37.078116Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cb17c165-c322-4d9b-a9ca-4e154db499ff","name":"Silence","description":"<sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","source":"Tidal Cyber","associated_software_id":"ba587d52-2ee7-4539-9499-aa9338b8c7f9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"550ffac8-104c-4089-8800-dcae577e5cad","name":"TRUECORE","description":"<sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","source":"Tidal Cyber","associated_software_id":"7393cb6b-37a3-4f15-8a03-416b14711c2a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Threat Intelligence Tweet April 26 2023](/references/3b5a2349-e10c-422b-91e3-20e9033fdb60)]</sup><sup>[[The DFIR Report Truebot June 12 2023](/references/a6311a66-bb36-4cad-a98f-2b0b89aafa3d)]</sup>","group_attack_id":"G3011","group_id":"ecdbd431-d62b-4b30-8663-b1ecb4304ec0","name":"FIN11","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA CL0P CVE-2023-34362 Exploitation](/references/07e48ca8-b965-4234-b04a-dfad45d58b22)]</sup><sup>[[Cisco Talos Blog December 08 2022](/references/bcf92374-48a3-480f-a679-9fd34b67bcdd)]</sup>","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA PaperCut May 2023](/references/b5ef2b97-7cc7-470b-ae97-a45dc4af32a6)]</sup>","group_attack_id":"G3010","group_id":"393da13e-016c-41a3-9d89-b33173adecbf","name":"Bl00dy Ransomware Gang","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"b7644853-5e0e-4aff-a345-52fd86080f08","tag":"4e00b987-cd79-4b6a-9afe-c3b291ee2938"},{"id":"113a7e36-16e6-47ce-a9bd-2d236bbd5ebc","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"637a4a9b-4b15-468d-9a84-791585d6ce09","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"0f485fe0-fd86-48b7-8099-6c9bad205bdc","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"78803ec4-a76c-4b95-92ac-f9eff567790b","tag":"992bdd33-4a47-495d-883a-58010a2f0efb"},{"id":"c0813ed1-2858-4b68-ab5a-31b049fd1cc8","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"6c6f70ab-191d-4806-ba78-cfaf1721a120","name":"TrueSightKiller","type":"tool","source":"Trellix TIG","software_attack_id":"S3420","tidal_id":"ca3719bf-9d53-5f2c-9176-bec8b2a2167d","created":"2025-04-11T15:06:44.714090Z","modified":"2025-04-11T15:06:44.714093Z","platforms":[],"associated_software":[{"id":"3999fd4c-c41f-4fd7-aaa6-042053219af0","name":"TrueSightKiller.exe","description":"","source":"Trellix TIG","associated_software_id":"0c4aa736-7d8e-43b3-8e59-bda8f9b9ac80","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"c3eeeff3-260c-42f1-9c16-4ed643124b8f","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"}],"owner_name":"TidalCyberIan"},{"id":"ab5ec8fa-b9dd-4508-a3b7-fdee7d4f4b45","name":"TruffleHog","type":"tool","source":"Tidal Cyber","software_attack_id":"S3555","tidal_id":"c863c3d7-0fc5-5efe-a11b-d734a62fdb20","created":"2025-09-19T19:48:16.806416Z","modified":"2025-09-19T19:48:16.806420Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Rapid7 October 07 2025](/references/4f936a29-51e4-4a28-b078-1a886284870f)]</sup>","group_attack_id":"G3135","group_id":"d49b5a8e-4312-4e5c-b92b-a6ded9ae486c","name":"Crimson Collective","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"38c72da9-7a02-4cf1-a033-1b5260c08b96","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c1d9f2a9-cc42-42ac-b21b-d94feb6060ab","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"5b093e32-c08a-476a-b6f4-ecd74e3a2f18","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"9ecdb47d-2839-418a-bb76-0da09bc5611a","tag":"dcd6d78a-50e9-4fbd-a36a-06fbe6b7b40c"},{"id":"fa3aae31-68a7-4194-82ec-4392b05ad6d4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2aa5d8fe-2742-4c61-8798-349d6aff276a","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"477fbcd3-ac26-49bb-b68e-9f52dc953ae4","name":"TRUSTTRAP","type":"malware","source":"Tidal Cyber","software_attack_id":"S3646","tidal_id":"aeed99fd-bb48-5288-b909-5750b03ab872","created":"2025-11-19T17:45:41.319629Z","modified":"2025-11-19T17:45:41.319632Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"be0e5e16-d741-48ed-80b3-f3f0d7141888","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"06e0a9c8-83c8-499f-82d2-791457d61372","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"50844dba-8999-42ba-ba29-511e3faf4bc3","name":"Truvasys","type":"malware","source":"MITRE","software_attack_id":"S0178","tidal_id":"50216354-23f1-51c2-9263-d57ac59cae26","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft NEODYMIUM Dec 2016](https://app.tidalcyber.com/references/87c9f8e4-f8d1-4f19-86ca-6fd18a33890b)]</sup><sup>[[Microsoft SIR Vol 21](https://app.tidalcyber.com/references/619b9cf8-7201-45de-9c36-834ccee356a9)]</sup>","group_attack_id":"G0056","group_id":"cc798766-8662-4b55-8536-6d057fbc58f0","name":"PROMETHIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"9872ab5a-c76e-4404-91f9-5b745722443b","name":"TSCookie","type":"malware","source":"MITRE","software_attack_id":"S0436","tidal_id":"31aa7efc-b4b8-5dc3-92e5-d8608a824810","created":"2020-05-06T15:43:49.556000Z","modified":"2022-04-15T11:32:25.171000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[JPCert TSCookie March 2018](https://app.tidalcyber.com/references/ff1717f7-0d2e-4947-87d7-44576affe9f8)]</sup>","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"57f9458f-4dad-411e-9971-8e3e166f173b","name":"TShark","type":"tool","source":"Tidal Cyber","software_attack_id":"S3109","tidal_id":"17fd42de-7c2c-5ab3-8fe4-ed303c3965d0","created":"2024-03-01T20:23:48.770893Z","modified":"2024-03-01T20:23:48.770898Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"56768f37-1968-4846-ab84-5976ab22249a","tag":"e1be4b53-7524-4e88-bf6d-358cfdf96772"},{"id":"2b3754d2-7e9c-4eae-8d27-31c3cc981bd9","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"319a553e-0085-4c8e-afad-f7ef63528267","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e5d73b67-87ee-42fc-9ff1-82abe5c6515b","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"2f6d4ed5-efb1-49e7-a9f9-f22b370c0453","name":"Tsunami Payload","type":"malware","source":"Tidal Cyber","software_attack_id":"S3630","tidal_id":"cdc27b87-7aeb-5c25-957b-36a6aeb8c777","created":"2025-11-19T17:45:38.940595Z","modified":"2025-11-19T17:45:38.940598Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"8bca5616-2350-4078-87b1-88af512abd28","name":"TsunamiInstaller","description":"<sup>[[NVISO Labs November 13 2025](/references/f298523a-6f0e-4699-8dd2-cd1d6b48297c)]</sup>","source":"USER","associated_software_id":"7406eb3a-ed7b-4a73-a818-963b8e9d971d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[NVISO Labs November 13 2025](/references/f298523a-6f0e-4699-8dd2-cd1d6b48297c)]</sup>","group_attack_id":"G3102","group_id":"73001b5e-fcc5-4902-8c98-a1d5a0e3c2c2","name":"Famous Chollima","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[NVISO Labs November 13 2025](/references/f298523a-6f0e-4699-8dd2-cd1d6b48297c)]</sup>","group_attack_id":"G1052","group_id":"b436d32f-2667-5e00-a3d8-f58d2d5666d4","name":"Contagious Interview","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f5cd9d8f-2c21-433e-9e0a-b2894df34032","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"61b4a4b9-144c-45bc-b44d-185ab0b146f7","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7bd9859e-4260-4c86-903b-1f8bcf658da1","name":"Ttdinject","type":"tool","source":"Tidal Cyber","software_attack_id":"S3289","tidal_id":"fb45d393-8328-56dc-857c-bb95824dc390","created":"2024-01-12T14:48:13.434350Z","modified":"2024-01-12T14:48:13.434355Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cd67cca2-9310-4b73-943d-06a57297ad34","name":"Ttdinject.exe","description":"<sup>[[Ttdinject.exe - LOLBAS Project](/references/3146c9c9-9836-4ce5-afe6-ef8f7b4a7b9d)]</sup>","source":"Tidal Cyber","associated_software_id":"05cf2d78-08e4-4a20-ae82-64ff4a3c9c33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a8b9c13a-4894-44a4-a646-b7e7e0238183","tag":"fc67aea7-f207-4cf5-8413-e33c76538cf6"},{"id":"d35027b2-8338-4ab7-8998-2d27abe447a4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"c541cc0e-a883-4110-81df-1dee5e9ae827","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ab06ccb0-21c7-4d84-99ff-3349ce476910","name":"Tttracer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3290","tidal_id":"4c3632bb-97c0-5932-a3e5-f3705020aa86","created":"2024-01-12T14:48:13.852113Z","modified":"2024-01-12T14:48:13.852116Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3a6e4af2-0bde-43e5-9eb4-c1e867091be6","name":"Tttracer.exe","description":"<sup>[[Tttracer.exe - LOLBAS Project](/references/7c88a77e-034e-4847-8bd7-1be3a684a158)]</sup>","source":"Tidal Cyber","associated_software_id":"148072af-ae62-419f-9c3a-3b9dc4c25a24","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"7223d20d-d98e-4942-bdb9-a2890d29807c","tag":"3c4e3160-4e82-49ce-b6a3-17879dd4b83c"},{"id":"5d7fe50b-53ce-45fa-b69a-bceffd53d0ba","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f4161db7-1ccb-4a85-912c-171a746d6bb0","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"571a45a7-68c9-452c-99bf-1d5b5fdd08b3","name":"Turian","type":"malware","source":"MITRE","software_attack_id":"S0647","tidal_id":"3d6a3f47-938d-55a1-839d-b4d6f850a6fa","created":"2021-09-21T15:21:31.795000Z","modified":"2021-10-18T13:19:48.020000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[ESET BackdoorDiplomacy Jun 2021](https://app.tidalcyber.com/references/127d4b10-8d61-4bdf-b5b9-7d86bbc065b6)]</sup>","group_attack_id":"G0135","group_id":"e5b0da2b-12bc-4113-9459-9c51329c9ae0","name":"BackdoorDiplomacy","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Envoy Panda Profile](/references/44879a86-9eda-4934-bfc4-cbc643ab113a)]</sup>","group_attack_id":"G3086","group_id":"ff71ddce-9e70-4aeb-b7df-9d1637be72bc","name":"ENVOY PANDA","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":null},{"id":"c7f10715-cf13-4360-8511-aa3f93dd7688","name":"TURNEDUP","type":"malware","source":"MITRE","software_attack_id":"S0199","tidal_id":"f2eb151b-5bb1-5665-9812-29f5d64cad67","created":"2018-04-18T17:59:24.739000Z","modified":"2021-02-09T15:25:33.116000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT33 Sept 2017](https://app.tidalcyber.com/references/70610469-db0d-45ab-a790-6e56309a39ec)]</sup><sup>[[FireEye APT33 Webinar Sept 2017](https://app.tidalcyber.com/references/9b378592-5737-403d-8a07-27077f5b2d61)]</sup><sup>[[Symantec Elfin Mar 2019](https://app.tidalcyber.com/references/55671ede-f309-4924-a1b4-3d597517b27e)]</sup>","group_attack_id":"G0064","group_id":"99bbbe25-45af-492f-a7ff-7cbc57828bac","name":"APT33","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2a0a9fc7-3464-45b7-9626-bf68e563e97f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"aca2c688-0551-5f5f-b6cd-4c7fe395c463","name":"Twitoor","type":"malware","source":"Mobile","software_attack_id":"S0302","tidal_id":"aca2c688-0551-5f5f-b6cd-4c7fe395c463","created":"2026-01-28T13:08:09.938086Z","modified":"2026-01-28T13:08:09.938088Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"49a112bf-8df2-4a45-91a1-f715b939e001","name":"Twitter X Video Downloader (malicious variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3891","tidal_id":"5f87651c-761f-58b6-a285-b5e735c4b478","created":"2026-01-06T18:05:09.094936Z","modified":"2026-01-06T18:05:09.094940Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.koi.ai January 05 2026](/references/5da3facd-7bd9-4a02-843a-ad4b3fa273d7)]</sup>","group_attack_id":"G3190","group_id":"d2ed88a2-5514-4336-bda7-770dbe4fd451","name":"DarkSpectre","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4312350b-db78-4e0e-8e8c-96c120c4aa77","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"e41d85b0-62da-43e4-a074-807f07efeae2","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"02e200ef-5a06-469c-8f11-7822915b9422","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e5a1d6ce-a9c9-490c-94f2-d68ddbac50a5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"3dab536e-0e43-40af-a6c2-29062caa3b7a","name":"TWOSTROKE","type":"malware","source":"Tidal Cyber","software_attack_id":"S3647","tidal_id":"d3c31bcf-9ff9-5b9b-9368-a14d7e1236f3","created":"2025-11-19T17:45:41.467498Z","modified":"2025-11-19T17:45:41.467501Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"352df906-cf0c-431c-903d-ff6d0bc08df2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7fd94e7c-1c2f-4360-9e30-3758b578dce0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"30f266e3-4645-46a4-916b-c89865b3514b","name":"Tycoon2FA","type":"malware","source":"Tidal Cyber","software_attack_id":"S3910","tidal_id":"299d4bbf-0f73-5410-b45f-852c7acb0cb9","created":"2026-01-14T13:31:33.939407Z","modified":"2026-01-14T13:31:33.939412Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"},{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog January 06 2026](/references/eefa02e0-af27-49df-af14-16c4d4f867d3)]</sup>","group_attack_id":"G3198","group_id":"8c4e55cf-5355-4dc2-9d4f-10891c6e27f9","name":"Storm-1747","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"55d7f091-b3c7-47f2-a364-d580644b88b4","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"a6102b68-5691-4dd0-8228-170fe3ab9144","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"a0c36a22-0a5c-4681-97c7-31f502d28cff","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"28909157-4280-4ef1-b55b-ff71ed811fd8","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6c93d3c4-cae5-48a9-948d-bc5264230316","name":"TYPEFRAME","type":"malware","source":"MITRE","software_attack_id":"S0263","tidal_id":"1ad2825e-2c8b-55ee-92a6-4bdb0319c738","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT TYPEFRAME June 2018](https://app.tidalcyber.com/references/b89f20ad-39c4-480f-b02e-20f4e71f6b95)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"e554df78-1d28-4838-8d7b-6e17cf6c919f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"5788edee-d1b7-4406-9122-bee596362236","name":"UACMe","type":"tool","source":"MITRE","software_attack_id":"S0116","tidal_id":"8451f8c9-4af2-5bf9-b685-23fcceb74b40","created":"2017-05-31T21:33:09.047000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"0b07a32e-b4b3-4601-a134-76440aea0870","tag":"8450b5c7-acf1-41df-afc2-5c20e12436c0"},{"id":"590e81f0-1289-4a57-b1fb-0c2b415133d2","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"725c383f-f623-4ec7-84a7-519718eb9d6e","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"}],"owner_name":null},{"id":"5214ae01-ccd5-4e97-8f9c-14eb16e75544","name":"UBoatRAT","type":"malware","source":"MITRE","software_attack_id":"S0333","tidal_id":"cf20eecc-1805-54de-82a3-1f142f964476","created":"2019-01-29T19:09:26.355000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"38ba3e36-46a5-4e9c-8f91-d78e410bfa9b","name":"UDPGangster","type":"malware","source":"Tidal Cyber","software_attack_id":"S3734","tidal_id":"88a58a77-c7ad-5e85-9a05-7e23ef21dde3","created":"2025-12-10T14:15:03.737192Z","modified":"2025-12-10T14:15:03.737196Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Fortinet Blog December 04 2025](/references/f7eeed3f-485b-4130-a10b-e19045e97a2d)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"17f3ecee-2229-415b-89da-9d1af8cc428d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6e93a870-da07-4621-9a3e-4a4b1c4d2d71","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"32e04368-0572-4908-9307-6a4802e0dae3","name":"UevAppMonitor.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3826","tidal_id":"45b9fc6a-945d-5e54-9c3f-adc8b882d6a8","created":"2025-12-24T14:57:30.698260Z","modified":"2025-12-24T14:57:30.698263Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 18 2025](/references/5a6246f8-c78e-404e-9f77-eaa8639114d3)]</sup>","group_attack_id":"G3183","group_id":"963b6cb8-f99f-4d3e-b3e3-c02cdebf733a","name":"LongNosedGoblin","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"125017bf-3032-409d-ab5d-4ebe3089aaed","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"5f09d389-5d39-4352-a57a-159ea784ab8c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"dfe72914-dc07-43bb-843a-1d6f24044be6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"227c12df-8126-4e79-b9bd-0e4633fa12fa","name":"Umbreon","type":"malware","source":"MITRE","software_attack_id":"S0221","tidal_id":"e832c7b0-490d-54d9-876f-6e0faf32e9a4","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"8f7fd280-2a0c-4820-a51b-da2c68278766","name":"uname","type":"tool","source":"Trellix TIG","software_attack_id":"S3392","tidal_id":"6da60714-3b4a-5a8d-898e-0d2692c4f95c","created":"2025-04-11T15:06:35.012923Z","modified":"2025-04-11T15:06:35.012927Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"4504fe05-daef-4eed-a047-b1f4134e6734","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d876bb61-3122-44e7-ace4-f473a7b30f58","name":"Universal Virus Sniffer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3116","tidal_id":"f7782d1e-79b5-597d-9ead-6d3a84b98dc3","created":"2024-03-07T21:01:08.407392Z","modified":"2024-03-07T21:01:08.407396Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4428d95a-3620-47b8-bdce-a54c80a41195","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"bf5a081a-0f76-4c6e-b0b6-96d98ddeaded","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"321d9b6e-e27f-4518-8774-25ad074ff1fd","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"1c3c66c7-52c7-4f5a-bbd5-d0b7dafad49d","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"adbcb07a-726c-4eb6-aa03-ad0b723fb442","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"feac7621-2962-402c-8b3c-b7f0d70542d8","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"e6e4d028-db28-46de-aff5-eea809a6020e","name":"Unknown IE Exploit","type":"malware","source":"Tidal Cyber","software_attack_id":"S3955","tidal_id":"9c74f015-7f0f-51d7-98d8-55f6e59017e8","created":"2026-01-23T20:31:07.830168Z","modified":"2026-01-23T20:31:07.830174Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Roar Media Archive February 26 2021](/references/d5307024-13fb-43ce-9c90-0957c77c50ee)]</sup>","group_attack_id":"G3208","group_id":"6aab63be-425e-474c-9fdd-3a8fab890c5e","name":"Unknown Sri Lanka Hacktivist Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"1d2c9118-77fe-4121-913a-70517afab804","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"6b07e700-bacd-4f7f-9521-c21da77c49b8","tag":"0c358281-3438-4fe3-8bb6-d215f208d53d"},{"id":"870478ad-aea7-4109-b1a6-b0e662d7e43b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"52a12072-c665-456f-8565-b6d9c75ce99b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"846b3762-3949-4501-b781-6dca22db088f","name":"Unknown Logger","type":"malware","source":"MITRE","software_attack_id":"S0130","tidal_id":"ea519615-dfd4-5bd5-a9f6-042dbe667811","created":"2017-05-31T21:33:15.020000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Forcepoint Monsoon](https://app.tidalcyber.com/references/ea64a3a5-a248-44bb-98cd-f7e3d4c23d4e)]</sup>","group_attack_id":"G0040","group_id":"32385eba-7bbf-439e-acf2-83040e97165a","name":"Patchwork","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"456fb5b3-76e5-47f4-b964-09d68adb889e","name":"Unregmp2","type":"tool","source":"Tidal Cyber","software_attack_id":"S3291","tidal_id":"7016a7d2-7a75-51f1-8e29-cd15c3f7c6f7","created":"2024-01-12T14:48:14.211061Z","modified":"2024-01-12T14:48:14.211065Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0ea54431-cad2-4f16-939c-d7c5c046fcf9","name":"Unregmp2.exe","description":"<sup>[[Unregmp2.exe - LOLBAS Project](/references/9ad11187-bf91-4205-98c7-c7b981e4ab6f)]</sup>","source":"Tidal Cyber","associated_software_id":"824e7a25-83a0-4037-b0b5-af5fa1ed299a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"9d079d92-7f15-4461-ab55-99d9f0d2dbb2","tag":"40f11d0d-09f2-4bd1-bc79-1430464a52a7"},{"id":"882791c7-3aa3-4403-8321-05684a8ba244","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"7a13cafc-f240-462d-88db-bcfcb613d0ab","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"487d4c42-12ee-4c90-b284-cca04dadb951","name":"Update","type":"tool","source":"Tidal Cyber","software_attack_id":"S3364","tidal_id":"056aac4f-9baf-554a-9507-2babdddac2bb","created":"2024-01-12T14:48:41.364562Z","modified":"2024-01-12T14:48:41.364566Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a6f0c9e1-738d-4643-84e9-54bf9b379c32","name":"Update.exe","description":"<sup>[[Update.exe - LOLBAS Project](/references/2c85d5e5-2cb2-4af7-8c33-8aaac3360706)]</sup>","source":"Tidal Cyber","associated_software_id":"c24db3d2-308c-4c4e-a6dd-58258013dc7e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"54a75ce9-292f-4a8f-9f6f-d7229031a0f6","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b42ecca4-7406-4d30-8967-ff20891448ff","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a5b315ed-9fe2-4ae4-9a77-8c0296aea3d9","name":"Uplo Exfiltrator","type":"malware","source":"Tidal Cyber","software_attack_id":"S3963","tidal_id":"9e5c1984-d4e1-517d-b678-fcb80f9fc762","created":"2026-01-23T20:31:08.985947Z","modified":"2026-01-23T20:31:08.985952Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 15 2025](/references/f0f1a57f-399c-48b8-a43b-fd911baf4471)]</sup>","group_attack_id":"G3209","group_id":"5706f0e7-ae41-47fd-9c3c-8fe47d53ba0d","name":"Mysterious Elephant","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2811b486-7902-446c-9e7e-451d247b82a2","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"578a83b2-2c57-4cfe-a66a-46f828bcfe4d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"fbd42620-4e81-4431-9e1d-96ae0288d5b5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a3c211f8-52aa-4bfd-8382-940f2194af28","name":"UPPERCUT","type":"malware","source":"MITRE","software_attack_id":"S0275","tidal_id":"f6a4ad56-b2da-58c3-aef5-2b0e2151f3fa","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5bdab850-14c7-42b5-a5f1-7a50221586c7","name":"ANEL","description":"<sup>[[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)]</sup>","source":"MITRE","associated_software_id":"d41b4a6c-7b79-494f-92e3-ea56db4cf988","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT10 Sept 2018](https://app.tidalcyber.com/references/5f122a27-2137-4016-a482-d04106187594)]</sup>","group_attack_id":"G0045","group_id":"fb93231d-2ae4-45da-9dea-4c372a11f322","name":"menuPass","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ESET MirrorFace March 18 2025](/references/d8f4d661-ad8a-451d-9799-afe36e200bb3)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"d4f729ef-bddc-4c72-911b-00cc124ce139","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"ce0e1ace-5cd7-55ab-848d-9cd449c7b02c","name":"UPSTYLE","type":"malware","source":"MITRE","software_attack_id":"S1164","tidal_id":"ce0e1ace-5cd7-55ab-848d-9cd449c7b02c","created":"2025-04-22T20:46:56.759938Z","modified":"2025-04-22T20:46:56.759941Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"222b10cb-4c04-476d-a4b1-10f611b6062c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"10405d32-26a6-419b-9dde-4ac337bfe2f4","name":"UPX","type":"tool","source":"Tidal Cyber","software_attack_id":"S3410","tidal_id":"ec3db898-5c79-5b31-868e-8d09f3724a62","created":"2024-11-25T18:01:19.823275Z","modified":"2024-11-25T18:01:19.823280Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0a1cb3ff-f158-40c6-bc4e-683e4d7ed553","name":"Ultimate Packer for eXecutables","description":"","source":"Tidal Cyber","associated_software_id":"63b1d133-2db2-4098-a358-1c71bf0ca248","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","group_attack_id":"G3211","group_id":"41d6d175-2f69-45e6-9663-9ff0cf8649e3","name":"Cloak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[NCC Group SafePay March 10 2025](/references/5d63bb19-02d7-47b2-a120-9601ba09d99e)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA BianLian Ransomware May 2023](/references/aa52e826-f292-41f6-985d-0282230c8948)]</sup>","group_attack_id":"G3002","group_id":"a2add2a0-2b54-4623-a380-a9ad91f1f2dd","name":"BianLian Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8a0a9e9b-72ea-446a-b894-dee54076f456","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"5868955b-e04e-4256-b969-2d3aa161470e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"b542d487-bbf9-4a69-9c1d-403ca2fa2414","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e974f698-1288-4b67-b31b-6a4ea96bd571","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c094b8f7-b81b-4db4-81ce-0593dd5de766","tag":"166581ec-09a6-40b2-abfb-c3f5c733f89f"},{"id":"aeb6c961-00d3-4262-87ff-a4df4fa78be3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"96e24cc0-f1ce-4595-90c4-5a4976394db8","name":"Url","type":"tool","source":"Tidal Cyber","software_attack_id":"S3321","tidal_id":"80b377c5-b0ff-5673-b725-36295c72a27b","created":"2024-01-12T14:48:25.530144Z","modified":"2024-01-12T14:48:25.530148Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"def4064a-304e-4e84-8456-51fe980ba1f2","name":"Url.dll","description":"<sup>[[Url.dll - LOLBAS Project](/references/0c88fb72-6be5-4a01-af1c-553650779253)]</sup>","source":"Tidal Cyber","associated_software_id":"274b601e-bc26-45b5-9532-3eca488c2c4a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"08ddf9a9-7a55-4d13-b9e2-1537506f7c08","tag":"34505028-b7d8-4da4-8dee-9926f3dbd37a"},{"id":"1b39329d-d1d2-4997-a58c-c8e70aeace5a","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2c7c8bb4-9c7d-4eb4-bacd-30a89559088a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"89ffc27c-b81f-473a-87d6-907cacdce61c","name":"Uroburos","type":"malware","source":"MITRE","software_attack_id":"S0022","tidal_id":"5ea01fc1-ec1f-5e47-bb11-0433a7fede7a","created":"2017-05-31T21:32:19.029000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"68853d9e-2716-56bd-8074-b68e83dbb9db","name":"Snake","description":"<sup>[[Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023](https://app.tidalcyber.com/references/1931b80a-effb-59ec-acae-c0f17efb8cad)]</sup>","source":"MITRE","associated_software_id":"d2f34441-00b4-41a5-aa43-17428b0fea39","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Kaspersky Turla](https://app.tidalcyber.com/references/535e9f1a-f89e-4766-a290-c5b8100968f8)]</sup><sup>[[Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023](https://app.tidalcyber.com/references/1931b80a-effb-59ec-acae-c0f17efb8cad)]</sup>","group_attack_id":"G0010","group_id":"47ae4fb1-fc61-4e8e-9310-66dda706e1a2","name":"Turla","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"755b5158-489e-4185-a407-cf350c5c8483","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"}],"owner_name":null},{"id":"3e501609-87e4-4c47-bd88-5054be0f1037","name":"Ursnif","type":"malware","source":"MITRE","software_attack_id":"S0386","tidal_id":"d8c4a438-4d4b-5ec1-b943-a84b3bced76a","created":"2019-06-04T18:42:22.552000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6c6518e9-f355-4c3f-9fd5-f5220fcd4c28","name":"Gozi-ISFB","description":"<sup>[[FireEye Ursnif Nov 2017](https://app.tidalcyber.com/references/32c0b9d2-9f31-4e49-8b3a-c63ff4fffa47)]</sup><sup>[[ProofPoint Ursnif Aug 2016](https://app.tidalcyber.com/references/4cef8c44-d440-4746-b3e8-c8e4d307273d)]</sup>","source":"MITRE","associated_software_id":"18c4205c-8e09-42cb-9caa-0c62560e1977","owner_id":null,"owner_name":null},{"id":"2e12363d-2d3b-4af7-87f3-d4ddf8b81be7","name":"Dreambot","description":"<sup>[[NJCCIC Ursnif Sept 2016](https://app.tidalcyber.com/references/d57a2efe-8c98-491e-aecd-e051241a1779)]</sup><sup>[[ProofPoint Ursnif Aug 2016](https://app.tidalcyber.com/references/4cef8c44-d440-4746-b3e8-c8e4d307273d)]</sup>","source":"MITRE","associated_software_id":"788feb5e-d8f2-4f2b-8796-dd66b230213b","owner_id":null,"owner_name":null},{"id":"ce0aa4eb-69c7-4f94-97ac-535bb9c6dc4d","name":"PE_URSNIF","description":"<sup>[[TrendMicro Ursnif Mar 2015](https://app.tidalcyber.com/references/d02287df-9d93-4cbe-8e59-8f4ef3debc65)]</sup>","source":"MITRE","associated_software_id":"0a7f6b16-335e-4e61-8c7d-75d08144eae4","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Cybereason Valak May 2020](https://app.tidalcyber.com/references/235d1cf1-2413-4620-96cf-083d348410c2)]</sup><sup>[[Unit 42 Valak July 2020](https://app.tidalcyber.com/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)]</sup><sup>[[Unit 42 TA551 Jan 2021](https://app.tidalcyber.com/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]</sup><sup>[[Secureworks GOLD CABIN](https://app.tidalcyber.com/references/778babec-e7d3-4341-9e33-aab361f2b98a)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3047","group_id":"1d751794-ce94-4936-bf45-4ab86d0e3b6e","name":"BlackSuit Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CISA Royal AA23-061A March 2023](/references/81baa61e-13c3-51e0-bf22-08383dbfb2a1)]</sup>","group_attack_id":"G3003","group_id":"86b97a39-49c3-431e-bcc8-f4e13dbfcdf5","name":"Royal Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Proofpoint Ransomware Initial Access June 2021](/references/3b0631ae-f589-4b7c-a00a-04dcd5f3a77b)]</sup>","group_attack_id":"G1037","group_id":"e1e72810-4661-54c7-b05e-859128fb327d","name":"TA577","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Proofpoint TA547 April 10 2024](/references/c1fab1dd-bec1-4637-9d50-8317247dc82b)]</sup>","group_attack_id":"G3059","group_id":"ac3426c4-6d7e-4e99-9546-266fb7fd8c44","name":"TA547","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"4d68445c-c815-4b80-8d7e-66e21da7263a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"3de710a4-03cf-4831-bc44-a3dc73919450","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"0403e846-6dfb-4fc4-880e-0598d5b2f390","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"26d93db8-dbc3-44b5-a393-2b219cef4f5b","name":"USBferry","type":"malware","source":"MITRE","software_attack_id":"S0452","tidal_id":"c3eba204-19a2-5fa9-8022-d213940a432d","created":"2020-05-20T19:54:06.476000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro Tropic Trooper May 2020](https://app.tidalcyber.com/references/4fbc1df0-f174-4461-817d-0baf6e947ba1)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"50eab018-8d52-46f5-8252-95942c2c0a89","name":"USBStealer","type":"malware","source":"MITRE","software_attack_id":"S0136","tidal_id":"b12d4ef4-41fc-5921-9f9c-d3ecfe8a903c","created":"2017-05-31T21:33:17.716000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a3064aee-d2e6-4c11-a0c3-e3e8588b436d","name":"USB Stealer","description":"","source":"MITRE","associated_software_id":"4f016c90-30ea-44b2-8c22-10d2fe2c6954","owner_id":null,"owner_name":null},{"id":"5efe4dbe-c07b-4038-9ca8-259b274cd0f9","name":"Win32/USBStealer","description":"","source":"MITRE","associated_software_id":"2fbb693a-533b-4afb-91da-7e62ce0b3840","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"ef4be4a2-b7e6-4e69-b39f-9f58a8e68143","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"50a57a6f-6597-42d1-b686-7003c631ddb0","name":"UtilityFunctions","type":"tool","source":"Tidal Cyber","software_attack_id":"S3383","tidal_id":"60fd13d3-6f00-5617-b113-cd08da3b3436","created":"2024-01-12T14:48:48.809824Z","modified":"2024-01-12T14:48:48.809828Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eb7bd1eb-baf2-4be4-8227-b7036140124e","name":"UtilityFunctions.ps1","description":"<sup>[[UtilityFunctions.ps1 - LOLBAS Project](/references/8f15755b-2e32-420e-8463-497e3f8d8cfd)]</sup>","source":"Tidal Cyber","associated_software_id":"8ef743a4-8788-4bb2-8274-499f4c4f9392","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4a9519a9-c5f6-435f-887b-1cdec54958b2","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"a7e94d44-4681-47d3-b76f-e91f473284c7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b149f12f-3cf4-4547-841d-c63b7677547d","name":"Valak","type":"malware","source":"MITRE","software_attack_id":"S0476","tidal_id":"8b9caa1d-852e-50a1-9b5f-9ce61b061a4a","created":"2020-06-19T17:11:54.854000Z","modified":"2020-11-23T19:00:25.745000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cybereason Valak May 2020](https://app.tidalcyber.com/references/235d1cf1-2413-4620-96cf-083d348410c2)]</sup><sup>[[Unit 42 Valak July 2020](https://app.tidalcyber.com/references/9a96da13-5795-49bc-ab82-dfd4f964d9d0)]</sup><sup>[[Unit 42 TA551 Jan 2021](https://app.tidalcyber.com/references/8e34bf1e-86ce-4d52-a6fa-037572766e99)]</sup><sup>[[Secureworks GOLD CABIN](https://app.tidalcyber.com/references/778babec-e7d3-4341-9e33-aab361f2b98a)]</sup>","group_attack_id":"G0127","group_id":"8951bff3-c444-4374-8a9e-b2115d9125b2","name":"TA551","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"67f71c18-1748-40ba-9340-61ec4a084b9a","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"94ad6ed8-4911-4671-b0e6-ae684311b733","name":"ValleyRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3732","tidal_id":"cf854795-433b-521e-a1fb-bb7cbaea1376","created":"2025-12-10T14:15:03.383993Z","modified":"2025-12-10T14:15:03.383996Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b5efcb1e-a7c7-4e68-b7a4-deb582b3af9c","name":"Valley RAT","description":"<sup>[[Www.cloudsek.com December 26 2025](/references/0d6e9bfe-9c6c-40ba-9d12-30273b559d13)]</sup>","source":"USER","associated_software_id":"dcabf13d-77d5-43ef-a367-76038f48d2c2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"7993c8cd-8833-44d0-9246-d6d2aabf9445","name":"ValleyRAT_S2","description":"<sup>[[Medium January 11 2026](/references/6cb12d3f-0296-47f7-9131-fc21ea806383)]</sup>","source":"USER","associated_software_id":"30b1f5fa-9cf3-4cd1-94a5-95a00d249e3d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[ReliaQuest December 04 2025](/references/3eea040e-75fb-4e52-b9b6-9e1476f0ddcb)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Medium January 11 2026](/references/6cb12d3f-0296-47f7-9131-fc21ea806383)]</sup>","group_attack_id":"G3199","group_id":"ff36ede1-9375-4b1a-83f3-38b12d1ec3f4","name":"ValleyRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7f3c1613-a753-4839-b007-8de8aea830ec","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"6af639e0-befe-436d-b504-87745818e238","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"23121059-e14d-48b1-8966-5c1051651d9e","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"5c6eaa26-42af-42dc-9240-69bc8dcd0afb","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"8013f74f-531b-4afc-b475-8d0403bd5121","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"23ecd844-6e69-44e9-8de8-30fc36577f9b","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"9aa246e1-faab-41bd-a05d-eff106e9728d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"c476072c-659c-4c74-a269-1e8bc3dd9815","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"10967a64-69fa-4c46-8e1b-1b1101d7acd3","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"d53bebcb-41ed-4963-947e-5fa8687e2d96","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"7ce44489-3591-449f-8ee8-b415f1340e34","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9e8e1caf-b46e-4a1a-b446-d0c87b7b8529","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"63940761-8dea-4362-8795-7bc0653ce1d4","name":"VaporRage","type":"malware","source":"MITRE","software_attack_id":"S0636","tidal_id":"580a45d7-fffb-5f24-8255-ecf06a89e847","created":"2021-08-04T15:02:56.965000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC Nobelium Toolset May 2021](https://app.tidalcyber.com/references/52464e69-ff9e-4101-9596-dd0c6404bf76)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"90afea27-3e4c-49bb-952f-6cd47f45fc34","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"fe116518-cd0c-4b10-8190-4f57208df4e4","name":"Vasport","type":"malware","source":"MITRE","software_attack_id":"S0207","tidal_id":"7b95f268-e2b1-5196-89c8-f4436970dba9","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"05e03335-0a5e-48ca-9595-e7f462225036","name":"Vatet Loader","type":"malware","source":"Trellix TIG","software_attack_id":"S3468","tidal_id":"06b7a2dc-6206-5548-9c25-0d8759413025","created":"2025-04-11T15:06:53.739238Z","modified":"2025-04-11T15:06:53.739242Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"2232decc-cbf0-4920-87fa-64958f2f2b29","name":"VBA Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3877","tidal_id":"02eecda9-8966-5c6a-9965-3789ad4a74a4","created":"2026-01-06T18:05:06.926973Z","modified":"2026-01-06T18:05:06.926976Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"68706707-0270-4309-a73e-0cc596d7aa57","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"6b780eab-c195-41b8-aa50-c6b300ac9bb0","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"b96449e8-4fed-445e-95fa-7f3a775ffbbb","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a2b9dbb3-88be-4ff3-a56a-d65503d66fb3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"25ae056b-aa3d-4bfb-9b53-ba76bce0dad1","name":"vbc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3292","tidal_id":"8f91a477-89da-582c-ab30-54081d1bf77c","created":"2024-01-12T14:48:14.570822Z","modified":"2024-01-12T14:48:14.570826Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"579a54a7-21df-4f94-a7af-43b644fa424d","name":"vbc.exe","description":"<sup>[[vbc.exe - LOLBAS Project](/references/25eb4048-ee6d-44ca-a70b-37605028bd3c)]</sup>","source":"Tidal Cyber","associated_software_id":"1ad2a3ea-b488-439c-ab34-5cf15df250f3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"44ca1e01-26e2-44d6-ad21-2323e757c36e","tag":"bc6f5172-90af-491e-817d-2eaa522f93af"},{"id":"04b63364-bba2-498c-9453-44ce2f645fcf","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"08673e23-9fc8-4147-bf14-5705aeb7ade6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"925c40c9-5a69-4a67-be83-469667f12750","name":"VBCloud","type":"malware","source":"Tidal Cyber","software_attack_id":"S3839","tidal_id":"a648d36b-9524-5caf-a867-085ae26825a8","created":"2025-12-29T17:41:07.087820Z","modified":"2025-12-29T17:41:07.087823Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9d83ad6f-7873-4612-9c8a-a03ec03ae9f9","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"e5dd3307-5afa-45bf-8d47-776d43f1d206","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"6fd60759-82b3-4435-ab87-262457aca574","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"080f0e0c-4a86-41aa-b8ac-3497fb8352d2","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"9207cdc6-b2ef-4717-bf47-eddcb65fd2d7","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"58b2d469-e780-4362-9bb4-fcde91c91b01","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"aab47f47-2cd6-4b3d-8df4-d3f2b046d387","name":"VBScript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3904","tidal_id":"a7cf30a2-3dff-5a8b-8fd6-978f502e389b","created":"2026-01-14T13:31:32.911265Z","modified":"2026-01-14T13:31:32.911269Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"e775223b-4b0a-4495-950a-bfc83fe55024","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"15df0ff5-6a78-457f-b355-a1e1da39fee3","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"79afaf2c-93a2-4a8d-83e9-059e7ea43905","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"00809ef6-1d7d-46a5-ba66-30710cd7eb39","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"a4f4b4b3-0126-4e9d-bab7-da0cf37e3bad","name":"VBScript (WSH)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3878","tidal_id":"2cc12be6-5193-5610-b4e7-23004c581fc0","created":"2026-01-06T18:05:07.081303Z","modified":"2026-01-06T18:05:07.081307Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"8ba1a7c8-a0dd-478b-817c-1d8dc2feca4b","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"1ade8c40-24fa-490d-b3ac-36b611695592","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"3bbe4c90-a95c-455d-bdd3-2fefacbdeb05","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"b7a8fe77-6fd4-4a44-870e-13e581651c5b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ea3d45b8-587f-4293-930f-ea3701b806dc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"150b6079-bb10-48a8-b570-fbe8b0e3287c","name":"VBShower","type":"malware","source":"MITRE","software_attack_id":"S0442","tidal_id":"904f296c-5d27-5d3e-a775-109a6522adfe","created":"2020-05-08T20:43:25.743000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Kaspersky Cloud Atlas August 2019](https://app.tidalcyber.com/references/4c3ae600-0787-4847-b528-ae3e8ff1b5ef)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"0247c7d9-4990-408d-b6ff-c4ff5ea17e94","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"5207f27c-1620-4c80-8fdd-4947c19d1844","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"372e8e7c-5cb7-4179-9c2d-7fbbbb4c355e","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"8d86d035-a0c0-4ff4-b971-a4c684ae2889","tag":"2e85babc-77cd-4455-9c6e-312223a956de"}],"owner_name":null},{"id":"36c06aee-5574-4094-a579-8ec7c9929040","name":"Veaty","type":"malware","source":"Tidal Cyber","software_attack_id":"S3182","tidal_id":"e5cd2c21-8c32-51c1-92a7-1694cb9ae588","created":"2024-09-20T15:10:52.979265Z","modified":"2024-09-20T15:10:52.979269Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research September 11 2024](/references/53320d81-4060-4414-b5b8-21d09362bc44)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"e15bfc63-5bd9-4dd6-a09a-4c95c855ea51","tag":"15f2277a-a17e-4d85-8acd-480bf84f16b4"},{"id":"3b17acce-4f23-41ea-a9ce-d9e0e9cc621d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"3718f2aa-084a-4f7a-b460-f862e58679b3","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"bee4788c-4d18-443a-8fa8-73aac5a10390","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ec33583f-f971-4b58-8c23-66bd5acd53e3","name":"Veeam Backup and Replication","type":"tool","source":"Tidal Cyber","software_attack_id":"S3636","tidal_id":"564a3d82-eab0-5817-b41c-4ba4e02d593c","created":"2025-11-19T17:45:39.822010Z","modified":"2025-11-19T17:45:39.822013Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Akira November 13 2025](/references/7d344877-cf01-4356-b806-8a1505054b15)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3880101e-ea2e-4ef9-85c7-e32396a639b1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6e13789c-c947-4aea-8646-8e07f8369ca1","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cff14334-5e0f-48bb-85ed-61f705a83aa5","name":"Veeam Credential Recovery","type":"tool","source":"Trellix TIG","software_attack_id":"S3439","tidal_id":"5edff116-947d-5d14-a618-85ff5ef550b2","created":"2025-04-11T15:06:48.345917Z","modified":"2025-04-11T15:06:48.345921Z","platforms":[],"associated_software":[{"id":"5964b883-78aa-4010-8657-b3c4cc1ca950","name":"Veeam Get Creds","description":"","source":"Trellix TIG","associated_software_id":"ff6b3625-d922-49bd-a8c3-d5d2422ba9d7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"19d3b579-6e37-402f-a131-453876caf90a","name":"Veeam-Get-Creds.ps1","description":"","source":"Trellix TIG","associated_software_id":"895db12c-adce-4632-b013-44eba7d2a6b9","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"65429394-0d90-4063-8ef3-8bc09738997e","name":"Veeam password dumper","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"69bb4d56-11f8-4048-a471-afa097efcf0d","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[The DFIR Report September 29 2025 09 29 2025](/references/062eb61b-ad37-4688-8008-7d8241ca63dd)]</sup>","group_attack_id":"G3090","group_id":"5425f89f-3679-45f4-bde3-8dae9448cf90","name":"LUNAR SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"521936de-9670-4218-8cc2-66f63a0098b0","name":"Velociraptor","type":"tool","source":"Tidal Cyber","software_attack_id":"S3590","tidal_id":"0f7f9166-34a8-5603-9f85-df905d16bcbf","created":"2025-10-13T17:29:24.841952Z","modified":"2025-10-13T17:29:24.841956Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 09 2025](/references/06bee483-26fb-4cfc-a6a5-c8282a997946)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"306e5bb6-74d9-4127-a0ed-9ae0187a8d66","tag":"64a4d34f-1be5-4f53-a8af-1505d8584e93"},{"id":"7d629b0c-8e71-4d5e-917a-6e346e6a6c20","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"3e7de67a-85af-4e53-a148-b500a0631f5d","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"dbf4615a-cd34-431a-9732-e98997e451d8","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"a20d74b7-9146-43d5-9bbf-7b3f2e508b6d","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"ab36de88-e596-473b-bf10-ed94d6621424","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"03f0b436-6416-486b-8e05-5281973089fe","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c3b61d09-44fb-454e-b926-0c6833242ca3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"87107499-347d-4cb4-a2ec-bd6e4c42581a","name":"VenomRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3455","tidal_id":"73f367c6-e924-58bb-be66-03a1f5d0c529","created":"2025-03-25T13:16:27.525889Z","modified":"2025-03-25T13:16:27.525891Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e1e9f55d-26af-467a-b607-694859e6317a","name":"Venom RAT","description":"","source":"Tidal Cyber","associated_software_id":"0f22cf97-6a7f-447e-b833-48d6373c6ce7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b3d82408-852e-4c79-94a8-8a81dc4a3f95","tag":"b97de6e0-0f03-4380-b102-328400e2c3c9"},{"id":"aa790a69-5c4f-4641-b4d2-ca26777212db","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"148683ed-ffe6-465b-a605-3e6252a682ea","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ed840ca0-db02-4882-a004-72028437e8f3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2f33ae13-8ab2-4ec1-8358-c81218c1f3a5","name":"Venus Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3014","tidal_id":"0bf3af74-5790-55a3-bc01-10fc0e7d3807","created":"2024-06-13T20:12:26.550423Z","modified":"2024-06-13T20:12:26.550427Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2e7e2c63-4127-4b1a-bd02-5d352687d930","tag":"537bb659-7c9b-4354-b1da-03989ce412c8"},{"id":"bfbb4cc5-79cb-4933-9235-1c0bafee712d","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"7e78530c-8dc5-4a01-b755-2cb3c0b07944","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"5eba0dba-b1cc-47b5-9c1a-1a29ac8959fb","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"78282586-5931-4eb6-97b0-aaaabe108aa1","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"e1e577a8-dc6b-4350-9a17-6c6304bb997b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"56dc0bea-bdfb-4731-b6c0-425fb7f9bf4d","name":"Verclsid","type":"tool","source":"Tidal Cyber","software_attack_id":"S3293","tidal_id":"2f3c3ed6-9491-5bf5-a9c2-d4b40e9aee79","created":"2024-01-12T14:48:14.943167Z","modified":"2024-01-12T14:48:14.943171Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"01e581f1-e88b-48fe-8097-48bc5ab220cf","name":"Verclsid.exe","description":"<sup>[[LOLBAS Verclsid](/references/63ac9e95-aad8-4735-9e63-f45d8c499030)]</sup>","source":"Tidal Cyber","associated_software_id":"36aff35e-5b1e-4d4c-8690-492221812efd","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"212ad184-3257-48cd-bdcf-e480a4f730a7","tag":"4e91036d-809b-4eae-8a09-86bdc6cd1f0e"},{"id":"b047ce77-02f0-4a29-ae3c-1f238870949c","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6591263b-031e-42d2-bdc1-c779229d4ef6","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"afa4023f-aa2e-45d6-bb3c-38e61f876eac","name":"VERMIN","type":"malware","source":"MITRE","software_attack_id":"S0257","tidal_id":"c723e3a9-276a-5b95-b48a-85b7403922a0","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ea857bb3-408e-566f-a693-96d9dc4f3c90","name":"VersaMem","type":"malware","source":"MITRE","software_attack_id":"S1154","tidal_id":"ea857bb3-408e-566f-a693-96d9dc4f3c90","created":"2024-10-31T16:28:02.166849Z","modified":"2024-10-31T16:28:02.166852Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"[VersaMem](https://app.tidalcyber.com/software/ea857bb3-408e-566f-a693-96d9dc4f3c90) was used by [Volt Typhoon](https://app.tidalcyber.com/groups/4ea1245f-3f35-5168-bd10-1fc49142fd4e) as part of [Versa Director Zero Day Exploitation](https://app.tidalcyber.com/campaigns/e28a09b7-885f-5556-b56e-7ad3e0581ac0).<sup>[[Lumen Versa 2024](https://app.tidalcyber.com/references/1d7f40f7-76e6-5ba2-8561-17f3646cf407)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"d56d7a2a-5062-45b6-8fec-08a393d4041c","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"}],"owner_name":null},{"id":"2b0895db-a6ed-4108-9d61-ff63b14ad0ab","name":"version.dll","type":"tool","source":"Tidal Cyber","software_attack_id":"S3765","tidal_id":"b22e5b90-6bb0-58da-a66c-9e1b5d129412","created":"2025-12-17T14:18:51.616960Z","modified":"2025-12-17T14:18:51.616964Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 21 2025](/references/57b3ee67-b2b8-4937-a557-411a870bb5b3)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","group_attack_id":"G3170","group_id":"dddd119f-edac-4077-958b-6a775dd4a147","name":"Shanya Packer Operator","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3d58ef9c-5427-4e06-9bbf-12d05dbc0dab","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"90ca9153-1a11-4af6-a529-bf8387644411","tag":"166581ec-09a6-40b2-abfb-c3f5c733f89f"},{"id":"2739d8e6-00f0-4dec-9ea4-bcf69e59dbed","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"907d6e2d-ef97-4aa9-8f5a-5ff65781e6aa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"829a5040-e510-42c8-a50a-e4796b733f17","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7f52ff3c-f75b-5e71-85dc-566f6f6ba1fd","name":"ViceLeaker","type":"malware","source":"Mobile","software_attack_id":"S0418","tidal_id":"7f52ff3c-f75b-5e71-85dc-566f6f6ba1fd","created":"2026-01-28T13:08:09.938397Z","modified":"2026-01-28T13:08:09.938399Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[{"id":"fda3f9ca-9b99-4c12-b96c-ac363d7c9b82","name":"Triout","description":"<sup>[[SecureList - ViceLeaker 2019](https://app.tidalcyber.com/references/4dbabd46-ee23-5f9c-93be-b39b22e6e699)]</sup>","source":"Mobile","associated_software_id":"a236795c-c9a4-5855-a881-56c365e88509","owner_id":null,"owner_name":null}],"groups":[],"tags":[],"owner_name":null},{"id":"ced8364c-e0e2-429a-a029-300fa2f0d5be","name":"Vidar Stealer","type":"malware","source":"Tidal Cyber","software_attack_id":"S3096","tidal_id":"784e5af5-e6ce-52db-9754-5537346dca4a","created":"2023-11-17T17:09:26.597720Z","modified":"2023-11-17T17:09:26.597725Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"492cda41-f3ea-4cfc-b926-d4b077301589","name":"Vidar","description":"<sup>[[eSentire November 13 2025](/references/f346f327-f0e4-4405-bf3c-c0723c23384f)]</sup>","source":"USER","associated_software_id":"37ccc4ff-a055-485b-818d-71b7d87fbeda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Scattered Spider November 16 2023](/references/9c242265-c28c-4580-8e6a-478d8700b092)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8403eece-9ac6-484b-8f3a-b530d6837ae1","tag":"26028765-3b6d-419c-92b5-5fbe345a26d1"},{"id":"11df2e49-0be5-4e6a-a485-c0b8c2bb2bf4","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"52bb8ae8-c49f-4f5b-a5e9-620c2b7fc76b","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"af84d383-5c7e-407b-aa54-0f8f24513027","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"beff5fb3-b566-4132-85dd-eee43a6b0539","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":"TidalCyberIan"},{"id":"66df62fa-38e4-453b-95aa-de46ef0b2eaf","name":"vim-cmd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3550","tidal_id":"2b578ba8-d7f8-5cbc-842d-1a4b7c3116d0","created":"2025-09-15T19:14:01.432638Z","modified":"2025-09-15T19:14:01.432642Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"92cb5ded-4fd4-4cf5-8582-f86d103c5c7a","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"4eb65ae9-bc95-4100-bdd9-804852c6edf9","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"c348d1ef-9ece-479f-b479-f2cd414e8e67","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9965168d-d2d7-4788-a7e2-d9a869fc083f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"82207353-7a2e-5f3a-a6cf-1f38a647d893","name":"ViperRAT","type":"malware","source":"Mobile","software_attack_id":"S0506","tidal_id":"82207353-7a2e-5f3a-a6cf-1f38a647d893","created":"2026-01-28T13:08:09.939206Z","modified":"2026-01-28T13:08:09.939208Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"d3af77f2-d989-41bf-b23f-a8502478cfbc","name":"VIPERTUNNEL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3705","tidal_id":"4cc191b9-3c10-5aaf-888e-29dcd7108987","created":"2025-12-10T14:14:57.066457Z","modified":"2025-12-10T14:14:57.066462Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ad1141d4-8ce9-45df-9634-061fc5313f2e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"95f41510-a86e-4121-9815-086f042816f2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"58926fd0-4662-4ea9-afd5-aab2536bc95b","name":"VIRTUALGATE (Windows)","type":"malware","source":"Trellix TIG","software_attack_id":"S3412","tidal_id":"dedd49f4-75c9-5662-8c48-8ad5be7bf876","created":"2025-04-11T15:06:43.314363Z","modified":"2025-04-11T15:06:43.314366Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"3a67d17e-bada-4f6b-a27c-8e2bb904e686","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"3d9096c4-28ba-41fc-8e3f-71a42c2344cc","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"387f15a5-bac0-4c42-8cd3-025202e923da","name":"VIRTUALPEER","type":"malware","source":"Trellix TIG","software_attack_id":"S3452","tidal_id":"9de5e442-55b5-5d65-af28-a3711541e212","created":"2025-04-11T15:06:50.941396Z","modified":"2025-04-11T15:06:50.941400Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"54313cb3-2a5e-5aba-8ebb-f602c101bcc8","name":"VIRTUALPIE","type":"malware","source":"MITRE","software_attack_id":"S1218","tidal_id":"54313cb3-2a5e-5aba-8ebb-f602c101bcc8","created":"2025-10-29T21:08:48.110704Z","modified":"2025-10-29T21:08:48.110705Z","platforms":[{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Threat Intelligence ESXi VIBs 2022](https://app.tidalcyber.com/references/09edd87d-8b5b-5071-90f5-b4d394df38fa)]</sup><sup>[[Google Cloud Threat Intelligence VMWare ESXi Zero-Day 2023](https://app.tidalcyber.com/references/204d9587-957b-5398-a7c9-969500315ab3)]</sup><sup>[[Google Cloud Mandiant UNC3886 2024](https://app.tidalcyber.com/references/77b32efe-b936-5541-b0fb-aa442a7d11b7)]</sup><sup>[[Mandiant Fortinet Zero Day](https://app.tidalcyber.com/references/7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7)]</sup>","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5c90ca4e-b1d8-4c3b-9a55-876c62ad6215","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f835211e-1e40-4c56-be77-213db34045eb","name":"VIRTUALPIE (VMware ESXi)","type":"malware","source":"Trellix TIG","software_attack_id":"S3444","tidal_id":"d0763a59-f160-517a-8b86-7b1ec46c7f8c","created":"2025-04-11T15:06:49.519670Z","modified":"2025-04-11T15:06:49.519674Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"91d90d5e-7b02-47b3-b225-ebf5d6971fa4","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"f70e5b0a-04fe-5087-908d-7a90ba744c31","name":"VIRTUALPITA","type":"malware","source":"MITRE","software_attack_id":"S1217","tidal_id":"f70e5b0a-04fe-5087-908d-7a90ba744c31","created":"2025-10-29T21:08:48.110778Z","modified":"2025-10-29T21:08:48.110779Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"2f818de3-2bba-56d6-ab91-53ac9e001863","name":"ESXi"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Threat Intelligence ESXi VIBs 2022](https://app.tidalcyber.com/references/09edd87d-8b5b-5071-90f5-b4d394df38fa)]</sup><sup>[[Google Cloud Threat Intelligence VMWare ESXi Zero-Day 2023](https://app.tidalcyber.com/references/204d9587-957b-5398-a7c9-969500315ab3)]</sup><sup>[[Mandiant Fortinet Zero Day](https://app.tidalcyber.com/references/7bdc5bbb-ebbd-5eb8-bd10-9087c883aea7)]</sup>","group_attack_id":"G1048","group_id":"037aba85-f1a1-53d0-9631-992a2295d198","name":"UNC3886","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"7c2c159c-cc61-4f14-ac65-bb87c5d79112","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"f30de842-03bc-4ddf-93d6-3638c477c7dd","name":"VIRTUALPITA (LINUX)","type":"malware","source":"Trellix TIG","software_attack_id":"S3424","tidal_id":"8e2c6b54-1bff-59a0-9f00-ec9a8fdfbc5f","created":"2025-04-11T15:06:45.660916Z","modified":"2025-04-11T15:06:45.660920Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"bc23c9a3-fe20-4870-927c-aa916d833859","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"b7470464-1dc9-438c-ac0f-da2c39d84fca","name":"VIRTUALPITA (VMware ESXi)","type":"malware","source":"Trellix TIG","software_attack_id":"S3394","tidal_id":"b2d3780b-0a95-5c90-9457-57666a9c34e2","created":"2025-04-11T15:06:35.359644Z","modified":"2025-04-11T15:06:35.359648Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"96c74f69-e850-4b3c-84e0-e751def68f14","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"04bf30d7-583b-4235-aad0-b58cbbb69888","name":"VIRTUALSHINE","type":"malware","source":"Trellix TIG","software_attack_id":"S3408","tidal_id":"71b25ef7-4597-56ba-803e-23493a26b7ef","created":"2025-04-11T15:06:39.940829Z","modified":"2025-04-11T15:06:39.940833Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"cd0190ee-2af6-4bc9-8e2d-c2ab533b2427","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"8e231a5b-98a4-4fea-9219-7c616ac87e4c","name":"VIRTUALSPHERE","type":"malware","source":"Trellix TIG","software_attack_id":"S3387","tidal_id":"798458c2-0ab9-53bc-89a0-46dd729f8447","created":"2025-04-11T15:06:34.166933Z","modified":"2025-04-11T15:06:34.166937Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"66704b02-4569-48b6-adf4-573cc52b320f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":"TidalCyberIan"},{"id":"f8ffea4b-f25c-4b27-8e44-0d1ecc00b8ac","name":"Visio","type":"tool","source":"Tidal Cyber","software_attack_id":"S3482","tidal_id":"5fbe8bb6-edcb-5eb3-a5a8-5f808929884d","created":"2025-05-20T16:19:09.630831Z","modified":"2025-05-20T16:19:09.630834Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"80630d13-9e61-4ab5-9809-4878b497e12c","name":"Visio.exe","description":"<sup>[[Visio.exe - LOLBAS Project](/references/e92c169e-2096-4b07-b0d1-06492ab61019)]</sup>","source":"Tidal Cyber","associated_software_id":"faa2ed35-96df-4ad1-83e7-78c3dc028bc5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c6015d02-5835-4c26-9d47-1c1c3c2c2a39","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"0143bcd1-eb47-4593-80ef-fb00e4470d32","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"acfbcd12-25fd-41cd-83ef-c7af7cb59fff","name":"VisualUiaVerifyNative","type":"tool","source":"Tidal Cyber","software_attack_id":"S3367","tidal_id":"db83e183-2b99-56ca-ba9c-2e5f10770d02","created":"2024-01-12T14:48:42.795817Z","modified":"2024-01-12T14:48:42.795821Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1badddfb-7780-46c4-b1b7-68d1083b7a3c","name":"VisualUiaVerifyNative.exe","description":"<sup>[[VisualUiaVerifyNative.exe - LOLBAS Project](/references/b17be296-15ad-468f-8157-8cb4093b2e97)]</sup>","source":"Tidal Cyber","associated_software_id":"a11ae9f6-5229-48cb-9350-fcabf73be98e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c900aa89-a139-4ca0-b00c-998c3d04194b","tag":"5e096dac-47b7-4657-a57b-752ef7da0263"},{"id":"0545fa16-1628-4012-8737-c5785c351802","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"75ad1f9f-5735-49af-b265-984b0769fda1","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"d4234d72-cd7d-4279-96c2-37362cde2324","name":"VLC Media Player","type":"tool","source":"Tidal Cyber","software_attack_id":"S3842","tidal_id":"ba18803f-6475-5750-ae4d-627692a2bdfd","created":"2025-12-29T17:41:07.546144Z","modified":"2025-12-29T17:41:07.546148Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist December 19 2025](/references/5f6a0803-342f-4d82-a8d6-58c41f75956e)]</sup>","group_attack_id":"G0100","group_id":"d7c58e7f-f0b0-44c6-b205-5adcfb56f0e6","name":"Inception","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3e3d5b6a-4d18-4aa6-a23e-2932ed1fa762","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"1a77f1eb-fa54-47fe-a104-8d26ce1b3366","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"664f4700-87e7-4663-a991-c0e3ade92d76","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"14a7c92f-1a10-4588-ae77-008c085a13d5","name":"VLOG.IPDB","type":"malware","source":"Tidal Cyber","software_attack_id":"S3970","tidal_id":"477f9d35-69d9-5864-adab-91f027730b21","created":"2026-01-23T20:31:10.033250Z","modified":"2026-01-23T20:31:10.033254Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[web.archive.org October 18 2022](/references/da8f4fd8-aaa1-4ba9-97e3-13bee02c97f5)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"811cbe67-36e3-47dc-8d9b-fe5dedab1de8","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"7b23f09c-38c3-4ef6-a039-0a9916c3c711","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"06c68b3e-8b03-4414-9b0f-897bbf302334","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"4b4a0929-7758-4507-8e7e-445d1f426f4f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9a324ee1-33b6-4fbf-a162-a83582e4a362","name":"VMProtect","type":"tool","source":"Tidal Cyber","software_attack_id":"S3849","tidal_id":"c98ba587-1bce-52eb-bb13-6b4708e1b84f","created":"2025-12-29T17:41:08.649805Z","modified":"2025-12-29T17:41:08.649808Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"7232c924-3525-4720-9397-c91687e9ff65","tag":"166581ec-09a6-40b2-abfb-c3f5c733f89f"},{"id":"64fe114d-bbc1-4f15-b241-5b7e125de779","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"969822d6-276a-4fa4-b74e-67857f884902","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0867eb4a-4567-4426-b0c3-7e26f3ebf66e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1ec69fb7-d56e-4b63-81b9-b6c065b4ed9c","name":"VMTools AV killer","type":"tool","source":"Tidal Cyber","software_attack_id":"S3830","tidal_id":"19eae7a9-3a03-587b-9e62-5f7703e56df4","created":"2025-12-29T17:41:05.589262Z","modified":"2025-12-29T17:41:05.589266Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"14af2b9b-1099-4eae-99f1-1653d40c0ed3","name":"VMTools-Eng.exe","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"68122a5d-0ece-4b21-a857-86e5cc9e3aad","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"a33f9437-9b6d-49cc-be4b-381e4ecfd533","name":"vmtools.exe","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"6c7afd15-d0b5-4fd5-a81f-0ee91e2c48cf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"57e1841a-b895-424b-b1db-4255d903fd6c","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"8e2941f8-e184-4eb6-a7a4-224e51bb2130","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9bae552d-9fbe-41d9-a093-d64ceb228905","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9497591e-38fd-46c4-b31c-5572834870ff","name":"VMware Tools","type":"tool","source":"Trellix TIG","software_attack_id":"S3451","tidal_id":"32d61b0b-da73-5d79-aec4-2f12f4371f0a","created":"2025-04-11T15:06:50.781256Z","modified":"2025-04-11T15:06:50.781260Z","platforms":[],"associated_software":[{"id":"cb231a91-241d-4ecf-aa14-a7bc0d98c463","name":"vmtools","description":"","source":"Trellix TIG","associated_software_id":"9c101c0e-5c43-4a28-bcf2-87eb18276522","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"736458bb-0e00-419d-83ca-1a76d9914e9c","name":"vmtoolsd","description":"","source":"Trellix TIG","associated_software_id":"941c01e2-99fb-486d-b9cc-dcc2eb737875","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"8400311a-ecd1-4278-8b47-730f6980c190","name":"vmtoolsd.exe","description":"","source":"Trellix TIG","associated_software_id":"25cc24ce-cab9-479d-9479-c64b273133ad","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"4a22b00e-e8b7-47ca-a1da-9d390231fe65","name":"VMware vCenter","type":"tool","source":"Trellix TIG","software_attack_id":"S3413","tidal_id":"a0c7844a-7848-55eb-be3b-e0319e822c23","created":"2025-04-11T15:06:43.491098Z","modified":"2025-04-11T15:06:43.491101Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"0a3f2bc4-0cae-404a-bd2b-0fe32944988d","name":"VoidLink","type":"malware","source":"Tidal Cyber","software_attack_id":"S3977","tidal_id":"d90df809-4cad-5b9c-a587-3f74425386a0","created":"2026-01-23T20:31:11.092154Z","modified":"2026-01-23T20:31:11.092157Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Check Point Research January 13 2026](/references/d9dee943-2b68-4321-9c1b-d065bf69fb71)]</sup>","group_attack_id":"G3212","group_id":"d0318cad-b5f9-4e9e-af04-f479e52b5c30","name":"VoidLink Developers","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"6dfeb39a-1028-4e09-93ad-60b0162ffb8a","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"5a982595-4cb5-4903-9a95-cb5e22ff7f3c","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"88927e5a-ade1-4f4b-92b4-a3fe536afd4b","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"95cc0a8a-6661-45e4-897d-08f8b192d781","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"4c900a87-11ab-4034-90d4-5c434b98cc3f","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"ae16ca7b-7a6f-4550-bace-d7a11c9285f4","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"ff27b187-1979-4786-99e8-6eb25b90f999","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"dbb647a2-d3c1-4551-88d8-57a763789321","tag":"311abf64-a9cc-4c6a-b778-32c5df5658be"},{"id":"7d2e70c1-3c72-4ee4-8201-950ba1df0aa6","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"c67775c1-ee82-464e-b99d-6bbcb328b69d","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"e71a46a1-ae39-419c-9449-f3260079cfac","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"525dafe1-52a0-4423-af6d-5cd4a22c1e7c","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"4cd12244-6061-4837-8d1b-10a6fc1daee2","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8ebe4ab9-f437-4e82-ba11-ce2c1bb6a64e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e1dcbb6c-00ef-46f1-9da2-44b43b533256","name":"Voldemort","type":"malware","source":"Tidal Cyber","software_attack_id":"S3163","tidal_id":"685fb050-c56c-5aef-8e66-1b14c950fa76","created":"2024-09-06T15:14:34.250637Z","modified":"2024-09-06T15:14:34.250641Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"2c83e73d-75db-4518-ba04-f9651c0b9610","tag":"fe28cf32-a15c-44cf-892c-faa0360d6109"},{"id":"c8ac1082-4de9-4c17-929a-7f13653e3272","tag":"82009876-294a-4e06-8cfc-3236a429bda4"},{"id":"13cb210b-90f4-4a9f-91a6-7368daa11f5c","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"c2fc003d-d237-49f7-91cc-117eef62858c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"13996ef9-41af-4f5d-88f6-8689362ea623","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"7fcfba45-5752-4f0c-8023-db67729ae34e","name":"Volgmer","type":"malware","source":"MITRE","software_attack_id":"S0180","tidal_id":"8f56d5f9-b56d-591b-a47f-fa08a93bc4d1","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[US-CERT Volgmer Nov 2017](https://app.tidalcyber.com/references/c48c7ac0-8d55-4b62-9606-a9ce420459b6)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"b2ea039c-3cd4-54f4-a46f-9ee79fe6350b","name":"VPNFilter","type":"malware","source":"MITRE","software_attack_id":"S1010","tidal_id":"b2ea039c-3cd4-54f4-a46f-9ee79fe6350b","created":"2024-10-31T16:28:04.410838Z","modified":"2024-10-31T16:28:04.410841Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"[VPNFilter](https://app.tidalcyber.com/software/b2ea039c-3cd4-54f4-a46f-9ee79fe6350b) is associated with [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) operations based on reporting on [VPNFilter](https://app.tidalcyber.com/software/b2ea039c-3cd4-54f4-a46f-9ee79fe6350b) replacement software, [Cyclops Blink](https://app.tidalcyber.com/software/68792756-7dbf-41fd-8d48-ac3cc2b52712).<sup>[[NCSC CISA Cyclops Blink Advisory February 2022](https://app.tidalcyber.com/references/bee6cf85-5cb9-4000-b82e-9e15aebfbece)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[VPNFilter](https://app.tidalcyber.com/software/b2ea039c-3cd4-54f4-a46f-9ee79fe6350b) is associated with [Sandworm Team](https://app.tidalcyber.com/groups/16a65ee9-cd60-4f04-ba34-f2f45fcfc666) operations based on reporting on [VPNFilter](https://app.tidalcyber.com/software/b2ea039c-3cd4-54f4-a46f-9ee79fe6350b) replacement software, [Cyclops Blink](https://app.tidalcyber.com/software/68792756-7dbf-41fd-8d48-ac3cc2b52712).<sup>[[NCSC CISA Cyclops Blink Advisory February 2022](https://app.tidalcyber.com/references/bee6cf85-5cb9-4000-b82e-9e15aebfbece)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":null,"owner_name":null,"source":"ICS"}],"tags":[{"id":"61daa3bf-c873-4a9a-8bba-406e67338692","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"},{"id":"0d883a53-ba6f-4cb8-baba-a2434b742563","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"c89ba9a5-2ef5-4001-842b-2f5a1422fc1d","name":"v.ps1","type":"malware","source":"Tidal Cyber","software_attack_id":"S3951","tidal_id":"756ff085-ab4f-584a-95e7-bdb5cfc82a40","created":"2026-01-14T13:31:40.807531Z","modified":"2026-01-14T13:31:40.807535Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"23b1f424-8c7e-4136-af18-df93acb1d50e","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"1f548c4b-b279-41c6-8449-7bc66eb9a827","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"661b7e8e-dfa4-4e9d-a2c3-e49287420d6f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"e68286f7-ad81-44fb-b868-7311b2797638","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fca6d378-bbe6-4418-b238-6a9a63aaabba","name":"VSDiagnostics","type":"tool","source":"Tidal Cyber","software_attack_id":"S3365","tidal_id":"511af122-214c-5b31-9896-0a575c902a5d","created":"2024-01-12T14:48:41.719182Z","modified":"2024-01-12T14:48:41.719186Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"e9e3d073-b934-4df2-a787-eb98080fbb01","name":"VSDiagnostics.exe","description":"<sup>[[VSDiagnostics.exe - LOLBAS Project](/references/b4658fc0-af16-45b1-8403-a9676760a36a)]</sup>","source":"Tidal Cyber","associated_software_id":"17acae5f-d999-4a97-8cb1-546118e65b3b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"2fb615bf-5cfc-4ce3-baf9-5a2151b21a56","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"40359841-1b6b-4add-a9ef-b4d2feb75bfa","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f39988b4-acf7-4d56-a7e5-8e8fa0b8ccc2","name":"Vshadow","type":"tool","source":"Tidal Cyber","software_attack_id":"S3368","tidal_id":"95fef600-727c-572f-9594-95d3d44fd5ec","created":"2024-01-12T14:48:43.154081Z","modified":"2024-01-12T14:48:43.154085Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"3a585bce-7110-400e-bfcb-ed7b48ca3b1f","name":"Vshadow.exe","description":"<sup>[[Vshadow.exe - LOLBAS Project](/references/ae3b1e26-d7d7-4049-b4a7-80cd2b149b7c)]</sup>","source":"Tidal Cyber","associated_software_id":"012ea77d-0d1e-420f-8648-e4872647ea7b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"252d3a2b-261b-498b-a28a-a00358d6c9bf","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ee05557d-a772-426b-8548-3ed4a0fa83f8","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"514e6db4-ecda-4e3f-b873-602f1c964a0a","name":"Vshell","type":"malware","source":"Tidal Cyber","software_attack_id":"S3739","tidal_id":"26e52f04-4e4f-534b-b00c-55a6a370327e","created":"2025-12-10T14:15:04.612772Z","modified":"2025-12-10T14:15:04.612776Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[BleepingComputer React2Shell December 07 2025](/references/4b67e021-f0d9-43c8-91aa-ae84c14e85db)]</sup>","group_attack_id":"G3078","group_id":"21df749a-1e70-4c11-921c-071a61d9a900","name":"UNC5174","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"b205b984-63e7-4f9e-a214-80d853cd3da9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"fcfe98d2-71a3-45be-8164-d679f51fcd3e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"da15981a-900e-4f6d-be81-36cad73d1d2e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2517da5a-11b1-4f77-b488-c096173b1b50","name":"VSIISExeLauncher","type":"tool","source":"Tidal Cyber","software_attack_id":"S3366","tidal_id":"cf61652f-75e3-5b5e-8c8d-179340bb614a","created":"2024-01-12T14:48:42.396730Z","modified":"2024-01-12T14:48:42.396734Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ae3a2848-93c9-455d-8937-c1c40b8312d3","name":"VSIISExeLauncher.exe","description":"<sup>[[VSIISExeLauncher.exe - LOLBAS Project](/references/e2fda344-77b8-4650-a7da-1e422db6d3a1)]</sup>","source":"Tidal Cyber","associated_software_id":"8b5cb79f-747e-48a5-8946-873ae62a5e0a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"0153f9c2-a46a-4033-ac57-14f3c95a427e","tag":"0bf195a2-c577-4317-973e-a72dde5a06e6"},{"id":"70a73843-e175-46c7-b3a6-da8e82db5d29","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"2fcbfcb3-29fe-4c94-85a8-51aadb26a4ac","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"34ba500e-c37c-45ec-abf4-16e2f76d82c8","name":"vsjitdebugger","type":"tool","source":"Tidal Cyber","software_attack_id":"S3369","tidal_id":"ac135f3a-167d-5a9e-a542-d1f6bd5021b8","created":"2024-01-12T14:48:43.522092Z","modified":"2024-01-12T14:48:43.522096Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d3b7d227-e39a-498b-8a01-2224bdcbdb9e","name":"vsjitdebugger.exe","description":"<sup>[[vsjitdebugger.exe - LOLBAS Project](/references/94a880fa-70b0-46c3-997e-b22dc9180134)]</sup>","source":"Tidal Cyber","associated_software_id":"bf3acc6a-9193-48fc-b4bb-5cca12bfa006","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5f015ea8-b30d-4ace-83ca-748febcf486e","tag":"71bc284c-bfce-4191-80e0-ef70ff4315bf"},{"id":"609d0d34-21b6-4eec-9a17-55d93180d656","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"fd41b5ea-3352-4372-a49d-172671c0fc4b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"36462805-2b63-4619-9104-4401138c8def","name":"VSLaunchBrowser","type":"tool","source":"Tidal Cyber","software_attack_id":"S3483","tidal_id":"fed6f8e9-c2a8-5aff-a4c8-9e05bc454eb9","created":"2025-05-20T16:19:09.823639Z","modified":"2025-05-20T16:19:09.823642Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"05c0f005-d7c6-4e91-8153-23224d7a13a1","name":"VSLaunchBrowser.exe","description":"<sup>[[VSLaunchBrowser.exe - LOLBAS Project](/references/d88f1249-6a39-496c-afc8-8032457740e8)]</sup>","source":"Tidal Cyber","associated_software_id":"62430681-6185-4a6b-9af4-8a0f95e028e3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"218c02c6-e5bb-46f5-8e2d-9053d1b53258","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8ef701f2-3780-4de9-bef1-9158963dbe54","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"99f752db-12c4-45a7-9f7b-f4fcda033462","name":"vsls-agent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3374","tidal_id":"c830fd64-3f30-55a0-a0ae-abc8526f0557","created":"2024-01-12T14:48:45.527185Z","modified":"2024-01-12T14:48:45.527188Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"48f4e3f9-644b-4253-806a-a1a0d5977172","name":"vsls-agent.exe","description":"<sup>[[vsls-agent.exe - LOLBAS Project](/references/325eab54-bcdd-4a12-ab41-aaf06a0405e9)]</sup>","source":"Tidal Cyber","associated_software_id":"f4a64cb4-78af-4343-8d36-1c2e63b943ee","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4c3b58b3-745d-49f7-825b-f417201205fc","tag":"375cb8ad-2b6a-49b7-8eb3-757aaaf72d8b"},{"id":"bc47f628-5887-49af-8b1e-734248375784","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6ba0c365-e9e4-4071-9a97-caab660b5a1a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"829277fd-27d4-4313-9b13-851224f5668f","name":"VSOCKpuppet","type":"malware","source":"Tidal Cyber","software_attack_id":"S3925","tidal_id":"5619c85c-d5c6-5996-8205-5d2ff4b948c7","created":"2026-01-14T13:31:36.582571Z","modified":"2026-01-14T13:31:36.582575Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Huntress January 07 2026](/references/f4a98641-d76c-4f39-9cc2-4daf30cc1a56)]</sup>","group_attack_id":"G3200","group_id":"8adc41b2-e496-4e2c-ba1f-6420e7359669","name":"Unattributed Chinese-speaking ESXi Exploit Developer","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"12edaaf6-0e1c-4583-86c3-b6bd54aeffd3","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"ac867e3d-ac3d-438d-bd8a-26134a8f96f2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"bbaaa8b4-d066-4898-befd-bf099ce4411c","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"507a9d19-d035-4aa3-a91c-9a3a154e868f","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"8dc9e8df-6372-4559-a7bb-7aa54a833764","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cb8f33c5-0c0c-4e9b-bc7e-565a55ccaae4","name":"Vssadmin","type":"tool","source":"Tidal Cyber","software_attack_id":"S3517","tidal_id":"2bf34126-2192-5622-8e86-e6419467eef5","created":"2025-08-06T14:57:17.035966Z","modified":"2025-08-06T14:57:17.035970Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a056fb7b-ebe6-42e3-a870-a2abceb7437c","name":"vssadmin.exe","description":"","source":"Tidal Cyber","associated_software_id":"ab53bc4e-bde2-4a36-af80-8b92736b01c8","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Halcyon Cloak Ransomware December 12 2024](/references/dc31e537-b5d8-40ad-b1f6-2fed76a8a87f)]</sup>","group_attack_id":"G3211","group_id":"41d6d175-2f69-45e6-9663-9ff0cf8649e3","name":"Cloak","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Blackpoint Cyber Qilin August 2024](/references/18a56020-b2ff-480e-8c7b-995e9829ed34)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","group_attack_id":"G3134","group_id":"45a5d563-0e93-405a-ae8c-cca71e88f441","name":"J Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[ANY.RUN's Cybersecurity Blog 10 01 2025](/references/87535fb7-8916-494e-94ff-cf28c125f0b4)]</sup>","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"a3ebc075-c87b-4400-9498-09bb95d47231","name":"VSS Copying Tool (Play Ransomware)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3063","tidal_id":"b44ea169-a9e1-5846-a16d-535d366acbca","created":"2024-06-13T20:12:28.890110Z","modified":"2024-06-13T20:12:28.890114Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Play Ransomware April 19 2023](/references/a78613a5-ce17-4d11-8f2f-3e642cd7673c)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"966d8c92-7874-4f8a-b7ab-9d58a69fc026","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"85761789-1dc0-4454-aaef-b88ce0bb6f17","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"f5202d33-b023-4afe-b916-812b47e94577","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"dfbe173f-5c36-4596-aefb-7ccf504e03c8","name":"vstest.console","type":"tool","source":"Tidal Cyber","software_attack_id":"S3375","tidal_id":"5152253b-0d83-51c7-9eff-043cb79b5dad","created":"2024-01-12T14:48:45.872169Z","modified":"2024-01-12T14:48:45.872175Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"247c9452-e8dc-41df-89de-e5617c1272d6","name":"vstest.console.exe","description":"<sup>[[vstest.console.exe - LOLBAS Project](/references/70c168a0-9ddf-408d-ba29-885c0c5c936a)]</sup>","source":"Tidal Cyber","associated_software_id":"eda03dc8-1816-4701-868f-c3c73ec62384","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"f2d14b26-2b23-4aaa-a50f-ddb53ff21c9f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"74106824-ea86-4b32-b836-9497fd33b93b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6cbd62e8-9024-42d7-93d5-6b8b3409425b","name":"Wab","type":"tool","source":"Tidal Cyber","software_attack_id":"S3294","tidal_id":"6c24feeb-a3ef-5f03-9174-ea86eca401c2","created":"2024-01-12T14:48:15.393681Z","modified":"2024-01-12T14:48:15.393685Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9672c2e5-1792-4bb8-a16c-6669ee5f99b1","name":"Wab.exe","description":"<sup>[[Wab.exe - LOLBAS Project](/references/c432556e-c7f9-4e36-af7e-d7bea6f51e95)]</sup>","source":"Tidal Cyber","associated_software_id":"5de40634-9b96-422d-98e0-db9fe0dad5fb","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dd220172-ca5e-4901-8868-805743f5d9da","tag":"a53c9f4b-6f0d-4afa-b1ac-8e2d91279210"},{"id":"d46b783e-f9d3-4885-854a-38225104ef91","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"10f1447b-1fde-4389-9775-0eb89711f8f7","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"6e7d1bcf-a308-4861-8aa5-0f4c6f126b0a","name":"WannaCry","type":"malware","source":"MITRE","software_attack_id":"S0366","tidal_id":"353ab859-db19-5b86-98f8-2ea594261a76","created":"2019-03-25T17:30:17.004000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"eaf4f5db-c1c7-523f-a0e1-0c05f8bc3501","name":"ICS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"cff39ad6-363d-44f4-8478-77fdf3b35a26","name":"WanaCrypt0r","description":"<sup>[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)]</sup>","source":"MITRE","associated_software_id":"6d001330-b6ae-4e34-bd64-f1832b53047a","owner_id":null,"owner_name":null},{"id":"e46b3a86-4e74-4485-a8f8-68b28086155a","name":"WCry","description":"<sup>[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)]</sup><sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","source":"MITRE","associated_software_id":"16059e86-c89f-40de-a3e7-cee9f210228c","owner_id":null,"owner_name":null},{"id":"3e519733-49bb-4e44-81c2-cc656a55751e","name":"WanaCry","description":"<sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","source":"ICS","associated_software_id":"a0cee897-ba88-4c1b-a1c6-f811baf608cc","owner_id":null,"owner_name":null},{"id":"d5c5fa0c-8d32-46e2-a5ac-a7b710d09f92","name":"WanaCrypt","description":"<sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","source":"ICS","associated_software_id":"a4d2e9a7-b785-4385-b85e-51ea8f048de2","owner_id":null,"owner_name":null},{"id":"d0712e4e-30a3-4183-839d-9b3fcdabdc2f","name":"WCry","description":"<sup>[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)]</sup><sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","source":"ICS","associated_software_id":"16059e86-c89f-40de-a3e7-cee9f210228c","owner_id":null,"owner_name":null},{"id":"bea8fd1a-d688-4b25-8144-1e7869e2ba47","name":"WanaCrypt0r","description":"<sup>[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)]</sup>","source":"ICS","associated_software_id":"6d001330-b6ae-4e34-bd64-f1832b53047a","owner_id":null,"owner_name":null},{"id":"b142f212-46e9-4623-a5af-9fb8a80696cc","name":"WanaCrypt","description":"<sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","source":"MITRE","associated_software_id":"a4d2e9a7-b785-4385-b85e-51ea8f048de2","owner_id":null,"owner_name":null},{"id":"c4167a40-dfc1-4ecb-96bc-51ef86a92438","name":"WanaCry","description":"<sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","source":"MITRE","associated_software_id":"a0cee897-ba88-4c1b-a1c6-f811baf608cc","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]</sup><sup>[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)]</sup><sup>[[FireEye WannaCry 2017](https://app.tidalcyber.com/references/34b15fe1-c550-4150-87bc-ac9662547247)]</sup><sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"ICS"},{"description":"<sup>[[FireEye APT38 Oct 2018](https://app.tidalcyber.com/references/7c916329-af56-4723-820c-ef932a6e3409)]</sup><sup>[[LogRhythm WannaCry](https://app.tidalcyber.com/references/305d0742-154a-44af-8686-c6d8bd7f8636)]</sup><sup>[[FireEye WannaCry 2017](https://app.tidalcyber.com/references/34b15fe1-c550-4150-87bc-ac9662547247)]</sup><sup>[[SecureWorks WannaCry Analysis](https://app.tidalcyber.com/references/522b2a19-1d15-48f8-8801-c64d3abd945a)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"bdd67e32-6027-484d-a9c9-7320a8aa28b1","tag":"88cd6603-5b4e-4d0c-9097-051d3a90cb80"},{"id":"f3fcc2ff-0170-498e-83be-585f2946f317","tag":"3ed3f7a6-b446-4fbc-a433-ff1d63c0e647"},{"id":"c8f281c7-588c-4d42-943c-4201fc0b7a80","tag":"45795633-a32b-4d9e-8620-4044ac056647"},{"id":"ec874282-7f5e-46dc-87dc-aa00c0432af1","tag":"09de661e-60c4-43fb-bfef-df017215d1d8"},{"id":"577147e0-cc3b-4383-ab51-ec773266ac4a","tag":"5a463cb3-451d-47f7-93e4-1886150697ce"},{"id":"c42b7af1-1de9-46c9-8a36-7ae97c0bff5c","tag":"c2380542-36f2-4922-9ed2-80ced06645c9"},{"id":"260047ae-dea9-42b8-ae15-d502224ac286","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"cdb1eb02-e209-4dcf-8605-ec0073150d20","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"89fa96ef-c559-4876-bcb1-5ff7cea02330","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"}],"owner_name":null},{"id":"f49e4c24-9ce5-4f69-bca7-1851578a1656","name":"Warlock Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3512","tidal_id":"c959281b-0274-5ec7-b6af-e7786ac85d12","created":"2025-08-04T14:21:24.350354Z","modified":"2025-08-04T14:21:24.350358Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"a61131d1-12fb-4eae-9fe1-a275ef69d5ff","name":"Warlock","description":"<sup>[[None December 11 2025](/references/1037dd5b-a209-4ea6-9a97-ac80c0f35ca3)]</sup>","source":"USER","associated_software_id":"ee093636-42d8-4b39-8bb4-4ae779ee07ef","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"200d6cf7-3fce-40df-9778-3fa4806924c0","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"89e2ec9a-1b22-4a9d-8454-29642e67a93f","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"ec02aec2-a63e-421f-820d-7863e2b3ef7c","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"ba8af00f-6ec0-41f7-9c6e-599836bf9d5e","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ae759e5f-2216-4004-a2b2-7166f5793729","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9a592b49-1701-5e4c-95cf-9b8c98b80527","name":"WARPWIRE","type":"malware","source":"MITRE","software_attack_id":"S1116","tidal_id":"efbdd0d8-8b8d-5634-aa77-5521c41ffe8c","created":"2024-04-25T13:28:20.667031Z","modified":"2024-04-25T13:28:20.667034Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"cfebe868-15cb-4be5-b7ed-38b52f2a0722","name":"WarzoneRAT","type":"malware","source":"MITRE","software_attack_id":"S0670","tidal_id":"b8fb7673-c74b-51ec-a003-d3e5258e54de","created":"2021-12-27T17:21:18.652000Z","modified":"2022-04-15T14:24:50.745000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b8f67b24-f8ef-4695-bca1-46e2681029f7","name":"Ave Maria","description":"<sup>[[Check Point Warzone Feb 2020](https://app.tidalcyber.com/references/c214c36e-2bc7-4b98-a74e-529aae99f9cf)]</sup><sup>[[Uptycs Warzone UAC Bypass November 2020](https://app.tidalcyber.com/references/1324b314-a4d9-43e7-81d6-70b6917fe527)]</sup>","source":"MITRE","associated_software_id":"50fda745-505f-47ca-b141-0ed2a48e5bfe","owner_id":null,"owner_name":null},{"id":"d2a4f820-7771-4bce-8968-0f0a4a35e33d","name":"Warzone","description":"","source":"MITRE","associated_software_id":"d68a20f3-9abb-4c63-9df4-cb73bf291473","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Check Point Warzone Feb 2020](https://app.tidalcyber.com/references/c214c36e-2bc7-4b98-a74e-529aae99f9cf)]</sup><sup>[[Uptycs Confucius APT Jan 2021](https://app.tidalcyber.com/references/d74f2c25-cd53-4587-b087-7ba0b8427dc4)]</sup>","group_attack_id":"G0142","group_id":"d0f29889-7a9c-44d8-abdc-480b371f7b2b","name":"Confucius","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Scattered Spider](https://app.tidalcyber.com/groups/3d77fb6c-cfb4-5563-b0be-7aa1ad535337) has utilized [WarzoneRAT](https://app.tidalcyber.com/software/cfebe868-15cb-4be5-b7ed-38b52f2a0722) to remotely access a compromised system.<sup>[[CISA Scattered Spider Advisory November 2023](https://app.tidalcyber.com/references/deae8b2c-39dd-5252-b846-88e1cab099c2)]</sup><sup>[[Check Point Scattered Spider JUL 2025](https://app.tidalcyber.com/references/276a2ed6-d532-51ee-9066-83145b7506c5)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"MITRE"},{"description":"<sup>[[Proofpoint TA2541 February 2022](https://app.tidalcyber.com/references/db0b1425-8bd7-51b5-bae3-53c5ccccb8da)]</sup>","group_attack_id":"G1018","group_id":"1bfbb1e1-022c-57e9-b70e-711c601640be","name":"TA2541","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Splunk October 18 2022](/references/78bccfce-ac5c-4413-9f6b-3be2762d7882)]</sup>","group_attack_id":"G0034","group_id":"16a65ee9-cd60-4f04-ba34-f2f45fcfc666","name":"Sandworm Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"9c8b793e-8b0d-4f30-84a4-0d0facbe7166","tag":"15787198-6c8b-4f79-bf50-258d55072fee"}],"owner_name":null},{"id":"0ba6ee8d-2b29-4980-8e55-348ea05f00ad","name":"WastedLocker","type":"malware","source":"MITRE","software_attack_id":"S0612","tidal_id":"f9db1b4a-9649-5df2-9733-a438081072f3","created":"2021-05-20T17:44:26.582000Z","modified":"2021-09-27T17:36:37.593000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[NCC Group WastedLocker June 2020](https://app.tidalcyber.com/references/1520f2e5-2689-428f-9ee4-05e153a52381)]</sup><sup>[[Crowdstrike EvilCorp March 2021](https://app.tidalcyber.com/references/4b77d313-ef3c-4d2f-bfde-609fa59a8f55)]</sup><sup>[[Microsoft Ransomware as a Service](https://app.tidalcyber.com/references/833018b5-6ef6-5327-9af5-1a551df25cd2)]</sup><sup>[[SentinelOne SocGholish Infrastructure November 2022](https://app.tidalcyber.com/references/8a26eeb6-6f80-58f1-b773-b38835c6781d)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"26823d80-dfbe-4e20-9bc8-3e69157d8687","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"a56a7abe-aa6e-4fcd-8d0c-32cc6a069ee3","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"a64011ad-38b0-413e-8a8a-dcab9aa36d18","name":"WatchDog","type":"tool","source":"Trellix TIG","software_attack_id":"S3456","tidal_id":"4cdcfb2c-dfff-55b8-9230-f1ba9979b2e9","created":"2025-04-11T15:06:51.592048Z","modified":"2025-04-11T15:06:51.592052Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3009","group_id":"9d1a4d48-33b8-4f14-bec7-ef105c094297","name":"GhostSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"56872a5b-dc01-455c-85d5-06c577abb030","name":"Waterbear","type":"malware","source":"MITRE","software_attack_id":"S0579","tidal_id":"24630d9a-0dbc-5367-8bd2-096c5e595837","created":"2021-02-22T16:35:33.673000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Trend Micro Waterbear December 2019](https://app.tidalcyber.com/references/bf320133-3823-4232-b7d2-d07da9bbccc2)]</sup>","group_attack_id":"G0098","group_id":"528ab2ea-b8f1-44d8-8831-2a89fefd97cb","name":"BlackTech","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"053878a5-6fb3-4e66-9d40-6d61bd34f886","name":"wbadmin","type":"tool","source":"Trellix TIG","software_attack_id":"S3437","tidal_id":"bf6c8f51-f317-572d-b4e6-4ea72ce84bd0","created":"2025-04-11T15:06:47.942647Z","modified":"2025-04-11T15:06:47.942650Z","platforms":[],"associated_software":[{"id":"c5870b19-7688-44f7-b47b-693bd736df43","name":"wbadmin.exe","description":"","source":"Trellix TIG","associated_software_id":"30731176-941a-4d88-a7e9-2fabf95c95c7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[huntress.com August 4 2025](/references/4d88aa79-a912-4aa6-ba5e-fdb4c2718a7b)]</sup><sup>[[The DFIR Report Bumblebee Akira July 2 2025](/references/22cd30b9-fde9-4383-8106-1a506afa3c02)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3002","group_id":"ebf63407-9772-4f38-93ad-48b8c9bb0bcf","name":"Gold Dupont","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"f33f267d-adf2-43ab-b664-b4f85c386243","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"5692146d-cd3c-4001-a7f9-b3b6f7a259dd","name":"wbemtest","type":"tool","source":"Tidal Cyber","software_attack_id":"S3478","tidal_id":"673e3f11-ce64-53d2-a496-5f1795e1a6e2","created":"2025-05-20T16:19:08.876071Z","modified":"2025-05-20T16:19:08.876075Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1567284f-a5bb-48c6-85ca-5c14d9a75c28","name":"wbemtest.exe","description":"<sup>[[wbemtest.exe - LOLBAS Project](/references/6622b44f-7065-4572-a40c-2ad5293c305e)]</sup>","source":"Tidal Cyber","associated_software_id":"18960943-71bc-449e-94f9-52d000136c56","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c0a923da-e252-4f31-809f-d6bf770c1954","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"067a49b9-1a0e-443d-830e-36de34f2da6d","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3216ae5e-9c3f-4885-9ea8-552ebb5a5c16","name":"Weaxor","type":"malware","source":"Tidal Cyber","software_attack_id":"S3844","tidal_id":"bf4478a7-97ae-50c2-9858-3595994e741f","created":"2025-12-29T17:41:07.849917Z","modified":"2025-12-29T17:41:07.849921Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"eba548b4-4c08-45b8-bb43-1df082651f2b","name":"Mallox","description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","source":"USER","associated_software_id":"c9a4f0e8-95fe-420f-8c66-9ed6a0c02f52","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G3187","group_id":"e396b406-57df-4260-bb75-b337ff726785","name":"Weaxor ransomware operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5cd390a2-400e-4dfa-9848-4805ed59ece5","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"},{"id":"3317cd38-0ef5-45f0-a1b0-07f0831f532e","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"7883ea90-3e03-4f05-92a2-638581434e08","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"e46a947c-4715-40d0-b046-11eb527673a0","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ff9c6327-c18b-48eb-9c1b-3acce83f12a0","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"f228af8f-8938-4836-9461-c6ca220ed7c5","name":"WEBC2","type":"malware","source":"MITRE","software_attack_id":"S0109","tidal_id":"4c0b41a7-df43-5bfa-ae80-ae46407ac16e","created":"2017-05-31T21:33:06.433000Z","modified":"2020-08-25T21:23:24.223000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1](https://app.tidalcyber.com/references/865eba93-cf6a-4e41-bc09-de9b0b3c2669)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2e95ad1f-fc35-40b3-af68-ff8c0e8b6c2d","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"a97b00de-b8e3-45cb-a904-4feba1997baa","name":"Webhook.site","type":"tool","source":"Tidal Cyber","software_attack_id":"S3922","tidal_id":"fea7d4c1-cdd4-5f81-8c65-28a7ee33bb56","created":"2026-01-14T13:31:36.096704Z","modified":"2026-01-14T13:31:36.096709Z","platforms":[{"id":"80504c1a-768c-48cc-b69f-c5cc80f8932a","name":"SaaS"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.recordedfuture.com January 09 2026](/references/fb8ee1dd-bf96-4d28-9d9f-807cc351190b)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4a0d619c-a0f7-4d08-b730-e2e29776c33d","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"2a6ab4c7-7a54-418c-aa32-59aa818a861d","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"cf12adc5-4f04-46fa-9d60-0cd79eeae9f6","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"d2375b77-5573-4e8b-b100-cc1a26716f01","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"80170e91-3dbe-4e57-bf0d-0658e375cc3c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"b936a1b3-5493-4d6c-9b69-29addeace418","name":"WellMail","type":"malware","source":"MITRE","software_attack_id":"S0515","tidal_id":"7bbc3b08-6d6d-5265-b7f6-70e5f8e05051","created":"2020-09-29T17:48:27.517000Z","modified":"2020-10-09T15:38:41.755000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CISA WellMail July 2020](https://app.tidalcyber.com/references/2f33b88a-a8dd-445b-a34f-e356b94bed35)]</sup><sup>[[NCSC APT29 July 2020](https://app.tidalcyber.com/references/28da86a6-4ca1-4bb4-a401-d4aa469c0034)]</sup><sup>[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6a467166-8cd6-4f0e-a1d8-715b5ec0e8ac","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"20725ec7-ee35-44cf-bed6-91158aa03ce4","name":"WellMess","type":"malware","source":"MITRE","software_attack_id":"S0514","tidal_id":"0a4acc83-939a-5209-b220-d37113d07ae9","created":"2020-09-24T19:39:44.392000Z","modified":"2021-03-22T18:45:19.504000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[PWC WellMess July 2020](https://app.tidalcyber.com/references/22794e37-3c55-444a-b659-e5a1a6bc2da0)]</sup><sup>[[PWC WellMess C2 August 2020](https://app.tidalcyber.com/references/3afca6f1-680a-46ae-8cea-10b6b870d5e7)]</sup><sup>[[CISA WellMess July 2020](https://app.tidalcyber.com/references/40e9eda2-51a2-4fd8-b0b1-7d2c6deca820)]</sup><sup>[[NCSC APT29 July 2020](https://app.tidalcyber.com/references/28da86a6-4ca1-4bb4-a401-d4aa469c0034)]</sup><sup>[[Cybersecurity Advisory SVR TTP May 2021](https://app.tidalcyber.com/references/e18c1b56-f29d-4ea9-a425-a6af8ac6a347)]</sup>","group_attack_id":"G0016","group_id":"4c3e48b9-4426-4271-a7af-c3dfad79f447","name":"APT29","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"4b1bb834-19be-41b8-8012-05908501c59e","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"a20c2bde-b4b0-4dde-afa5-6c224cde933f","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"923dd9ab-cb54-490c-858f-d0419f15a553","name":"WeTab","type":"malware","source":"Tidal Cyber","software_attack_id":"S3892","tidal_id":"a08f9ff7-7be2-5b26-a68d-0b8bdb372dcb","created":"2026-01-06T18:05:09.252539Z","modified":"2026-01-06T18:05:09.252543Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.koi.ai January 05 2026](/references/5da3facd-7bd9-4a02-843a-ad4b3fa273d7)]</sup>","group_attack_id":"G3190","group_id":"d2ed88a2-5514-4336-bda7-770dbe4fd451","name":"DarkSpectre","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"7dbe172f-82ee-4ff3-b17f-0076a27ee5ee","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"e87dd5cc-04d9-4cc6-beb5-97f6a60d1e69","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"b613728b-6bfd-4e74-b04c-e13f40258686","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"c9eb8631-3c1f-439c-ab47-2af3bd888823","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1b489b74-3f89-4c93-b91f-6fea867c259f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"2bcbcea6-192a-4501-aab1-1edde53875fa","name":"Wevtutil","type":"tool","source":"MITRE","software_attack_id":"S0645","tidal_id":"cbc39754-2c9b-5409-a16c-6758ef920708","created":"2021-09-14T21:45:30.280000Z","modified":"2022-10-13T17:45:16.377000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Mustang Panda](https://app.tidalcyber.com/groups/4a4641b1-7686-49da-8d83-00d8013f4b47) has leveraged [Wevtutil](https://app.tidalcyber.com/software/2bcbcea6-192a-4501-aab1-1edde53875fa) to gather information about usernames and Windows Security Event logs.<sup>[[Palo Alto Unit42 STATELY TAURUS TONESHELL September 2023](https://app.tidalcyber.com/references/dc97908c-d8e5-5e5d-a1b3-8ee65894f53a)]</sup>","group_attack_id":"G0129","group_id":"4a4641b1-7686-49da-8d83-00d8013f4b47","name":"Mustang Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]</sup>","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Rhysida Ransomware November 15 2023](/references/6d902955-d9a9-4ec1-8dd4-264f7594605e)]</sup>","group_attack_id":"G3017","group_id":"0610cd57-2511-467a-97e3-3c810384074f","name":"Rhysida Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Joint Cybersecurity Advisory Volt Typhoon June 2023](https://app.tidalcyber.com/references/14872f08-e219-5c0d-a2d7-43a3ba348b4b)]</sup><sup>[[CISA AA24-038A PRC Critical Infrastructure February 2024](https://app.tidalcyber.com/references/bfa16dc6-f075-5bd3-9d9d-255df8789298)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) uses [Wevtutil](https://app.tidalcyber.com/software/2bcbcea6-192a-4501-aab1-1edde53875fa) to extract Windows security event log data from victim machines.<sup>[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)]</sup>","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Huntress 08 14 2025](/references/87ba0b63-53c9-4e1d-a855-897aed86b813)]</sup>","group_attack_id":"G3134","group_id":"45a5d563-0e93-405a-ae8c-cca71e88f441","name":"J Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Trend Micro Ransomware Spotlight Play July 2023](https://app.tidalcyber.com/references/399eac4c-5638-595c-9ee6-997dcd2d47c3)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[ANY.RUN's Cybersecurity Blog 10 01 2025](/references/87535fb7-8916-494e-94ff-cf28c125f0b4)]</sup>","group_attack_id":"G3068","group_id":"cffa9947-001f-48fd-a63a-0b4feba8df6f","name":"FunkSec","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Crowdstrike DNC June 2016](https://app.tidalcyber.com/references/7f4edc06-ac67-4d71-b39c-5df9ce521bbb)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"","group_attack_id":"G3001","group_id":"61fe900f-d317-41fb-aed8-7f1052acfc5e","name":"Ransomhouse Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"8a747309-7d9e-4269-b8b6-2863ca8bd871","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"40c95386-f366-4a0d-b78f-917737c10b1e","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"704187f7-646e-47bb-b045-3aa802b3ba3a","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"8e185c90-dde6-4d69-8e28-a590f12445a2","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"77ba146b-d4dd-469e-9a66-cf693582b9af","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"ab507aac-d49d-48e1-9192-75a30acf7d2b","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"63cd9c41-f580-4863-8900-4f368ec3b1e3","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e7f88c43-d5bb-4bc1-a0cd-3c0d9eef4b52","tag":"5db11c6f-cba4-4865-b993-7a3aafd0f037"},{"id":"9c8c3fae-9255-4729-a9be-b6beba13298d","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"d0d6b899-a061-479a-81eb-dbba43c39ed6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"eef15f68-7f2c-4397-97b5-bf3df546901a","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"001a24f7-0cc8-4dae-9ebd-173e05463102","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"b4f51b33-f171-4e2f-9754-3fe1c12fc98d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"89b75d17-fd6a-46f3-8631-aba53c30a9ac","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"dc51b14f-991c-4a2c-93b2-abc96455073a","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":null},{"id":"dadd1243-6a4a-4ce2-9eea-1c530e7510d9","name":"Wfc","type":"tool","source":"Tidal Cyber","software_attack_id":"S3370","tidal_id":"8a9e8e73-ac55-586f-8c43-a01faa46b445","created":"2024-01-12T14:48:43.871837Z","modified":"2024-01-12T14:48:43.871841Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9587218f-04bb-436a-b5a1-c7c524195165","name":"Wfc.exe","description":"<sup>[[Wfc.exe - LOLBAS Project](/references/a937012a-01c8-457c-8808-47c1753e8781)]</sup>","source":"Tidal Cyber","associated_software_id":"eda6736e-ffb9-4ef9-8d1a-38b3848e4ba4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"fa2eafb9-c877-44fe-a86d-503c22d47c8e","tag":"be621f15-1788-490f-b8bb-85511a5a8074"},{"id":"8af0d8f1-bca0-4225-b782-983d0625741b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ab71b0f7-0f07-4bdd-bcde-6b8ca97f59c4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"ccf05d5f-398b-4b63-8bd6-07b98894c05b","name":"WFMFormat","type":"tool","source":"Tidal Cyber","software_attack_id":"S3484","tidal_id":"d661711c-0fde-5b20-9505-c7e404fcb7e5","created":"2025-05-20T16:19:09.971890Z","modified":"2025-05-20T16:19:09.971894Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"69b3aa62-73f0-4d21-bec7-a76c18626a0e","name":"WFMFormat.exe","description":"<sup>[[WFMFormat.exe - LOLBAS Project](/references/fa9a472d-d982-4e0c-a68d-1541f1b31b9c)]</sup>","source":"Tidal Cyber","associated_software_id":"2a915322-0596-471b-9171-146a6d6b552b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6ec26a82-9384-4dbc-8220-11cba459ac31","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"766467fe-a71b-44bc-b370-e69b05dc30d3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"8ae542d2-a690-46b2-8e94-615155d393da","name":"wget","type":"tool","source":"Tidal Cyber","software_attack_id":"S3696","tidal_id":"25c15288-4fee-5e64-bebe-6e4696296c64","created":"2025-12-10T14:14:55.710318Z","modified":"2025-12-10T14:14:55.710321Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.cloudsek.com December 29 2025](/references/4c94a4d9-242c-4b15-8fa0-0d7f7273d43f)]</sup>","group_attack_id":"G3189","group_id":"0dcab757-e43c-4f0d-a90c-95c69f117e98","name":"RondoDoX Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Check Point Research January 07 2026](/references/45a9d214-ddee-44e9-9ed1-282f05a65428)]</sup>","group_attack_id":"G3204","group_id":"4ca970cd-9422-46d7-a94d-340f7507638d","name":"GoBruteforcer Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Unit 42 December 12 2025](/references/02aae606-da8f-4c9b-86e0-5b960579c8d7)]</sup>","group_attack_id":"G3078","group_id":"21df749a-1e70-4c11-921c-071a61d9a900","name":"UNC5174","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3160","group_id":"1313da23-bbc5-4724-a278-fd6ca5e561f0","name":"Earth Lamia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3161","group_id":"2b008386-ffdc-433d-9b09-1e2cf4f3a4a4","name":"Jackpot Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3163","group_id":"a80c62db-7e04-44a8-8692-945aa22e09d6","name":"UNC6586","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3164","group_id":"0ca3cd2f-9650-4b70-9a65-6a5b512554ca","name":"UNC6588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3165","group_id":"5f8d373c-6992-4a2b-8a86-a16cbd45165a","name":"UNC6595","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3166","group_id":"d92dff67-9704-4503-ad57-867bea3e6bfa","name":"UNC6600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3167","group_id":"0e6985de-e4c1-494b-8901-9aa491202f6f","name":"UNC6603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"4e5d1590-017d-4a34-bd6a-cd580abb33fa","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1e26a85b-114e-4b9f-bba2-714a9e040f1f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ef2c833a-36c7-49b1-9152-18c9dc69a5f1","name":"WHIRLPOOL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3530","tidal_id":"ede422aa-21a7-5242-8fb1-9843ffcdb61e","created":"2025-08-28T19:35:48.820919Z","modified":"2025-08-28T19:35:48.820922Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud June 15 2023](/references/beb7f804-f6b7-4b9c-996b-61136b97a546)]</sup>","group_attack_id":"G3121","group_id":"a5e30967-59b8-4700-ac82-3d626dc92bb1","name":"UNC4841","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8e41d696-06a4-48a6-bb63-10587912b6bd","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"35211736-cddf-45cd-946b-39a2a6e97434","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a2a1a68b-ede8-4eeb-a315-f02cb66620ac","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"791f0afd-c2c4-4e23-8aee-1d14462667f5","name":"WhisperGate","type":"malware","source":"MITRE","software_attack_id":"S0689","tidal_id":"e47b6b51-0e6e-5488-b9c1-2b7d03abf946","created":"2022-03-10T16:42:36.137000Z","modified":"2022-04-10T16:43:00.619000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Ember Bear](https://app.tidalcyber.com/groups/407274be-1820-4a84-939e-629313f4de1d) is associated with [WhisperGate](https://app.tidalcyber.com/software/791f0afd-c2c4-4e23-8aee-1d14462667f5) use against multiple victims in Ukraine.<sup>[[Cadet Blizzard emerges as novel threat actor](https://app.tidalcyber.com/references/7180c6a7-e6ea-54bf-bcd7-c5238bbc5f5b)]</sup><sup>[[CrowdStrike Ember Bear Profile March 2022](https://app.tidalcyber.com/references/0639c340-b495-4d91-8418-3069f3fe0df1)]</sup><sup>[[Mandiant UNC2589 March 2022](https://app.tidalcyber.com/references/63d89139-9dd4-4ed6-bf6e-8cd872c5d034)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"5e0d4c9f-2843-46eb-a381-29d5fbb1e751","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"896e82cd-d836-43db-8fad-84cf9b0e7ac4","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"d1e06503-2341-4934-a9b2-fe8725f57567","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"1a69e0b0-0dce-4003-aa82-630044d00267","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"b8f2f65d-5344-4c29-9633-c6d8077be116","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"835e9cb3-448e-492b-b2d1-66f2f805443d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"14a89cf9-d78b-49dc-a69a-9d02d9eace55","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"b036dde2-1f6a-403b-8c32-73119fbd9d37","name":"WhiteSnake","type":"malware","source":"Tidal Cyber","software_attack_id":"S3402","tidal_id":"3accec4b-a823-57b4-baed-285746d27f58","created":"2024-10-14T19:20:46.404271Z","modified":"2024-10-14T19:20:46.404275Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"969b2cdf-46a1-4309-b573-f3f4f9808451","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"952b0e5a-2c7d-436c-b24c-f1b307c7efbf","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"83d4320e-9a9c-4815-bed1-6d9225837050","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"6992ef9a-ddd9-4b96-a18a-416b76356e74","name":"whoami","type":"tool","source":"Trellix TIG","software_attack_id":"S3446","tidal_id":"fa3ed697-7597-5dd0-87f3-048b64ad17a5","created":"2025-04-11T15:06:49.870634Z","modified":"2025-04-11T15:06:49.870638Z","platforms":[],"associated_software":[{"id":"e5cf204e-35a5-4f82-8128-17816ea9851f","name":"whoami.exe","description":"","source":"Trellix TIG","associated_software_id":"9fe907fc-bf99-44c2-8b69-b7531ba62f34","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3003","group_id":"4c8288fd-df9f-48b7-911b-19651074561d","name":"Water Curupira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Microsoft Security Blog July 22 2025](/references/9a2d190e-e0ea-42a0-8358-bdc7d43952ec)]</sup>","group_attack_id":"G3117","group_id":"6338d74d-155f-4728-8171-b7148b88ec53","name":"Storm-2603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"ad483f6c-b2ae-4e14-b04d-3811b120be18","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"758f8d56-9c2b-46b9-9c2c-8fb1ecbed173","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"bdd54cff-5d41-445c-9245-bd1566d44743","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"da61ce72-aee3-4b3d-bad2-df3b51493d22","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9dbf0bb9-7ecc-4512-a288-125690077899","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"17c268f6-6351-4a42-8031-6d5ced54b6b2","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"4643d47a-3396-40dc-bf77-74265647dfdd","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"134db8ff-3da8-48cb-bafa-9185fef383f6","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"36e2dca3-7e5a-4838-9d84-583ad5324d97","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"d6ff9ee9-0468-4280-9c9d-6715f806c0b4","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"ff4e34f9-a37b-4274-ac28-ee4c7373ea78","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"82959d4a-4d1c-432a-8550-91a8fbdd59c5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7b393608-c141-48af-ae3d-3eff13c3e01c","name":"Wiarp","type":"malware","source":"MITRE","software_attack_id":"S0206","tidal_id":"19e009e8-69ff-56da-9663-85a7209a910a","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Symantec Elderwood Sept 2012](https://app.tidalcyber.com/references/5e908748-d260-42f1-a599-ac38b4e22559)]</sup>","group_attack_id":"G0066","group_id":"51146bb6-7478-44a3-8f08-19adcdceffca","name":"Elderwood","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"938cb829-e79d-4a7c-a8ca-43981cd0836b","name":"winbox64.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3699","tidal_id":"5ab2747a-1b66-5121-b7b6-87c53a2cdcfc","created":"2025-12-10T14:14:56.035813Z","modified":"2025-12-10T14:14:56.035816Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"16c0484f-ba6a-4afa-a5e9-72e96af6fd62","name":"Microtik Winbox","description":"<sup>[[Symantec Ukraine Targeting October 29 2025](/references/08b6d849-2837-4af9-bb8a-e0425e6a02e4)]</sup>","source":"USER","associated_software_id":"d2171751-8c3d-4727-a2f4-aab00e6a2d6a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"b1e1ae5d-d9cb-4798-81e4-b7d1bf56a636","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"9c63d3f2-6a26-47e9-9a98-0352b79f43bc","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"cdb2f909-4705-4cf8-a33e-a192de0ad87a","name":"WinDbg","type":"tool","source":"Tidal Cyber","software_attack_id":"S3870","tidal_id":"4f5e4e33-7b1d-525c-8fe6-00cc3affe6c0","created":"2026-01-06T18:05:05.680884Z","modified":"2026-01-06T18:05:05.680887Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5541791e-be50-4c22-ac07-8216979e3b9e","name":"WinDbg.exe","description":"<sup>[[WinDbg.exe - LOLBAS Project](/references/1ba84bfe-b617-4a0d-8260-b29b0d797a8d)]</sup>","source":"USER","associated_software_id":"ace8dc36-a15e-4b88-82f7-8ee02c8e5016","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"6a5b6fae-7c16-4e7a-916d-a910011b6fe8","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"7c2c44d7-b307-4e13-b181-52352975a6f5","name":"Windows Credential Editor","type":"tool","source":"MITRE","software_attack_id":"S0005","tidal_id":"f7df2573-cdf9-5d29-9a98-4d7076553164","created":"2017-05-31T21:32:12.684000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"740a6325-6027-4b7f-89d4-bbd9c1bf1196","name":"WCE","description":"","source":"MITRE","associated_software_id":"e0f8b025-b8bc-4878-b47e-5ea82fc334c8","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Secureworks BRONZE BUTLER Oct 2017](https://app.tidalcyber.com/references/c62d8d1a-cd1b-4b39-95b6-68f3f063dacf)]</sup><sup>[[Symantec Tick Apr 2016](https://app.tidalcyber.com/references/3e29cacc-2c05-4f35-8dd1-948f8aee6713)]</sup>","group_attack_id":"G0060","group_id":"5825a840-5577-4ffc-a08d-3f48d64395cb","name":"BRONZE BUTLER","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye FIN6 April 2016](https://app.tidalcyber.com/references/8c0997e1-b285-42dd-9492-75065eac8f8b)]</sup>","group_attack_id":"G0037","group_id":"fcaadc12-7c17-4946-a9dc-976ed610854c","name":"FIN6","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[DarkReading FireEye FIN5 Oct 2015](https://app.tidalcyber.com/references/afe0549d-dc1b-4bcf-9a1d-55698afd530e)]</sup><sup>[[Mandiant FIN5 GrrCON Oct 2016](https://app.tidalcyber.com/references/2bd39baf-4223-4344-ba93-98aa8453dc11)]</sup>","group_attack_id":"G0053","group_id":"7902f5cc-d6a5-4a57-8d54-4c75e0c58b83","name":"FIN5","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Dell TG-3390](https://app.tidalcyber.com/references/dfd2d832-a6c5-40e7-a554-5a92f05bebae)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT39 Jan 2019](https://app.tidalcyber.com/references/ba366cfc-cc04-41a5-903b-a7bb73136bc3)]</sup><sup>[[Dark Reading APT39 JAN 2019](https://app.tidalcyber.com/references/b310dfa4-f4ee-4a0c-82af-b0fdef1a1f58)]</sup>","group_attack_id":"G0087","group_id":"a57b52c7-9f64-4ffe-a7c3-0de738fb2af1","name":"APT39","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Microsoft GALLIUM December 2019](https://app.tidalcyber.com/references/5bc76b47-ff68-4031-a347-f2dc0daba203)]</sup>","group_attack_id":"G0093","group_id":"15ff1ce0-44f0-4f1d-a4ef-83444570e572","name":"GALLIUM","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT40 March 2019](https://app.tidalcyber.com/references/8a44368f-3348-4817-aca7-81bfaca5ae6d)]</sup>","group_attack_id":"G0065","group_id":"eadd78e3-3b5d-430a-b994-4360b172c871","name":"Leviathan","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"60793f66-3a23-487e-95ea-559edccac6a6","tag":"1d306cbd-9894-4322-a233-b1576b8e25ba"}],"owner_name":null},{"id":"89e5bcdb-be8a-4a51-8c09-c2f14384e3c7","name":"Windows Crypto Shell Extensions (cryptext.dll)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3581","tidal_id":"f1fe6d84-9115-568e-a2b4-843c28b431ba","created":"2025-10-13T17:29:23.573401Z","modified":"2025-10-13T17:29:23.573405Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5f9bab65-0e63-4d9a-bc49-fae4e335d26f","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"072450e5-279a-4ace-b854-6c1153e6b587","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d1c39c71-5fd6-4e40-8e3e-019013835f1e","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"ed50dcf7-e283-451e-95b1-a8485f8dd214","name":"WINDSHIELD","type":"malware","source":"MITRE","software_attack_id":"S0155","tidal_id":"35139901-c478-5cbd-87f4-e7ec4afd9fae","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT32 May 2017](https://app.tidalcyber.com/references/b72d017b-a70f-4003-b3d9-90d79aca812d)]</sup>","group_attack_id":"G0050","group_id":"c0fe9859-e8de-4ce1-bc3c-b489e914a145","name":"APT32","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"3afe711d-ed58-4c94-a9b6-9c847e1e8a2f","name":"WindTail","type":"malware","source":"MITRE","software_attack_id":"S0466","tidal_id":"2d9c4371-aaad-5847-b441-69aa17ca3a01","created":"2020-06-04T19:01:53.566000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[SANS Windshift August 2018](https://app.tidalcyber.com/references/97eac0f2-d528-4f7c-8425-7531eae4fc39)]</sup><sup>[[objective-see windtail1 dec 2018](https://app.tidalcyber.com/references/7a32c962-8050-45de-8b90-8644be5109d9)]</sup><sup>[[objective-see windtail2 jan 2019](https://app.tidalcyber.com/references/e6bdc679-ee0c-4f34-b5bc-0d6a26485b36)]</sup>","group_attack_id":"G0112","group_id":"4e880d01-313a-4926-8470-78c48824aa82","name":"Windshift","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"5f994df7-55b0-4383-8ebc-506d4987292a","name":"WINERACK","type":"malware","source":"MITRE","software_attack_id":"S0219","tidal_id":"b0af0970-974f-5945-86ed-6b490ef47acd","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[FireEye APT37 Feb 2018](https://app.tidalcyber.com/references/4d575c1a-4ff9-49ce-97cd-f9d0637c2271)]</sup>","group_attack_id":"G0067","group_id":"013fdfdc-aa32-4779-8f6e-7920615cbf66","name":"APT37","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"65d5b524-0e84-417d-9884-e2c501abfacd","name":"Winexe","type":"tool","source":"MITRE","software_attack_id":"S0191","tidal_id":"ad3ecbfa-68b4-52c4-a01c-f57a08bbe088","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[SecureList Silence Nov 2017](https://app.tidalcyber.com/references/004a8877-7e57-48ad-a6ce-b9ad8577cc68)]</sup>","group_attack_id":"G0091","group_id":"b534349f-55a4-41b8-9623-6707765c3c50","name":"Silence","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Überwachung APT28 Forfiles June 2015](https://app.tidalcyber.com/references/3b85fff0-88d8-4df6-af0b-66e57492732e)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Securelist DarkVishnya Dec 2018](https://app.tidalcyber.com/references/da9ac5a7-c644-45fa-ab96-30ac6bfc9f81)]</sup> ","group_attack_id":"G0105","group_id":"d428f9be-6faf-4d57-b677-4a927fea5f7e","name":"DarkVishnya","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"076a50b9-39c2-4d25-9af3-d14afc7f4320","name":"winfile","type":"tool","source":"Tidal Cyber","software_attack_id":"S3486","tidal_id":"dc313f1d-b885-57c4-9a7d-f5a6cd78dfe6","created":"2025-05-20T16:19:10.309642Z","modified":"2025-05-20T16:19:10.309645Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fcb99805-aadc-4ff9-bf7d-776448328a45","name":"winfile.exe","description":"<sup>[[winfile.exe - LOLBAS Project](/references/78e30416-6c71-44c5-8124-9d047d372474)]</sup>","source":"Tidal Cyber","associated_software_id":"9019f47a-a249-4709-9bff-ad601192b07c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c59797a0-c08c-441a-b356-0ef6b23a9fb3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"19a93ebf-0244-46e7-b79c-fde34b77e9dd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3e70078f-407e-4b03-b604-bdc05b372f37","name":"Wingbird","type":"malware","source":"MITRE","software_attack_id":"S0176","tidal_id":"f6659443-e29f-57df-9289-a7e89cf0f0f9","created":"2018-01-16T16:13:52.465000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft NEODYMIUM Dec 2016](https://app.tidalcyber.com/references/87c9f8e4-f8d1-4f19-86ca-6fd18a33890b)]</sup><sup>[[Microsoft SIR Vol 21](https://app.tidalcyber.com/references/619b9cf8-7201-45de-9c36-834ccee356a9)]</sup>","group_attack_id":"G0055","group_id":"3a660ef3-9954-4252-8946-f903f3f42d0c","name":"NEODYMIUM","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"6c4e7a00-0151-490c-8a41-98981d355725","name":"winget","type":"tool","source":"Tidal Cyber","software_attack_id":"S3295","tidal_id":"a38f94cb-9940-57e2-b9b4-fc33c526cb15","created":"2024-01-12T14:48:15.777381Z","modified":"2024-01-12T14:48:15.777385Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7be8168a-91f9-4ee1-9d12-bc3952fa1d47","name":"winget.exe","description":"<sup>[[winget.exe - LOLBAS Project](/references/5ef334f3-fe6f-4cc1-b37d-d147180a8b8d)]</sup>","source":"Tidal Cyber","associated_software_id":"d042aa21-d8f6-4cdc-bdd8-b304cbf5b71f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"8ef6a2bb-be95-443a-b171-d194b5518b3c","tag":"61f778ca-b2f1-4877-b0f5-fd5e87b6ddab"},{"id":"5b564a78-886b-40b3-ad22-ff86324a19cb","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ec9795c9-bdd8-4678-96db-0c2ec94b85e5","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"56192ad1-4acd-4413-a801-d426ce990fc1","name":"Wingtb.sys","type":"malware","source":"Tidal Cyber","software_attack_id":"S3804","tidal_id":"6c5bee71-8fd1-511d-ab1e-e6d942833a92","created":"2025-12-24T14:57:27.434649Z","modified":"2025-12-24T14:57:27.434653Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b818d581-86dc-440a-a3be-56f3d4b7c538","name":"wingtb.sys","description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","source":"USER","associated_software_id":"dce5d6e4-a068-4b28-9cd1-27008ceecfc7","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"a45d0753-1f68-4966-9002-e143078becce","name":"Winkbj.sys (variant)","description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","source":"USER","associated_software_id":"d509e211-120f-4cc9-a5ac-038320133a02","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Check Point Research December 16 2025](/references/1fc24a9b-9636-482a-8413-211b42658872)]</sup>","group_attack_id":"G3180","group_id":"92cbac61-7999-465a-9afc-5476f84b3a2e","name":"RudePanda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3d086932-6b06-4c1b-b55a-9e6ce2bd7b86","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"ab43da3b-fac2-4780-a40d-463be6cd93ca","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"abeed887-0d6f-4cba-8170-3eec079fbf1f","tag":"1efd43ee-5752-49f2-99fe-e3441f126b00"},{"id":"060c855c-d2ee-4295-9633-b37209762dba","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2abfead2-ac55-4858-bad6-ae00d63ae187","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"267eba64-a42f-4ee1-a63f-5257d27c38a2","name":"WinGup","type":"tool","source":"Tidal Cyber","software_attack_id":"S3776","tidal_id":"f9210888-b2f5-5c42-924b-ac4bf05aabc8","created":"2025-12-17T14:18:53.287381Z","modified":"2025-12-17T14:18:53.287385Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3173","group_id":"7e4dd0e2-4fa0-4dd5-ad0e-41aa9effe8bf","name":"TAG-160","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f856ef7a-9520-4689-a451-a11c29020266","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"193d4301-dee9-4a9b-bbb4-c974eeda84ee","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"af835cee-595b-4946-bed1-6a7644fcf75d","name":"WinHttp.WinHttpRequest","type":"tool","source":"Tidal Cyber","software_attack_id":"S3932","tidal_id":"9aa2be34-9420-5ee0-87da-49559f0a39b7","created":"2026-01-14T13:31:37.675139Z","modified":"2026-01-14T13:31:37.675143Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Engage.morphisec.com December 09 2025](/references/e3021488-2578-49a2-908a-13184997ff82)]</sup>","group_attack_id":"G3201","group_id":"6cafa6a6-8fb4-49f0-b55e-8c95042cc7ff","name":"PyStoreRAT Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"9afc7cf7-c3da-4240-849e-64ee49220484","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"808af757-f8d2-42ee-bd5c-9a37bf94c93c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a26439b6-6fb3-41fc-b2b7-e9e2ee911ed3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e10423c2-71a7-4878-96ba-343191136c19","name":"WinMM","type":"malware","source":"MITRE","software_attack_id":"S0059","tidal_id":"05740eca-9e0c-5e5d-8581-aaad67bf62f3","created":"2017-05-31T21:32:40.004000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Baumgartner Naikon 2015](https://app.tidalcyber.com/references/09302b4f-7f71-4289-92f6-076c685f0810)]</sup><sup>[[CameraShy](https://app.tidalcyber.com/references/9942b6a5-6ffb-4a26-9392-6c8bb9954997)]</sup>","group_attack_id":"G0019","group_id":"a80c00b2-b8b6-4780-99bb-df8fe921947d","name":"Naikon","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e384e711-0796-4cbc-8854-8c3f939faf57","name":"Winnti for Linux","type":"malware","source":"MITRE","software_attack_id":"S0430","tidal_id":"74101c9e-41ec-5ae6-9588-053ce69a6ff4","created":"2020-04-29T15:06:59.171000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[{"description":"<sup>[[Crowdstrike GTR2020 Mar 2020](https://app.tidalcyber.com/references/a2325ace-e5a1-458d-80c1-5037bd7fa727)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) used [Winnti for Linux](https://app.tidalcyber.com/software/e384e711-0796-4cbc-8854-8c3f939faf57) for access to victim Linux hosts during intrusions<sup>[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)]</sup>.","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[TrendMicro EarthLusca 2022](https://app.tidalcyber.com/references/f6e1bffd-e35b-4eae-b9bf-c16a82bf7004)]</sup>","group_attack_id":"G1006","group_id":"646e35d2-75de-4c1d-8ad3-616d3e155c5e","name":"Earth Lusca","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"245c216e-41c3-4dec-8b23-bfc7c6a46d6e","name":"Winnti for Windows","type":"malware","source":"MITRE","software_attack_id":"S0141","tidal_id":"7dcad148-92cd-544e-b893-097f61748e31","created":"2017-05-31T21:33:21.027000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"[Aquatic Panda](https://app.tidalcyber.com/groups/b8a349a6-cde1-4d95-b20f-44c62bbfc786) used [Winnti for Windows](https://app.tidalcyber.com/software/245c216e-41c3-4dec-8b23-bfc7c6a46d6e) for persistent access to Windows victims.<sup>[[Crowdstrike HuntReport 2022](https://app.tidalcyber.com/references/cae1043a-2473-5b7e-b9ed-27d4f9c5b9b0)]</sup>","group_attack_id":"G0143","group_id":"b8a349a6-cde1-4d95-b20f-44c62bbfc786","name":"Aquatic Panda","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Kaspersky Winnti April 2013](https://app.tidalcyber.com/references/2d4834b9-61c4-478e-919a-317d97cd2c36)]</sup><sup>[[Kaspersky Winnti June 2015](https://app.tidalcyber.com/references/86504950-0f4f-42bc-b003-24f60ae97c99)]</sup>","group_attack_id":"G0044","group_id":"6932662a-53a7-4e43-877f-6e940e2d744b","name":"Winnti Group","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"f4e5b6b2-d0e3-4ce9-96ea-8b4f84daf2a5","name":"Winos 4.0","type":"malware","source":"Tidal Cyber","software_attack_id":"S3903","tidal_id":"4219b97f-c8e6-50d3-9240-21f4ff3292d2","created":"2026-01-14T13:31:32.738489Z","modified":"2026-01-14T13:31:32.738495Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"10662021-053d-4b2c-971a-56a9ce06eddf","name":"Winos","description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","source":"USER","associated_software_id":"77cab78a-1f3d-40f1-9f0f-7ff894b3a5b5","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Trend Micro June 19 2024](/references/ca3f8c94-6b26-4361-abaa-0e678aec8651)]</sup>","group_attack_id":"G3188","group_id":"7ce6d4f0-d737-4cb2-ab2a-a44ed500d666","name":"Silver Fox","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"be68b0aa-ac06-4b03-ad9c-c6f24806a1da","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"42ec4f84-189b-4c37-812e-320d732393a1","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"},{"id":"53c19ecd-9b14-475a-ab46-2ddab438e112","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"cfcff82d-b416-4ac6-b338-e8df5b717fbb","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"394eae27-63dc-4796-82e7-354902292c7b","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"284bf2ee-e798-4dc2-8dac-9b9407f5378b","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"8a0ef7c4-6894-4fde-be72-b5535720fdd1","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"2f8a2316-f73b-4503-9785-1d4469a93a7f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"262d3843-135e-46b3-9861-97e1a1aa077a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"c512f5bb-09d2-40d0-98d5-b5aedc83dc52","tag":"cd1b5d44-226e-4405-8985-800492cf2865"},{"id":"2a5e462e-b635-4b39-ba9b-e78b73e25750","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"891a0b72-849b-4f3d-880c-f687225bf5b5","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d29414d6-f5b4-4a93-bc6e-826d6f30306b","name":"WinProj","type":"tool","source":"Tidal Cyber","software_attack_id":"S3485","tidal_id":"2cacd8c8-8f2b-545c-9e49-97e4ba1fb465","created":"2025-05-20T16:19:10.149730Z","modified":"2025-05-20T16:19:10.149734Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5b3a3ed6-1d2a-4f3b-a035-710ce2dafb69","name":"WinProj.exe","description":"<sup>[[WinProj.exe - LOLBAS Project](/references/d7ceab5b-ae4e-4c68-b5df-df46f1308ec5)]</sup>","source":"Tidal Cyber","associated_software_id":"77217d6a-4fc4-493b-893f-028ecab61b33","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"e6a9e5cd-07c7-464c-8ae0-ef1de6cee390","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"d540e681-1d1a-4957-9ccd-06cc67063fda","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"0676e6ad-da86-4ee7-b6ab-714af7c0dba1","name":"WinPython","type":"tool","source":"Tidal Cyber","software_attack_id":"S3983","tidal_id":"b4a20e4d-16c3-5230-ae9c-80614b34c0ee","created":"2026-01-23T20:31:11.964992Z","modified":"2026-01-23T20:31:11.964997Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7cd373b2-167e-4457-b58f-70ce40d8940b","name":"WPy64-31401","description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","source":"USER","associated_software_id":"885b6f77-d750-4358-9eef-81232543880e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Huntress January 16 2026](/references/98f6f667-388b-4317-ad3e-be1caa99b87c)]</sup>","group_attack_id":"G3213","group_id":"a0202bc8-abe6-42c1-ac84-1dc27b9e322f","name":"KongTuke","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5ce5687b-1019-48fe-8fc0-2c234e2cae97","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"bdc129dd-67e5-4471-b650-2029a7b30301","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3d0b4de9-8498-4219-a232-53582cddb1b3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"d9792748-b81a-4d82-a45e-de05c2a23dbf","name":"WinRAR","type":"tool","source":"Tidal Cyber","software_attack_id":"S3105","tidal_id":"50922acf-c1a6-5524-ae53-de07b593b0d0","created":"2023-12-22T16:36:14.349379Z","modified":"2023-12-22T16:36:14.349383Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7c41e19e-6a95-4e4d-9274-2aa3a3cab757","name":"R.exe","description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","source":"USER","associated_software_id":"42eb966f-b2a6-4f7f-a8b7-0b98ba8241d2","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[None November 28 2025](/references/d66a4368-9233-4628-9a05-014f6d58259b)]</sup>","group_attack_id":"G3178","group_id":"3be36063-6383-42b5-ad7e-f41abf84f1ae","name":"Autumn Dragon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Intezer December 19 2025](/references/53d1f9b0-855f-4478-9e13-a15f2dcdec9f)]</sup>","group_attack_id":"G3186","group_id":"86a9fd02-00d4-40da-acb5-15c953cb126c","name":"Paper Werewolf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[huntress.com November 14 2024](/references/0418012c-af7e-47b0-b690-85fd634532e4)]</sup>","group_attack_id":"G3098","group_id":"7015d001-9dcc-4361-9d27-4799d73ec426","name":"SafePay Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos Akira May 9 2023](/references/1343b052-b158-4dad-9ed4-9dbb7bb778dd)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G3062","group_id":"753c7cd1-ca9f-4632-bbd2-fd55b9e70b10","name":"Salt Typhoon (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[National-Digital-Agency November 14 2025](/references/16bfc78d-3c16-4eb9-997d-1ada2e9d9aee)]</sup>","group_attack_id":"G1044","group_id":"c4336f3a-1902-5eb1-8ad1-204da1267dcc","name":"APT42","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Kaspersky September 30 2021](/references/8851f554-05c6-4fb0-807e-2ef0bc28e131)]</sup>","group_attack_id":"G1045","group_id":"759dcc8f-01ae-503f-922f-b144cd54ea15","name":"Salt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cisco Talos Blog October 02 2025 10 02 2025](/references/d2d2ef04-150e-445d-811e-e0174dfc3d10)]</sup>","group_attack_id":"G3138","group_id":"c7b07e2a-8c2d-4a86-a83a-e820e4aaeb92","name":"UAT-8099","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[ESET MirrorFace December 14 2022](/references/e1896c15-8f19-43e4-96b0-cfd442966b28)]</sup>","group_attack_id":"G3095","group_id":"a59f3dd2-7685-4442-894c-bbb068540321","name":"MirrorFace","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"17de9f8f-ac50-4ff7-8e6f-7b4d0f9169bb","tag":"a98d7a43-f227-478e-81de-e7299639a355"},{"id":"02cad956-5397-49e8-853e-019a73f6f4b9","tag":"1dc2830c-99a9-4615-91f2-12c278077959"},{"id":"38c2655e-25e5-4b52-aa74-faf0f71c574f","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"f1ece12f-6f13-4efb-91fc-deb1138488b6","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"edda3978-512f-4eef-a6b8-7be3813d23bb","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"2dbe09bb-2ef6-4cb0-b5ca-76a02b428980","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"41237b62-eef4-48da-87f4-3ff52ae55200","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"0fd756ed-5692-411f-85a7-ff9c9cdb1649","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"0cb94371-1c86-4328-b71a-3b1076a3422d","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"920e665e-559d-40c0-8507-324713d894e8","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"16363fad-fdc1-4df3-9264-7442f8791c5a","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"93869375-dbc0-458b-a2ac-decc6e83e83d","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d47cafaa-c4a2-4675-9866-b50688d99726","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"f94cb1b6-4809-4073-836c-95c3000588a3","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"41ddf33e-7a1c-4d69-b297-75fa141ee763","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"f1a4af39-4f97-4bf8-a4cf-a83af5fbe27f","tag":"23d0545e-45fa-4f0a-957e-deb923039c80"}],"owner_name":"TidalCyberIan"},{"id":"8807e10c-dc1b-4dab-8f60-c03a85c18873","name":"winrm","type":"tool","source":"Tidal Cyber","software_attack_id":"S3384","tidal_id":"a239bd5b-9b59-5862-868d-e0c55088feaa","created":"2024-01-12T14:48:49.162580Z","modified":"2024-01-12T14:48:49.162584Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"affb4195-f9e3-4f84-85ae-84a1886c1403","name":"Windows Remote Management","description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","source":"USER","associated_software_id":"d7a1efa6-853e-46e1-8eda-e82873d323ef","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"2e345a9b-d508-4166-80a2-860287434dc6","name":"winrm.vbs","description":"<sup>[[winrm.vbs - LOLBAS Project](/references/86107810-8a1d-4c13-80f0-c1624143d057)]</sup>","source":"Tidal Cyber","associated_software_id":"65478a44-ca42-48cc-a03e-cd67353fc39f","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G1050","group_id":"93901942-0750-59a5-a244-3ee9ae3bc255","name":"Water Galura","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Huntress November 05 2025](/references/89cb0d2d-3043-43c4-8c19-64e1a5029ced)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Sophos News April 1 2025](/references/7066ca7e-03e9-4d3c-8d10-2a659c79c859)]</sup>","group_attack_id":"G3108","group_id":"e5395df4-59e0-4eb7-b864-335bfd3a9bc2","name":"Qilin Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"a1418408-3cb1-4743-bc9f-a0270b88b348","tag":"5cd85fec-0e37-4892-9cd2-bb8c70139072"},{"id":"4af8c8cb-26f2-4085-9cd1-bf7b3cd8bc27","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d8db7cf2-5b19-4328-90c2-aa34b2eab660","tag":"2eecd309-e75d-4f7b-8f6f-e11213f48b12"},{"id":"97703781-3239-4c03-b15d-88c2133bf014","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"8ef7b3b9-f197-47ba-a378-0b9708fdfd77","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3ded75ea-b253-48cd-94e7-aef53e0d1e31","name":"WinSCP","type":"tool","source":"Tidal Cyber","software_attack_id":"S3050","tidal_id":"0136025b-b023-5ca7-80e3-b150eac65466","created":"2023-08-18T18:56:24.959618Z","modified":"2023-08-18T18:56:24.959632Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Andariel July 25 2024](/references/b615953e-3c6c-4201-914c-4b75e45bb9ed)]</sup>","group_attack_id":"G0138","group_id":"2cc997b5-5076-4eef-9974-f54387614f46","name":"Andariel","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro September 09 2025](/references/b49a1225-233f-47e8-95e5-db092e790cd0)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[TrendMicro Akira October 5 2023](/references/8f45fb21-c6ad-4b97-b459-da96eb643069)]</sup>","group_attack_id":"G1024","group_id":"923f478c-7ad1-516f-986d-61f96b9c553e","name":"Akira","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Black Basta May 10 2024](/references/10fed6c7-4d73-49cd-9170-3f67d06365ca)]</sup>","group_attack_id":"G3037","group_id":"7f52cadb-7a12-4b9d-9290-1ef02123fbe4","name":"Black Basta Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Play Ransomware December 2023](/references/ad96148c-8230-4923-86fd-4b1da211db1a)]</sup>","group_attack_id":"G1040","group_id":"60f686d0-ae3d-5662-af32-119217dee2a7","name":"Play","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 August 23 2024](/references/d6c50145-2bf9-4f7c-97b9-81cc2e1575f2)]</sup>","group_attack_id":"G3126","group_id":"3792cb2f-205a-4a70-962b-a84f8b445584","name":"ShinyHunters","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[S-RM March 25 2025](/references/ffa47884-4eef-445e-99e3-02f64cc2f7fc)]</sup>","group_attack_id":"G3100","group_id":"35aa3c2a-eea0-480a-b338-c82808643026","name":"NightSpire","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Trend Micro BlackCat October 27 2022](/references/94aef206-b4cb-4d91-9843-96cf50af157c)]</sup>","group_attack_id":"G3019","group_id":"33159d02-a1ce-49ec-a381-60b069db66f7","name":"BlackCat Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Understanding LockBit June 2023](/references/9c03b801-2ebe-4c7b-aa29-1b7a3625964a)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA RansomHub Ransomware August 29 2024](/references/af338cbd-6416-4dee-95c7-6915f78e2604)]</sup>","group_attack_id":"G3049","group_id":"94794e7b-8b54-4be8-885a-fd1009425ed5","name":"RansomHub Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Interlock Ransomware July 22 2025](/references/4da07d81-4647-470b-9ee0-34e853bfe68e)]</sup>","group_attack_id":"G3116","group_id":"ec680afc-ea1f-4b08-93b3-56a6c3f1b365","name":"Interlock Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit42 Luna Moth November 21 2022](/references/042f51db-c9f3-4827-883d-d7e7422fd642)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Mandiant UNC961 March 23 2023](/references/cef19ceb-179f-4d49-acba-5ce40ab9f65e)]</sup>","group_attack_id":"G3027","group_id":"b07431f8-fcf0-4204-8e7c-138eb5cd5342","name":"UNC3966","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"641aa4cd-c761-473a-b2dd-8140b612e70e","tag":"27a117ce-bb19-4f79-9bc2-a851b69c5c50"},{"id":"6f05064a-e4aa-4fd6-bd3f-fcd9acee8848","tag":"6070668f-1cbd-4878-8066-c636d1d8659c"},{"id":"5f1dae2d-aa32-45a9-906f-d1628d6fa466","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"e99b519a-faf9-4fd0-998b-37802342e602","tag":"d903e38b-600d-4736-9e3b-cf1a6e436481"},{"id":"4dbf2eaa-3258-4cc4-9cc1-ed9f35100db3","tag":"c5a258ce-9045-48d9-b254-ec2bf6437bb5"},{"id":"96015ca8-02f7-49e5-bec4-de1dc73e685d","tag":"cc4ea215-87ce-4351-9579-cf527caf5992"},{"id":"d895a15b-84c5-46d2-99b7-4ca41d643d20","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"fec65941-2d0e-4d38-8230-a78a18142126","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"646054da-70e3-49b7-bee1-22f2e391b8e2","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"d5862847-dde4-46da-81df-cff736bb1c6a","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"fd263f72-b0f8-4b99-8df1-1fc79e197dc8","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"c09285a0-4e13-489f-bf06-54574faff766","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"d439e515-d2ec-4ffb-9c8d-2b1671917917","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"0da2b6a3-beb1-4a0c-84b8-c8bed6283d30","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"3f872ecf-9f82-4670-99bb-709827a6f3cb","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f5ff7515-3116-472e-a4bb-54d96e4af47d","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"16348d5c-f834-472f-b98d-ffc379cd8378","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"a9b58536-cfe2-4b76-aa74-f4e0d8bb3e7c","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"faf98c83-70dd-4ce3-88cf-12ea2ad81fe3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"7adaeb79-087f-4d65-8f8f-d4689755b107","name":"Winword","type":"tool","source":"Tidal Cyber","software_attack_id":"S3371","tidal_id":"39ecc39b-4662-592f-8eef-9cc1ea09d420","created":"2024-01-12T14:48:44.213509Z","modified":"2024-01-12T14:48:44.213513Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1c74cced-8dc0-4c39-8377-7afc77ae45d3","name":"Winword.exe","description":"<sup>[[Winword.exe - LOLBAS Project](/references/6d75b154-a51d-4541-8353-22ee1d12ebed)]</sup>","source":"Tidal Cyber","associated_software_id":"5f6ec10f-8c3d-4656-89bc-f349fe8e5149","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[IBM TA505 April 2020](/references/bcef8bf8-5fc2-4921-b920-74ef893b8a27)]</sup>","group_attack_id":"G0092","group_id":"b3220638-6682-4a4e-ab64-e7dc4202a3f1","name":"TA505","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"cf826713-0a09-4e70-a010-3b72438d52a0","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"01bcd4d1-e0ed-46ed-a8b0-69df121983ab","tag":"228354f0-c709-4a16-a489-c5098ae06c17"},{"id":"dbd2077a-26f3-41ee-b8eb-814d9cb407b3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"01db3ce5-9337-4ec8-973c-2d5cad0458fb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"627e05c2-c02e-433e-9288-c2d78bce156f","name":"Wiper","type":"malware","source":"MITRE","software_attack_id":"S0041","tidal_id":"f2477965-b4dc-5000-a240-f7af623d17f3","created":"2017-05-31T21:32:32.915000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[{"id":"b66dd22f-da9c-4639-855c-5908fd70e6bb","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"93b02819-8acc-5d7d-ad11-abb33f9309cc","name":"WIREFIRE","type":"malware","source":"MITRE","software_attack_id":"S1115","tidal_id":"5f86a0de-acc4-551f-b378-7b886e487438","created":"2024-04-25T13:28:21.415769Z","modified":"2024-04-25T13:28:21.415772Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[{"id":"3cf24b73-76b6-5096-a183-f36cafa62b80","name":"GIFTEDVISITOR","description":"<sup>[[Volexity Ivanti Zero-Day Exploitation January 2024](https://app.tidalcyber.com/references/93eda380-ea21-59e0-97e8-5bec1f9a0e71)]</sup>","source":"MITRE","associated_software_id":"45c7c1e5-65b7-44f4-9807-831e55a2397c","owner_id":null,"owner_name":null}],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"11e2d939-cc86-500c-8b26-fb0d95485a0b","name":"WireLurker","type":"malware","source":"Mobile","software_attack_id":"S0312","tidal_id":"11e2d939-cc86-500c-8b26-fb0d95485a0b","created":"2026-01-28T13:08:09.937916Z","modified":"2026-01-28T13:08:09.937917Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"804da3b9-9c3a-4937-aa4a-efddfa5c176e","name":"Wireshark","type":"tool","source":"Tidal Cyber","software_attack_id":"S3110","tidal_id":"ddcad5d4-7689-586e-b65d-b42f1e1dc456","created":"2024-03-01T20:23:49.101574Z","modified":"2024-03-01T20:23:49.101579Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"6fe82bf0-bfd9-4c60-b48a-5279bb89c6ae","tag":"dbe18a6a-c8f9-451e-837e-5a7f25dcf913"},{"id":"9ad6aaf0-c5be-48e7-85b7-b27b77c995dc","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"879c6fdd-44fd-4f55-8b2c-94b62bd1b90b","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"e8ee3c91-39d8-4e24-b162-ff108115da5f","tag":"cd1b5d44-226e-4405-8985-800492cf2865"}],"owner_name":"TidalCyberIan"},{"id":"f3eb99a8-b7b5-4e90-8e99-3f38309402c0","name":"Wlrmdr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3296","tidal_id":"3eb86c68-719e-537f-b637-bb664fc92d75","created":"2024-01-12T14:48:16.139254Z","modified":"2024-01-12T14:48:16.139258Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"0ca4e814-9eac-4d3e-bc73-4276ec713d6b","name":"Wlrmdr.exe","description":"<sup>[[Wlrmdr.exe - LOLBAS Project](/references/43bebdc3-3072-4a3d-a0b7-0b23f1119136)]</sup>","source":"Tidal Cyber","associated_software_id":"bb8be8ef-1d72-4e76-a111-4ddd0c4aa9d6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"dc428616-a6ca-41a5-b8d5-0ceb9a19adcc","tag":"ebf92004-6e43-434c-8380-3671cf3640a2"},{"id":"958d57cf-662c-4bac-9637-50092db9f926","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"973390fe-490f-404e-814f-9132cd42f3fb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"f88a93a1-7d75-42b6-b953-1c557b48e565","name":"WMI and COM APIs","type":"tool","source":"Tidal Cyber","software_attack_id":"S3918","tidal_id":"43ff06bb-e51f-576e-bcc5-d62ba4bed6ac","created":"2026-01-14T13:31:35.357411Z","modified":"2026-01-14T13:31:35.357420Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"ea68ea05-4a40-4cc8-a2e3-62b8d27afeba","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"62ece3c8-02e1-482a-ad8a-3f5f6df706f2","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"3a15c72e-4477-436a-8226-d13e0c39b1b9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a3b858ba-55bc-44a4-a223-d7b135cf7782","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"24f3b066-a533-4b6c-a590-313a67154ba0","name":"Wmic","type":"tool","source":"Tidal Cyber","software_attack_id":"S3297","tidal_id":"1cef6881-1215-52db-be9a-13d58e7cdd95","created":"2024-01-12T14:48:16.527952Z","modified":"2024-01-12T14:48:16.527956Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d27a5109-8933-4343-a152-4874fcffce41","name":"Windows Management Instrumentation (WMI)","description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","source":"USER","associated_software_id":"5f39db8d-e059-4886-a365-443ac2f2bfac","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"504309f3-66ae-4133-9b0f-866ade3f03c8","name":"WMI (Windows Management Instrumentation)","description":"<sup>[[Cybereason The Gentlemen November 18 2025](/references/bc7807fd-020a-42b4-a311-1a1673a8f90a)]</sup>","source":"USER","associated_software_id":"22a6e44c-b68d-4548-aafc-417a803a6a53","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"0ebb4a00-0ac0-47ff-b000-2fb0374e599c","name":"Windows Management Instrumentation","description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","source":"USER","associated_software_id":"d53991d9-ef6c-4b4d-bbb0-c00041c8b4f6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"089e5b39-5863-4018-b34d-95f2cd3cb51e","name":"WMI","description":"<sup>[[None October 29 2025](/references/3dacc043-780d-46fc-b61b-4be1d1dbdbad)]</sup>","source":"USER","associated_software_id":"ecbe43dd-0e43-46ca-a010-1c713b841f32","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"56e04589-f5f9-4724-9f87-ab7dd241d5f7","name":"Wmic.exe","description":"<sup>[[LOLBAS Wmic](/references/497e73d4-9f27-4b30-ba09-f152ce866d0f)]</sup>","source":"Tidal Cyber","associated_software_id":"e7d40056-45fd-4e73-a7f4-750253b18d30","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[None December 16 2025](/references/77a0f06e-b16f-4d3d-998e-0af3e1789624)]</sup>","group_attack_id":"G0099","group_id":"153c14a6-31b7-44f2-892e-6d9fdc152267","name":"APT-C-36","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Cybereason The Gentlemen November 18 2025](/references/bc7807fd-020a-42b4-a311-1a1673a8f90a)]</sup>","group_attack_id":"G3140","group_id":"7c12d5b6-be33-4611-836f-4f95b6d99070","name":"The Gentlemen","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G1051","group_id":"5dd29b96-60b6-5c98-8fc0-510502c700b0","name":"Medusa Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA Hive November 25 2022](/references/fce322e6-5e23-404a-acf8-cd003f00c79d)]</sup>","group_attack_id":"G3041","group_id":"05cd82bb-f8fc-40f3-83ba-1586ef953d05","name":"Hive Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Huntress INC Ransomware August 11 2023](/references/37c82ff5-f565-445b-9fa5-bb172b5f425c)]</sup>","group_attack_id":"G1032","group_id":"8957f42d-a069-542b-bce6-3059a2fa0f2e","name":"INC Ransom","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Volt Typhoon February 7 2024](/references/c74f5ecf-8810-4670-b778-24171c078724)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Russian GRU Targeting May 21 2025](/references/fb2f8efe-1e54-42c3-90eb-b1acba8f55b3)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Phobos February 29 2024](/references/bd6f9bd3-22ec-42fc-9d85-fdc14dcfa55a)]</sup>","group_attack_id":"G3033","group_id":"f138c814-48c0-4638-a4d6-edc48e7ac23a","name":"Phobos Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3114","group_id":"66c5a800-2876-4d9f-93f9-f7e0979de603","name":"Hunters International","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[TrendMicro Water Ouroboros March 5 2025](/references/feb327e7-06fa-44e4-a0c9-1dbc80aa9246)]</sup>","group_attack_id":"G3115","group_id":"cffbafea-5cc9-4bb1-96d4-c65f9ca3cef0","name":"World Leaks","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[U.S. CISA Medusa Ransomware March 12 2025](/references/16dc8fe1-73fa-4f8a-92a0-b1fac2908c47)]</sup>","group_attack_id":"G3021","group_id":"316a49d5-5fe0-4e0b-a276-f955f4277162","name":"Medusa Ransomware Actors (Deprecated)","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Symantec WastedLocker June 2020](/references/061d8f74-a202-4089-acae-687e4f96933b)]</sup>","group_attack_id":"G0119","group_id":"3c7ad595-1940-40fc-b9ca-3e649c1e5d87","name":"Indrik Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]</sup>","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[NCC Group Chimera January 2021](/references/70c217c3-83a2-40f2-8f47-b68d8bd4cdf0)]</sup>","group_attack_id":"G0114","group_id":"ca93af75-0ffa-4df4-b86a-92d4d50e496e","name":"Chimera","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[DFIR Report APT35 ProxyShell March 2022](/references/1837e917-d80b-4632-a1ca-c70d4b712ac7)]</sup>","group_attack_id":"G0059","group_id":"7a9d653c-8812-4b96-81d1-b0a27ca918b4","name":"Magic Hound","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[The DFIR Report April 25 2022](/references/2e28c754-911a-4f08-a7bd-4580f5283571)]</sup>","group_attack_id":"G3043","group_id":"e75a1b98-be68-467f-a8df-bcb7671543b3","name":"Quantum Ransomware Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"","group_attack_id":"G3008","group_id":"a58f147b-1f02-427d-a375-c4246335cb20","name":"DragonForce Ransomware Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[{"id":"1de727a8-0607-4007-914f-927f55025285","tag":"98dc51bc-b8e1-4e77-8cda-72698b2768be"},{"id":"0bfd226a-6633-46ab-9c9d-58ce535bc860","tag":"2185ed93-7e1c-4553-9452-c8411b5dca93"},{"id":"15fc996a-0e59-46de-a960-3a686ab61924","tag":"d8f7e071-fbfd-46f8-b431-e241bb1513ac"},{"id":"aedd95e2-6214-42ec-ac60-09e2c8241548","tag":"61cdbb28-cbfd-498b-9ab1-1f14337f9524"},{"id":"a398dea5-f2dc-4ab2-9f31-2af1911e776c","tag":"d819ae1a-e385-49fd-88d5-f66660729ecb"},{"id":"904a7d8b-207e-4e85-a7dd-d59c34e8ef78","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"cfb13216-817f-4bc4-9bf1-fd588d006836","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"},{"id":"e652426e-2ac5-4b32-ac56-55cb88872862","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"e155c78d-8e4f-4ef8-a43b-3d5126378453","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"1f999abc-292d-4dc1-b648-845f49ac5fc8","tag":"904ad11a-20ca-479c-ad72-74bd5d9dc7e4"},{"id":"f1f79bdf-1f0d-4f9c-938f-30e40850c97c","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"9c63e1f1-3f90-41fa-9399-f611d7ea39fb","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"80ca6867-9d20-4acb-ac70-eec5095be17e","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"7d088723-7dcb-4a89-817b-bd0da1b0bc37","tag":"9988b5fd-6235-4a8e-bb8e-d9124ead11d4"},{"id":"d1b30f8d-7a66-4484-92c9-47c0584cbf2f","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"ba42a122-c52a-47df-80ac-780031ba3cc3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"644e8b37-4361-4ff0-88bc-6d0fbd986469","name":"wmsgapi.dll","type":"tool","source":"Tidal Cyber","software_attack_id":"S3766","tidal_id":"7c999fb6-fdbd-525d-87c9-8e258b92e06d","created":"2025-12-17T14:18:51.762735Z","modified":"2025-12-17T14:18:51.762738Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Sophos News December 07 2025](/references/d74c88c0-25fe-419a-bf69-1603d1b3a597)]</sup>","group_attack_id":"G3170","group_id":"dddd119f-edac-4077-958b-6a775dd4a147","name":"Shanya Packer Operator","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"5b9c99e7-47a3-4cc8-956d-13dca323b641","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"036eed71-156e-4427-8cd3-9607fa41bb24","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"022df4f5-70da-53f9-b7ac-015b5f819d22","name":"WolfRAT","type":"malware","source":"Mobile","software_attack_id":"S0489","tidal_id":"022df4f5-70da-53f9-b7ac-015b5f819d22","created":"2026-01-28T13:08:09.939065Z","modified":"2026-01-28T13:08:09.939067Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"1f374a54-c839-5139-b755-555c66a21c12","name":"Woody RAT","type":"malware","source":"MITRE","software_attack_id":"S1065","tidal_id":"a50a812e-a6c5-556f-bb95-18827b6fdac0","created":"2023-05-26T01:20:52.574375Z","modified":"2023-05-26T01:20:52.574379Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"7720f60a-5c03-4241-b635-6313eceb3307","name":"WorkFolders","type":"tool","source":"Tidal Cyber","software_attack_id":"S3298","tidal_id":"bfc3930c-d82d-5065-a73a-5584b3205048","created":"2024-01-12T14:48:16.889080Z","modified":"2024-01-12T14:48:16.889084Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"1d09058a-5903-49e8-ba83-ed7825c0fdc3","name":"WorkFolders.exe","description":"<sup>[[WorkFolders.exe - LOLBAS Project](/references/42cfa3eb-7a8c-482e-b8d8-78ae5c30b843)]</sup>","source":"Tidal Cyber","associated_software_id":"29f24b94-b871-4306-b75b-0a4b01860d0c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5bae50d3-7f30-4c95-beb3-4610dfbd2f63","tag":"b5581207-a45f-4f7f-b637-14444d716ad1"},{"id":"0b494b04-4c9d-4f74-bc17-13f7ee0593ba","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b72c0553-efde-4877-9b12-3636831fdde3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a48c0208-2388-47a0-8348-4045ca2f3ca3","name":"WRECKSTEEL","type":"malware","source":"Tidal Cyber","software_attack_id":"S3598","tidal_id":"7f50b2f2-7b1b-5dc8-920f-64d82867cc58","created":"2025-10-17T17:09:54.306973Z","modified":"2025-10-17T17:09:54.306976Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CERT-UA New cyber threats October 08 2025](/references/35467d53-626d-4c81-9f8e-ff9c24b7666b)]</sup>","group_attack_id":"G3142","group_id":"01a5e829-e94d-49f5-881e-35c879b2bbff","name":"UAC-0219","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"3b31ecfa-9a1e-47e5-afff-d1a540dcebf3","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"82603f32-cf42-4571-804f-ed8189e02b73","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"d943d0e1-ff47-4129-89f0-70d82e60a7db","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"47c30fda-eff3-4f59-8346-367e305da286","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"c588cec3-ee96-4315-a336-011479e50ed4","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c0413d89-e958-4d6b-94ee-acdba0f303e8","name":"WriteOnly","type":"malware","source":"Tidal Cyber","software_attack_id":"S3883","tidal_id":"683dc921-23a7-5bfc-a1a7-05c223c01f93","created":"2026-01-06T18:05:07.867791Z","modified":"2026-01-06T18:05:07.867795Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c7d6a138-9e9e-407b-bb57-9ce96e42ce17","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"23c1b03d-3345-48f0-afcf-35a8f6c04b71","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"7094cfb5-4f79-4dc1-b2df-671ede2c227d","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"41ce37a0-b066-4288-b6fd-4cb7979cf306","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"fe2c2208-e82b-4c7d-b307-19eb456b6a1c","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"353e797e-1ebe-4abb-a2e4-da273fd9b809","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"38f11ba3-3a50-49c2-ab10-c0a5fc3bf305","name":"wsc_proxy.exe","type":"tool","source":"Tidal Cyber","software_attack_id":"S3657","tidal_id":"f203e743-9eaa-5e1d-8e16-4ae67df045ec","created":"2025-11-26T19:38:18.526886Z","modified":"2025-11-26T19:38:18.526890Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"8c76bb22-8bf8-4148-af68-b7807eff78d8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6eaf1e05-b14a-4511-af5c-1dc873f5f0e2","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"be8d1032-3452-4d44-83cb-c7ece7d5a052","name":"Wscript","type":"tool","source":"Tidal Cyber","software_attack_id":"S3299","tidal_id":"73779908-8bdd-5660-aaed-3f97c7924e33","created":"2024-01-12T14:48:17.254053Z","modified":"2024-01-12T14:48:17.254058Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"93a54457-fe89-4543-b1de-a25ca650f08d","name":"Windows Script Host","description":"<sup>[[Trend Micro January 12 2026](/references/836489cd-dd2c-4a0d-8783-c055206131e1)]</sup>","source":"USER","associated_software_id":"c803bdea-c1e5-4d38-97ed-b3020382f998","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"f76320a6-b534-48a0-aa56-5d8f9bb347bc","name":"WSH","description":"<sup>[[Trend Micro January 12 2026](/references/836489cd-dd2c-4a0d-8783-c055206131e1)]</sup>","source":"USER","associated_software_id":"f7a18542-1bf8-48ef-8e46-c9904dec4574","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"45b873fa-6ccc-4c51-aeb1-29a9a92a587f","name":"Wscript.exe","description":"<sup>[[Wscript.exe - LOLBAS Project](/references/6c536675-84dd-44c3-8771-70120b413db7)]</sup>","source":"Tidal Cyber","associated_software_id":"eb4ba697-857a-4e23-9eff-f3aacdaaaa46","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Palo Alto Unit 42 OutSteel SaintBot February 2022](/references/b0632490-76be-4018-982d-4b73b3d13881)]</sup>","group_attack_id":"G1003","group_id":"407274be-1820-4a84-939e-629313f4de1d","name":"Ember Bear","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"85506027-3b44-42b9-9540-0d5d7b91b91a","tag":"b4520b56-73e3-43fd-9f0d-70191132b451"},{"id":"5216affd-79e9-4d4f-aebf-7141491f2199","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"6e995aa0-3ada-4602-ad5c-bb66180744bd","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"848cef5e-c632-4ac8-a307-753cfb18e7d1","name":"WScript.Shell","type":"tool","source":"Tidal Cyber","software_attack_id":"S3886","tidal_id":"bcdf3983-cac7-5554-8f95-334d43ede88a","created":"2026-01-06T18:05:08.323838Z","modified":"2026-01-06T18:05:08.323841Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[CYFIRMA December 30 2025](/references/f2cc063a-854f-4f13-8679-f862a018fa38)]</sup>","group_attack_id":"G0134","group_id":"441b91d1-256a-4763-bac6-8f1c76764a25","name":"Transparent Tribe","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Www.cloudsek.com January 09 2026](/references/1f12b457-540c-4e11-bd9b-df360a318aa6)]</sup>","group_attack_id":"G0069","group_id":"dcb260d8-9d53-404f-9ff5-dbee2c6effe6","name":"MuddyWater","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"ad402d14-9ca2-4e1c-9bb1-033cb0201378","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"66f576b0-756b-43a6-9a09-762c521cd0d4","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"9cf955dc-3c71-4973-99e8-e745c3105781","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"87b787a9-d99a-41c7-8224-0bd809e09eee","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9663965e-0fd1-45c3-a138-c7539ed91832","name":"Wsl","type":"tool","source":"Tidal Cyber","software_attack_id":"S3372","tidal_id":"998a76c5-3ae8-56fd-89e3-605cd9d1d08e","created":"2024-01-12T14:48:44.560367Z","modified":"2024-01-12T14:48:44.560371Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"7a6e5ea8-c20a-49e7-844a-fe511889b564","name":"Wsl.exe","description":"<sup>[[Wsl.exe - LOLBAS Project](/references/c147902a-e8e4-449f-8106-9e268d5367d8)]</sup>","source":"Tidal Cyber","associated_software_id":"b7b8a330-d1f6-48f6-b49a-cbe7a786d1a3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"78fea509-8c8d-4fa3-99d8-b82ead2e1061","tag":"96ebb518-7c1f-4011-a3ec-42aa78a95e4f"},{"id":"f8a7ba6c-93e1-4396-8ed0-8263fd57c921","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"09749cf8-c428-4d57-a8b9-43963a79a9f3","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"b75e4dcf-62ed-44cc-b9d2-d6d1b90955a8","name":"Wsreset","type":"tool","source":"Tidal Cyber","software_attack_id":"S3300","tidal_id":"f786008d-0d82-56fa-ae37-100f390abf5a","created":"2024-01-12T14:48:17.616157Z","modified":"2024-01-12T14:48:17.616161Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"72ce2857-99d8-424a-b4ac-c04907124185","name":"Wsreset.exe","description":"<sup>[[Wsreset.exe - LOLBAS Project](/references/24b73a27-f2ec-4cfa-a9df-59d4d4c1dd89)]</sup>","source":"Tidal Cyber","associated_software_id":"1736ed77-6f0e-4e70-89b1-8e41a005aae3","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"4e58ed9a-3bfe-4d44-93b0-eadf66521b82","tag":"291fab5d-e732-4b19-83e4-ee642b2ae0f0"},{"id":"56a9a02b-0354-4408-b473-653fa2d2e89b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"e2d8e851-d40a-4f36-b9cc-d929a4343592","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"a34b303e-e8bb-48b2-85e0-f6e2620d68ab","name":"wt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3305","tidal_id":"7cf18791-59cc-5a08-9dae-5baaa97aab63","created":"2024-01-12T14:48:19.442241Z","modified":"2024-01-12T14:48:19.442245Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"6f1cff42-3758-4eb6-b43f-18003d6d8edb","name":"wt.exe","description":"<sup>[[wt.exe - LOLBAS Project](/references/bbdd85b0-fdbb-4bd2-b962-a915c23c83c2)]</sup>","source":"Tidal Cyber","associated_software_id":"11184347-6e49-4c9c-b730-636f2db7bdf6","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"faa479b7-4cc9-4a1d-9f89-908b6e95dad9","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"77708835-1277-4693-bc79-0eccad021ce4","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"06fe608d-a517-492f-8557-cfb820984146","name":"wuauclt","type":"tool","source":"Tidal Cyber","software_attack_id":"S3301","tidal_id":"db795e8e-5abf-55fb-8812-e814b1c12631","created":"2024-01-12T14:48:17.970839Z","modified":"2024-01-12T14:48:17.970843Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fcc59f33-7732-4dcc-b1cf-4f78a2459a74","name":"wuauclt.exe","description":"<sup>[[wuauclt.exe - LOLBAS Project](/references/09229ea3-ffd8-4d97-9728-f8c683ef6f26)]</sup>","source":"Tidal Cyber","associated_software_id":"1fa5cc14-037c-4940-9816-76e009769429","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Lazarus APT January 2022](/references/fbd96014-16c3-4ad6-bb3f-f92d15efce13)]</sup><sup>[[Qualys LolZarus](/references/784f1f5a-f7f2-45e8-84bd-b600f2b74b33)]</sup>","group_attack_id":"G0032","group_id":"0bc66e95-de93-4de7-b415-4041b7191f08","name":"Lazarus Group","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"66d1d5ce-e57a-40b0-b1ab-d590e75ec155","tag":"03f0e493-63ae-47b5-8353-238390a895a8"},{"id":"44d07b6b-ae87-4e29-9786-3978a2d19205","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"5e94e9f3-95fc-48af-88e4-af514c44bbcc","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"2e37322c-0053-4f98-989b-df91860af3a4","name":"Wwigu.exe","type":"malware","source":"Tidal Cyber","software_attack_id":"S3909","tidal_id":"7137218f-8732-599a-9e3f-7dc54d854faa","created":"2026-01-14T13:31:33.759646Z","modified":"2026-01-14T13:31:33.759651Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Securonix January 05 2026](/references/314a9db4-8a16-4732-aa23-b24b38897943)]</sup>","group_attack_id":"G3197","group_id":"a28a00b1-dbee-448c-9f91-690dcca00de8","name":"PHALT#BLYX Threat Actor","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"809341d1-8640-494a-85d4-15a4fecc95da","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"381b98f0-11bd-4b1f-85f9-ec2ab4887c0a","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"b0999d75-95e0-4538-8d47-8c3614207f3b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"6b80f1c4-95dd-4cc7-ae43-9b85bbf29e3d","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"027bfa11-157a-4050-8cd9-eb7ddbd17021","name":"wzshiming sshd","type":"tool","source":"Trellix TIG","software_attack_id":"S3404","tidal_id":"14482e90-6b87-5683-83d5-1b08b1585448","created":"2025-04-11T15:06:38.696029Z","modified":"2025-04-11T15:06:38.696033Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"e0a33476-66d3-5da4-97c2-b2149a42fdf9","name":"X-Agent for Android","type":"malware","source":"Mobile","software_attack_id":"S0314","tidal_id":"e0a33476-66d3-5da4-97c2-b2149a42fdf9","created":"2026-01-28T13:08:09.938212Z","modified":"2026-01-28T13:08:09.938213Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[CrowdStrike-Android](https://app.tidalcyber.com/references/d561c364-6654-5080-9c68-05932f6addc6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"Mobile"}],"tags":[],"owner_name":null},{"id":"6f411b69-6643-4cc7-9cbd-e15d9219e99c","name":"XAgentOSX","type":"malware","source":"MITRE","software_attack_id":"S0161","tidal_id":"e073d4ba-4738-503a-9521-9936f3e0868e","created":"2017-12-14T16:46:06.044000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"f03d380b-2f8c-4131-ba2f-d16c9c550413","name":"OSX.Sofacy","description":"<sup>[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]</sup>","source":"MITRE","associated_software_id":"469e0e63-774e-4627-8e71-d4b206958acf","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[XAgentOSX 2017](https://app.tidalcyber.com/references/2dc7a8f1-ccee-46f0-a995-268694f11b02)]</sup><sup>[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]</sup><sup>[[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"ab442140-0761-4227-bd9e-151da5d0a04f","name":"Xbash","type":"malware","source":"MITRE","software_attack_id":"S0341","tidal_id":"4f5af5f5-0029-5ad4-b460-68c96a9e6af9","created":"2019-01-30T13:28:47.452000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"aab4e199-7fca-41b2-b543-ed3669c6ea69","name":"XBootMgr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3871","tidal_id":"2630679b-0d39-50c3-b107-61f59af98c16","created":"2026-01-06T18:05:05.825948Z","modified":"2026-01-06T18:05:05.825951Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"97a856ff-c1c2-47cc-8da1-c7311666af81","name":"XBootMgr.exe","description":"<sup>[[XBootMgr.exe - LOLBAS Project](/references/8be8bfac-8a82-4f3e-882b-070aadaad497)]</sup>","source":"USER","associated_software_id":"73585323-bc64-44c8-841f-d9b866e0eabc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"a8d6b5a4-5136-455f-b470-ae6df7664d48","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"33f99c3d-5fbc-42e9-819a-e8c26294a7a1","name":"XBootMgrSleep","type":"tool","source":"Tidal Cyber","software_attack_id":"S3872","tidal_id":"65471a3a-cf8b-5dda-8ef6-128f24f70787","created":"2026-01-06T18:05:05.992911Z","modified":"2026-01-06T18:05:05.992915Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4ee9b711-e1a7-42a3-9704-6e2b948a0cf0","name":"XBootMgrSleep.exe","description":"<sup>[[XBootMgrSleep.exe - LOLBAS Project](/references/087ffaa5-6567-4169-b330-af989f1f03bd)]</sup>","source":"USER","associated_software_id":"816380ad-e69f-4510-9482-747da4c26980","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"201ac6ee-9a92-4950-a042-27fee86bcbf1","tag":"303a3675-4855-4323-b042-95bb1d907cca"}],"owner_name":"TidalCyberIan"},{"id":"b37248db-db22-507d-8f9e-8530155fc963","name":"Xbot","type":"tool","source":"Mobile","software_attack_id":"S0298","tidal_id":"b37248db-db22-507d-8f9e-8530155fc963","created":"2026-01-28T13:08:09.939499Z","modified":"2026-01-28T13:08:09.939501Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"11a0dff4-1dc8-4553-8a38-90a07b01bfcd","name":"xCaon","type":"malware","source":"MITRE","software_attack_id":"S0653","tidal_id":"ab4f775d-3307-556b-bc33-8d153c163de4","created":"2021-09-29T00:04:26.906000Z","modified":"2021-10-16T02:20:16.562000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Checkpoint IndigoZebra July 2021](https://app.tidalcyber.com/references/cf4a8c8c-eab1-421f-b313-344aed03b42d)]</sup>","group_attack_id":"G0136","group_id":"988f5312-834e-48ea-93b7-e6e01ee0938d","name":"IndigoZebra","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d943d3d9-3a99-464f-94f0-95aa7963d858","name":"xCmd","type":"tool","source":"MITRE","software_attack_id":"S0123","tidal_id":"d9622ef1-58a9-5b32-bd05-047e5742a6c6","created":"2017-05-31T21:33:11.941000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[{"description":"<sup>[[Mandiant APT1 Appendix](https://app.tidalcyber.com/references/1f31c09c-6a93-4142-8333-154138c1d70a)]</sup>","group_attack_id":"G0006","group_id":"5307bba1-2674-4fbd-bfd5-1db1ae06fc5f","name":"APT1","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e2ae1ffd-dbf9-537d-bd6b-05f3d9ad99be","name":"XcodeGhost","type":"malware","source":"Mobile","software_attack_id":"S0297","tidal_id":"e2ae1ffd-dbf9-537d-bd6b-05f3d9ad99be","created":"2026-01-28T13:08:09.939034Z","modified":"2026-01-28T13:08:09.939036Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"84954209-1e2a-48dd-ba17-0f015f6de3ef","name":"xcopy","type":"tool","source":"Tidal Cyber","software_attack_id":"S3058","tidal_id":"a78e3061-d84c-5e83-9ed4-8f037ed01760","created":"2023-07-14T12:56:41.761596Z","modified":"2023-07-14T12:56:41.761600Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[U.S. CISA Volt Typhoon May 24 2023](/references/12320f38-ebbf-486a-a450-8a548c3722d6)]</sup>","group_attack_id":"G1017","group_id":"4ea1245f-3f35-5168-bd10-1fc49142fd4e","name":"Volt Typhoon","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"953c8a10-8cb9-4039-adb5-6ab4c321042b","tag":"758c3085-2f79-40a8-ab95-f8a684737927"},{"id":"fa9c57aa-faab-4feb-9ed7-c2618fc370e5","tag":"af5e9be5-b86e-47af-91dd-966a5e34a186"},{"id":"1a35243c-df70-4179-9b76-064aa7a93746","tag":"35e694ec-5133-46e3-b7e1-5831867c3b55"},{"id":"66b825e1-c798-4781-86ff-d0e54207ad1e","tag":"1dc8fd1e-0737-405a-98a1-111dd557f1b5"},{"id":"a0a073ad-c9c7-494d-8bc5-f7960e75f12d","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"448e7288-7171-43a0-9144-732d8db6d489","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"3672ecfa-20bf-4d69-948d-876be343563f","name":"XCSSET","type":"malware","source":"MITRE","software_attack_id":"S0658","tidal_id":"a93afedd-9aa7-59b8-afde-84b52bdd8190","created":"2021-10-05T21:58:51.161000Z","modified":"2022-10-18T20:40:59.749000Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[{"id":"6ca09437-11e8-406e-9cdc-06f7a8a92dd2","name":"OSX.DubRobber","description":"<sup>[[malwarebyteslabs xcsset dubrobber](https://app.tidalcyber.com/references/11ef576f-1bac-49e3-acba-85d70a42503e)]</sup>","source":"MITRE","associated_software_id":"66b2ced3-eab8-4586-91e0-5eedf642953f","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"2035f71f-df94-4196-a459-9ae88c9ffc73","tag":"4a457eb3-e404-47e5-b349-8b1f743dc657"},{"id":"d159482d-353f-4be0-a644-2bb83c37f277","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"84d55824-945f-430d-ae94-77a8aaa4ea08","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":null},{"id":"7d81c595-cdf4-4c15-943b-db4212b9d1ae","name":"xdotool","type":"tool","source":"Trellix TIG","software_attack_id":"S3463","tidal_id":"3b4b27a1-c49f-5aed-8b47-599107c415bf","created":"2025-04-11T15:06:52.838888Z","modified":"2025-04-11T15:06:52.838893Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3004","group_id":"5e12e91a-8a8a-4966-8b56-83a152091094","name":"Automated Libra","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"bcae307b-9405-5cb9-83f3-f1b71eb4dc81","name":"XLoader","type":"malware","source":"MITRE","software_attack_id":"S1207","tidal_id":"bcae307b-9405-5cb9-83f3-f1b71eb4dc81","created":"2025-04-22T20:46:59.758077Z","modified":"2025-04-22T20:46:59.758080Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ceeeef5f-a193-5223-8089-c9991fcb56ce","name":"Formbook","description":"<sup>[[Zscaler XLoader 2025](https://app.tidalcyber.com/references/6e4b763e-b9a7-56b4-8d3c-2c080e852eea)]</sup><sup>[[ANY.RUN XLoader 2023](https://app.tidalcyber.com/references/54e460e8-5e0d-5f57-9cb0-930e7ffccba3)]</sup><sup>[[CheckPoint XLoader 2022](https://app.tidalcyber.com/references/e61986f6-7d9d-561a-9aee-429295fa8109)]</sup><sup>[[Google XLoader 2017](https://app.tidalcyber.com/references/30849319-b664-5257-9634-b3f9de1bc793)]</sup>","source":"MITRE","associated_software_id":"d66b6fb9-39de-4d0c-bed6-d6dbc672cf44","owner_id":null,"owner_name":null}],"groups":[],"tags":[{"id":"27c12b42-4ace-4ce7-b0e7-451fc42255ab","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"e8adce4e-3546-5427-937a-fa23d673ed1c","name":"XLoader for Android","type":"malware","source":"Mobile","software_attack_id":"S0318","tidal_id":"e8adce4e-3546-5427-937a-fa23d673ed1c","created":"2026-01-28T13:08:09.937789Z","modified":"2026-01-28T13:08:09.937790Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"921e38d2-24ea-51d9-b0f8-5674ae230268","name":"XLoader for iOS","type":"malware","source":"Mobile","software_attack_id":"S0490","tidal_id":"921e38d2-24ea-51d9-b0f8-5674ae230268","created":"2026-01-28T13:08:09.937823Z","modified":"2026-01-28T13:08:09.937825Z","platforms":[{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"5ced31ef-8e03-4125-be9b-922dac49bfa2","name":"Xloader (macOS Variant)","type":"malware","source":"Tidal Cyber","software_attack_id":"S3130","tidal_id":"0eb6d344-6188-5402-ad29-9c5b65f594ba","created":"2024-06-13T20:12:33.951218Z","modified":"2024-06-13T20:12:33.951222Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"578eb598-fca6-4301-999d-c21b2e4085e1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"0a818f31-2bf1-4339-92d1-c5aa30ec4c92","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"1491c020-6449-48e7-8ebf-abf7b71fbc97","name":"XMRig","type":"tool","source":"Tidal Cyber","software_attack_id":"S3089","tidal_id":"aa462bd2-c3eb-5b1c-b160-e57e7078b613","created":"2023-10-26T14:24:12.508688Z","modified":"2023-10-26T14:24:12.508694Z","platforms":[{"id":"43852676-3efd-4800-856b-4d74903d26ba","name":"IaaS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"},{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"c6005339-b13c-40fa-adfb-6b966471d535","name":"Containers"}],"associated_software":[],"groups":[{"description":"<sup>[[Oligo ShadowRay November 18 2025](/references/760d0a0d-620b-45a5-9e8d-06903555a118)]</sup>","group_attack_id":"G3156","group_id":"e278381c-b409-4f7b-9eaa-61f3a8796484","name":"IronErn440","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3160","group_id":"1313da23-bbc5-4724-a278-fd6ca5e561f0","name":"Earth Lamia","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3161","group_id":"2b008386-ffdc-433d-9b09-1e2cf4f3a4a4","name":"Jackpot Panda","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3163","group_id":"a80c62db-7e04-44a8-8692-945aa22e09d6","name":"UNC6586","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[RedCanary Mockingbird May 2020](/references/596bfbb3-72e0-4d4c-a1a9-b8d54455ffd0)]</sup>","group_attack_id":"G0108","group_id":"b82c6ed1-c74a-4128-8b4d-18d1e17e1134","name":"Blue Mockingbird","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Lacework TeamTNT May 2021](/references/5908b04b-dbca-4fd8-bacc-141ef15546a1)]</sup><sup>[[Cado Security TeamTNT Worm August 2020](/references/8ccab4fe-155d-44b0-b0f2-941e9f8f87db)]</sup>","group_attack_id":"G0139","group_id":"325c11be-e1ee-47db-afa6-44ac5d16f0e7","name":"TeamTNT","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3164","group_id":"0ca3cd2f-9650-4b70-9a65-6a5b512554ca","name":"UNC6588","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3165","group_id":"5f8d373c-6992-4a2b-8a86-a16cbd45165a","name":"UNC6595","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3166","group_id":"d92dff67-9704-4503-ad57-867bea3e6bfa","name":"UNC6600","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[Google Cloud Blog December 12 2025](/references/10558220-d2be-4189-8608-b7bfeccf37e7)]</sup>","group_attack_id":"G3167","group_id":"0e6985de-e4c1-494b-8901-9aa491202f6f","name":"UNC6603","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"2cded486-6c4d-4d3b-b680-c858c7dc6309","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"28420a98-8078-4efa-abad-3f0126687e8e","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"85c6463a-d9db-4ee5-8ecb-8a2e5f85bb92","tag":"2a54c431-2075-4ed5-a691-fa452c11dd13"},{"id":"f81ec2c6-9655-42ea-a0f3-97a1317ca945","tag":"ed2b3f47-3e07-4019-a9bf-ec9d87f28c96"},{"id":"3d1b4a01-d111-4f65-a85f-4263c95810b7","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"5ccc0b64-dc28-4a93-8a1b-bbe1aa3be06a","tag":"291c006e-f77a-4c9c-ae7e-084974c0e1eb"},{"id":"cdcc8e09-1400-410e-b36c-20c1cdb386a4","tag":"4fa6f8e1-b0d5-4169-8038-33e355c08bde"},{"id":"cb442164-c188-47b1-8048-5017d1f8beae","tag":"efa33611-88a5-40ba-9bc4-3d85c6c8819b"},{"id":"4dba966c-d60f-41a8-bc89-e7478450909b","tag":"8d95e4d6-9a1e-4920-9f5c-83d9fe07a66e"}],"owner_name":"TidalCyberIan"},{"id":"031abd12-1396-5daf-8c2e-4b553d9dba18","name":"XORIndex Loader","type":"malware","source":"MITRE","software_attack_id":"S1248","tidal_id":"031abd12-1396-5daf-8c2e-4b553d9dba18","created":"2025-10-29T21:08:48.110819Z","modified":"2025-10-29T21:08:48.110820Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Socket BeaverTail XORIndex HexEval Contagious Interview July 2025](https://app.tidalcyber.com/references/e6c60330-0147-5709-8f2a-693aca8ca10c)]</sup>","group_attack_id":"G1052","group_id":"b436d32f-2667-5e00-a3d8-f58d2d5666d4","name":"Contagious Interview","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"19e7e967-7d0a-4930-8ef9-11a43dcb081d","name":"Xpack","type":"malware","source":"Tidal Cyber","software_attack_id":"S3072","tidal_id":"74a58b52-f9ec-5606-b806-5b827ec0ac29","created":"2023-09-08T15:49:56.628433Z","modified":"2023-09-08T15:49:56.628439Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"d87a0c56-8d14-47f5-849e-afbce09be2b2","name":"xpack.exe","description":"","source":"Tidal Cyber","associated_software_id":"0baa74ce-ec67-49f5-a3b7-a83e99dd5753","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"5028284d-a6bb-4e74-973d-0e8022f99680","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"4930e529-8a3a-4789-81aa-9b0d07572d7b","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":"TidalCyberIan"},{"id":"73269ad0-9882-4962-b705-a355d0612fe1","name":"xsd","type":"tool","source":"Tidal Cyber","software_attack_id":"S3487","tidal_id":"53dbf575-a5ab-59b4-a1c1-8e2a37834969","created":"2025-05-20T16:19:10.479371Z","modified":"2025-05-20T16:19:10.479374Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ac6e2448-c66b-4447-b7b5-9f35a070e6cc","name":"xsd.exe","description":"<sup>[[xsd.exe - LOLBAS Project](/references/2f39d112-e777-4d87-9674-38a426b2cf34)]</sup>","source":"Tidal Cyber","associated_software_id":"2676c76e-a886-4a01-a77a-8765306555c4","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"46c5e2cd-cb21-4ac2-a9de-703038622e4b","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"f9173ffa-9f0d-4dc6-8ba8-f2d03b569360","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"15da4c4e-7564-4ec4-80c5-09b2c0c9c1ce","name":"XstReader","type":"tool","source":"Tidal Cyber","software_attack_id":"S3682","tidal_id":"23c550a7-98c3-5310-8dfd-984991c2464d","created":"2025-12-10T14:14:53.505076Z","modified":"2025-12-10T14:14:53.505080Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"ba1fc33f-dc2d-4f92-8ba2-2ba269c7e866","name":"XstExport.exe","description":"<sup>[[SecureList ToddyCat November 21 2025](/references/889c7685-43ce-4156-a142-4b4605d8fec9)]</sup>","source":"USER","associated_software_id":"ab6971d7-3973-4009-9cc7-857b368e6d8b","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"c32adeda-63b4-46f3-9c2f-c0583e82e3a8","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ca6a9b90-f565-4ae1-bb23-08652b3a8961","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"133136f0-7254-4cec-8710-0ab99d5da4e5","name":"XTunnel","type":"malware","source":"MITRE","software_attack_id":"S0117","tidal_id":"16878156-da48-5a70-91af-387523c3ce38","created":"2017-05-31T21:33:09.453000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9737efb9-f0ed-412b-8513-fef883c77e34","name":"Trojan.Shunnael","description":"<sup>[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]</sup>","source":"MITRE","associated_software_id":"c2269965-aafe-45b9-9852-4c80af005bfa","owner_id":null,"owner_name":null},{"id":"1e1bd704-9105-4f94-8c6c-25bc69aa9dd9","name":"X-Tunnel","description":"<sup>[[Crowdstrike DNC June 2016](https://app.tidalcyber.com/references/7f4edc06-ac67-4d71-b39c-5df9ce521bbb)]</sup><sup>[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]</sup>","source":"MITRE","associated_software_id":"c7a0f216-1bae-4ef7-b37e-5d6df89c8997","owner_id":null,"owner_name":null},{"id":"bf7ff22e-0774-48b5-806e-8fc3a2abc3fc","name":"XAPS","description":"<sup>[[ESET Sednit Part 2](https://app.tidalcyber.com/references/aefb9eda-df5a-437f-af2a-ec1b6c04628b)]</sup>","source":"MITRE","associated_software_id":"22ca51f0-cded-4fd9-99c1-5bd55f57bc56","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[ESET Sednit Part 3](https://app.tidalcyber.com/references/7c2be444-a947-49bc-b5f6-8f6bec870c6a)]</sup><sup>[[Symantec APT28 Oct 2018](https://app.tidalcyber.com/references/777bc94a-6c21-4f8c-9efa-a1cf52ececc0)]</sup><sup>[[US District Court Indictment GRU Oct 2018](https://app.tidalcyber.com/references/56aeab4e-b046-4426-81a8-c3b2323492f0)]</sup><sup>[[Secureworks IRON TWILIGHT Active Measures March 2017](https://app.tidalcyber.com/references/0d28c882-5175-4bcf-9c82-e6c4394326b6)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"d5663ff2-904b-42d6-b4d8-672017d91de2","name":"Xwizard","type":"tool","source":"Tidal Cyber","software_attack_id":"S3302","tidal_id":"e2a972e7-7aa0-5402-8dbd-9898b86abb0d","created":"2024-01-12T14:48:18.360834Z","modified":"2024-01-12T14:48:18.360838Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"35261d88-d6ec-481d-bd77-e881266c8740","name":"Xwizard.exe","description":"<sup>[[Xwizard.exe - LOLBAS Project](/references/573df5d1-83e7-4437-bdad-604f093b3cfd)]</sup>","source":"Tidal Cyber","associated_software_id":"3305e7bb-d304-4bf6-ad90-70aac0dd564c","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"924bc4c1-371d-44fc-b5ac-cae05b424a96","tag":"c37d2f5f-91da-43c6-869e-192bf0e0ae90"},{"id":"9be5a018-4e87-4ab7-bd84-e14da92be6d4","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"07d0bd70-0f2d-4e6c-8e59-231fd4679dbb","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"15a19d45-8f31-4ee4-ba01-0c8c1f24a67b","name":"Xworm","type":"malware","source":"Tidal Cyber","software_attack_id":"S3006","tidal_id":"9871e91f-7b38-58bb-8641-c32df5dbc923","created":"2024-06-13T20:12:25.917561Z","modified":"2024-06-13T20:12:25.917564Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"0f9e65b3-ded2-4ef3-855d-20d3c71d3579","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"b0d4320a-456e-4ef1-a834-f9866331cde9","tag":"fdd53e62-5bf1-41f1-8bd6-b970a866c39d"},{"id":"838922f1-ae7a-40e4-994b-02f84bf4ff39","tag":"d431939f-2dc0-410b-83f7-86c458125444"},{"id":"84c42d33-c7eb-400d-ac4f-2cb2b09016f5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"50701a2e-cf54-4b08-bfb3-8823fec1a536","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"0844bc42-5c29-47c3-b1b3-6bfffbf1732a","name":"YAHOYAH","type":"malware","source":"MITRE","software_attack_id":"S0388","tidal_id":"3c114444-d36e-536c-98cb-8bb97ab25c42","created":"2019-06-17T18:49:30.307000Z","modified":"2020-05-21T17:23:45.362000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[TrendMicro TropicTrooper 2015](https://app.tidalcyber.com/references/65d1f980-1dc2-4d36-8148-2d8747a39883)]</sup>","group_attack_id":"G0081","group_id":"0a245c5e-c1a8-480f-8655-bb2594e3266b","name":"Tropic Trooper","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2e251803-e244-4004-a5db-4bf8c08f7577","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"1bc7bda8-81d7-4615-bf20-45afabf898c5","name":"YESROBOT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3603","tidal_id":"7f6ca9c4-f825-542b-af83-23a3fd428a97","created":"2025-10-24T16:13:47.838123Z","modified":"2025-10-24T16:13:47.838126Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog October 20 2025](/references/0b0042cc-bd54-4944-b09a-e028bf6b2c60)]</sup>","group_attack_id":"G1033","group_id":"649642a4-0659-5e10-ae19-1282f73a1785","name":"Star Blizzard","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"c115ae16-5e75-4146-8cbd-5151be40b570","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"f50d5ac5-833b-4654-996d-7699b56232c0","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"905831c7-6fbd-46ac-8d43-9632db37a5af","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"3774b957-c580-4b85-8933-596de506f592","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"9caef034-8728-586d-a351-9172dfb8380c","name":"YiSpecter","type":"malware","source":"Mobile","software_attack_id":"S0311","tidal_id":"9caef034-8728-586d-a351-9172dfb8380c","created":"2026-01-28T13:08:09.938599Z","modified":"2026-01-28T13:08:09.938600Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"},{"id":"10506c8f-5afa-453f-ad87-879d9edefa66","name":"iOS"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2992159c-d71c-48cf-8302-020f90332390","name":"YouieLoad","type":"malware","source":"Tidal Cyber","software_attack_id":"S3138","tidal_id":"c717ac70-3784-59de-b4c1-0c4388c62ce2","created":"2024-06-13T20:12:35.248111Z","modified":"2024-06-13T20:12:35.248114Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Microsoft Security Blog 5 28 2024](/references/faf315ed-71f7-4e29-8334-701da35a69ad)]</sup>","group_attack_id":"G1036","group_id":"33a5fa48-89ee-5c0b-9c9c-e0ee69032fca","name":"Moonstone Sleet","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"8447f8ca-29f6-4777-ac3f-d73887a60682","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"f3616e77-ffe0-4575-9768-4cd1725cfc49","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"bc82ad55-50cf-4ff2-8849-05adaaecf85c","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e0962ff7-5524-4683-9b95-0e4ba07dccb2","name":"yty","type":"malware","source":"MITRE","software_attack_id":"S0248","tidal_id":"79e9c873-614d-5f11-8d56-d9635aecbc2c","created":"2018-10-17T00:14:20.652000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"750ba011-817c-4671-80b2-285ead944234","name":"yty malware framework","description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","source":"USER","associated_software_id":"18a18ee7-c367-42d3-9bdf-251cc52ef8fc","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[www.welivesecurity.com January 18 2022](/references/e6d5b908-3837-4f7e-93c8-378d4006db58)]</sup>","group_attack_id":"G3210","group_id":"abc6d74d-e425-4181-93ed-bb16f911871b","name":"Donot Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"f5fb2731-b92c-487d-b117-b6f9ae2bd305","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"e2fe197b-3032-4d30-ac0b-0eaf6f8f7acb","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"24faa419-1a49-4ec8-917a-df674f039dcb","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"7f444c95-a47b-49e0-af0d-598d4e5a6de2","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"cd6bed3a-d492-4329-aa4e-4940218e8b13","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"},{"id":"41a3a0d6-e234-4767-9364-d624b84d1a4a","tag":"16b47583-1c54-431f-9f09-759df7b5ddb7"}],"owner_name":null},{"id":"be7e2655-5c1d-45ac-97e5-471f50857376","name":"yum-versionlock","type":"tool","source":"Trellix TIG","software_attack_id":"S3469","tidal_id":"5a09aa11-44ae-5369-8078-c611964ef0fc","created":"2025-04-11T15:06:53.899338Z","modified":"2025-04-11T15:06:53.899342Z","platforms":[],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3010","group_id":"23af694a-11f4-43eb-a176-683059b301cb","name":"UNC3886","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":"TidalCyberIan"},{"id":"e4ea4c4c-5626-493a-b2fb-06fc2705bc22","name":"zapbiu.py","type":"malware","source":"Tidal Cyber","software_attack_id":"S3934","tidal_id":"cf352b60-eeda-5f59-beb1-61573c4225f5","created":"2026-01-14T13:31:38.005779Z","modified":"2026-01-14T13:31:38.005784Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Acronis January 08 2026](/references/67e63f34-e4c6-4c6c-9d79-758c8b1ca7ff)]</sup>","group_attack_id":"G3202","group_id":"f0de217f-3520-43ab-a9e1-f1cffd1d3963","name":"Astaroth Operators","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"8714d3ac-b904-48c3-a011-2abf17709308","tag":"e809d252-12cc-494d-94f5-954c49eb87ce"},{"id":"d70519ee-7105-4d00-8c49-6707c2c405d4","tag":"8bf128ad-288b-41bc-904f-093f4fdde745"},{"id":"bdf939e7-8b9b-4ca9-b714-b8de0de763e1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"608db801-a695-4e42-9aa0-bbe33b4e9083","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"e317b8a6-1722-4017-be33-717a5a93ef1c","name":"Zebrocy","type":"malware","source":"MITRE","software_attack_id":"S0251","tidal_id":"711026ae-1a33-5014-99d7-e73cc78dce66","created":"2018-10-17T00:14:20.652000Z","modified":"2021-04-23T19:45:36.003000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"fcc6a2ed-c784-4851-a9af-9f0aaf741af1","name":"Zekapab","description":"<sup>[[CyberScoop APT28 Nov 2018](https://app.tidalcyber.com/references/ef8f0990-b2da-4538-8b02-7401dc5a4120)]</sup><sup>[[Accenture SNAKEMACKEREL Nov 2018](https://app.tidalcyber.com/references/c38d021c-d84c-4aa7-b7a5-be47e18df1d8)]</sup>","source":"MITRE","associated_software_id":"46252b99-2f81-4f99-9896-32fa41445351","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Palo Alto Sofacy 06-2018](https://app.tidalcyber.com/references/a32357eb-3226-4bee-aeed-d2fbcfa52da0)]</sup><sup>[[Unit42 Cannon Nov 2018](https://app.tidalcyber.com/references/8c634bbc-4878-4b27-aa18-5996ec968809)]</sup><sup>[[Securelist Sofacy Feb 2018](https://app.tidalcyber.com/references/3a043bba-2451-4765-946b-c1f3bf4aea36)]</sup><sup>[[Unit42 Sofacy Dec 2018](https://app.tidalcyber.com/references/540c4c33-d4c2-4324-94cd-f57646666e32)]</sup><sup>[[ESET Zebrocy May 2019](https://app.tidalcyber.com/references/f8b837fb-e46c-4153-8e86-dc4b909b393a)]</sup>","group_attack_id":"G0007","group_id":"5b1a5b9e-4722-41fc-a15d-196a549e3ac5","name":"APT28","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8ddda4e7-9f63-4592-8833-b2426db36389","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"6ccef0ff-f8ac-421d-9c42-952c88520cda","name":"Zemana AntiMalware Driver (zam64.sys)","type":"tool","source":"Tidal Cyber","software_attack_id":"S3901","tidal_id":"a08258aa-6cd7-55b9-8ad7-2dc4f27fdf82","created":"2026-01-14T13:31:32.403538Z","modified":"2026-01-14T13:31:32.403543Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Www.trellix.com January 06 2026](/references/fbecafee-381c-40f6-bb75-dcad4233b070)]</sup>","group_attack_id":"G3196","group_id":"f90163a0-b0a3-4b58-9367-27df79585b20","name":"CrazyHunter Team","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"85a2821c-f443-4d71-806e-ec42b8b949b3","tag":"39d6e8b7-6c8a-4ec5-a584-54ca32aa29fb"},{"id":"beb8036a-0eb8-4f29-ba27-1c93aa4c8eb2","tag":"7de7d799-f836-4555-97a4-0db776eb6932"},{"id":"0bf11c0b-5923-4bb5-af48-feba246e13d4","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"381b917d-98de-439c-8af4-f114036a273b","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"c6d5f562-a80f-5765-8fdf-4a98ddff11e5","name":"Zen","type":"malware","source":"Mobile","software_attack_id":"S0494","tidal_id":"c6d5f562-a80f-5765-8fdf-4a98ddff11e5","created":"2026-01-28T13:08:09.937743Z","modified":"2026-01-28T13:08:09.937745Z","platforms":[{"id":"e0817eaa-68e1-4678-a961-8879d79081df","name":"Android"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"e8820bf1-1e70-469c-a93b-770c1f23b058","name":"Zeppelin Ransomware","type":"malware","source":"Tidal Cyber","software_attack_id":"S3185","tidal_id":"4a304469-844f-560c-96b5-bdd9a57b4a66","created":"2024-09-20T15:10:53.681715Z","modified":"2024-09-20T15:10:53.681718Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[MSTIC Vanilla Tempest September 18 2024](/references/24c11dff-21df-4ce9-b3df-2e0a886339ff)]</sup>","group_attack_id":"G3054","group_id":"efd2fca2-45fb-4eaf-82e7-0d20c156f84f","name":"Vanilla Tempest","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"2fa1448d-c746-4b9a-bf42-57b8420207a0","tag":"d602ade5-148e-4f57-a202-87845bab308b"},{"id":"e56db233-99b5-4ea1-a4e0-57f05bcd7abd","tag":"e551ae97-d1b4-484e-9267-89f33829ec2c"},{"id":"6daa2449-6ed1-4025-aa5f-a26ecb2a5df5","tag":"15787198-6c8b-4f79-bf50-258d55072fee"},{"id":"30bd8e19-0962-4fcb-bbfa-78cc4c0d8b1e","tag":"562e535e-19f5-4d6c-81ed-ce2aec544f09"},{"id":"eed864c0-b490-4f35-a9fe-6c1829dd4227","tag":"5e7433ad-a894-4489-93bc-41e90da90019"},{"id":"ac8cf2aa-1be6-4e13-9b36-8c87cec88625","tag":"7e7b0c67-bb85-4996-a289-da0e792d7172"}],"owner_name":"TidalCyberIan"},{"id":"cc6e82fd-c405-58ae-9cf8-669e30947b15","name":"ZergHelper","type":"malware","source":"Mobile","software_attack_id":"S0287","tidal_id":"cc6e82fd-c405-58ae-9cf8-669e30947b15","created":"2026-01-28T13:08:09.938040Z","modified":"2026-01-28T13:08:09.938042Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"2f52b513-5293-4833-9c4d-b120e7a84341","name":"Zeroaccess","type":"malware","source":"MITRE","software_attack_id":"S0027","tidal_id":"08238d9c-cbea-591a-b0c2-79de9387724a","created":"2017-05-31T21:32:20.949000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"ba5668b0-18fe-513f-b3a7-93e16243d185","name":"ZeroCleare","type":"malware","source":"MITRE","software_attack_id":"S1151","tidal_id":"ba5668b0-18fe-513f-b3a7-93e16243d185","created":"2024-10-31T16:28:05.823629Z","modified":"2024-10-31T16:28:05.823632Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"b217d28a-6859-5cc6-956a-b0a953a21ba7","name":"ZEROCLEAR","description":"<sup>[[Mandiant ROADSWEEP August 2022](https://app.tidalcyber.com/references/0d81ec58-2e12-5824-aa53-feb0d2260f30)]</sup>","source":"MITRE","associated_software_id":"962f47c8-0839-47e1-b3bb-1d109bffb209","owner_id":null,"owner_name":null}],"groups":[{"description":"[OilRig](https://app.tidalcyber.com/groups/d01abdb1-0378-4654-aa38-1a4a292703e2) collaborated on the destructive portion of the [ZeroCleare](https://app.tidalcyber.com/software/ba5668b0-18fe-513f-b3a7-93e16243d185) attack.<sup>[[IBM ZeroCleare Wiper December 2019](https://app.tidalcyber.com/references/26ba5292-265d-5db4-a571-215c984fe095)]</sup>","group_attack_id":"G0049","group_id":"d01abdb1-0378-4654-aa38-1a4a292703e2","name":"OilRig","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"2f42c522-26cb-4681-999a-071364553141","tag":"2e621fc5-dea4-4cb9-987e-305845986cd3"}],"owner_name":null},{"id":"f51df90e-ea1b-4eeb-9aff-ec5abf4a5dfd","name":"ZeroT","type":"malware","source":"MITRE","software_attack_id":"S0230","tidal_id":"55c7bd25-1715-5f6b-a32e-d816e76170f8","created":"2018-04-18T17:59:24.739000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Proofpoint TA459 April 2017](https://app.tidalcyber.com/references/dabad6df-1e31-4c16-9217-e079f2493b02)]</sup>","group_attack_id":"G0062","group_id":"e343c1f1-458c-467b-bc4a-c1b97b2127e3","name":"TA459","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"6f9496d0-2859-44a5-88fc-2ca300a9a77f","tag":"84615fe0-c2a5-4e07-8957-78ebc29b4635"}],"owner_name":null},{"id":"2eb4fcb2-f996-4ecc-880d-53793207acba","name":"ZEROTIER","type":"tool","source":"Tidal Cyber","software_attack_id":"S3654","tidal_id":"bcbe93ab-2354-57eb-9615-356f770d4c6b","created":"2025-11-19T17:45:42.559164Z","modified":"2025-11-19T17:45:42.559167Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 17 2025](/references/7bfcbc55-2aae-4643-942f-6db8ee8aa398)]</sup>","group_attack_id":"G3127","group_id":"52d66e29-08e2-4c5f-b15f-8274a5c770b8","name":"Nimbus Manticore","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"642f7eaa-2d4f-4a85-9bda-bcf01402df69","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"2b450cad-8e3f-4ba6-be9d-3fec410b2226","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"be8add13-40d7-495e-91eb-258d3a4711bc","name":"Zeus Panda","type":"malware","source":"MITRE","software_attack_id":"S0330","tidal_id":"a442d78e-92a3-57aa-83cc-c3585fa0afb2","created":"2019-01-29T17:59:43.600000Z","modified":"2022-04-25T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"4e556f64-a61b-479a-bb7d-8e937fb8b05d","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"}],"owner_name":null},{"id":"b053776d-67d0-41e1-b35e-72d1c1483fe2","name":"zgRAT","type":"malware","source":"Tidal Cyber","software_attack_id":"S3775","tidal_id":"f8330e78-dc6f-52b0-a85b-973ac34158fc","created":"2025-12-17T14:18:53.134988Z","modified":"2025-12-17T14:18:53.134991Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3172","group_id":"1678d6dc-8e4f-4edc-8360-802985bd7846","name":"GrayBravo","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[None December 09 2025](/references/ea47bb34-cf65-4abe-ae24-a51fad15154e)]</sup>","group_attack_id":"G3173","group_id":"7e4dd0e2-4fa0-4dd5-ad0e-41aa9effe8bf","name":"TAG-160","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"78518d95-b693-4f5a-b8db-fa3f09c28ab5","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"f6deb78f-f769-4a88-80c8-36ff24574988","tag":"be319849-fb2c-4b5f-8055-0bde562c280b"},{"id":"3f144b8e-8494-443f-b997-eafd8594db90","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"ed254015-4817-495b-8eb4-305a52503b55","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"5b040682-6a10-4527-9e94-8540de685a80","name":"ZinFoq","type":"malware","source":"Tidal Cyber","software_attack_id":"S3755","tidal_id":"d763d549-b428-5571-854b-c3b6ce648fbd","created":"2025-12-17T14:18:50.061342Z","modified":"2025-12-17T14:18:50.061345Z","platforms":[{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"}],"associated_software":[],"groups":[],"tags":[{"id":"5a810f10-bad9-4b0c-b784-761e04cb328b","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a2635f31-31b8-4f13-8dc6-86b61d5d710f","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"34d0c5b5-f6e1-41e9-9061-cf9d36fe61c8","name":"Zipfldr","type":"tool","source":"Tidal Cyber","software_attack_id":"S3322","tidal_id":"fa833b41-6a1f-5b00-b955-be7396dc6d32","created":"2024-01-12T14:48:25.900290Z","modified":"2024-01-12T14:48:25.900293Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"09b25cb2-84f5-4f9e-90e8-37cda05feb68","name":"Zipfldr.dll","description":"<sup>[[Zipfldr.dll - LOLBAS Project](/references/3bee0640-ea48-4164-be57-ac565d8cbea7)]</sup>","source":"Tidal Cyber","associated_software_id":"f50a78e0-2256-4642-b267-ecf746252c5a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[],"tags":[{"id":"af7f047b-b31f-430d-94c0-dd1af4422c3e","tag":"0d0098b4-e159-4502-973d-714011ba605f"},{"id":"a0880c37-a70d-4825-b366-c9ae6286a2b3","tag":"303a3675-4855-4323-b042-95bb1d907cca"},{"id":"b640d975-c906-4db9-909f-fc8b0a8c2691","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"}],"owner_name":"TidalCyberIan"},{"id":"976a7797-3008-5316-9e28-19c9a05959d0","name":"ZIPLINE","type":"malware","source":"MITRE","software_attack_id":"S1114","tidal_id":"806b2d43-bf01-597f-9d00-3f1f7805aea4","created":"2024-04-25T13:28:21.737912Z","modified":"2024-04-25T13:28:21.737915Z","platforms":[{"id":"6be1f99e-7827-4267-8f99-6a5f94edd9ba","name":"Network"}],"associated_software":[],"groups":[{"description":"","group_attack_id":"G3007","group_id":"71e9b27e-8d68-4ed6-b3ab-14142558b9ff","name":"UNC5221","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Trellix TIG"}],"tags":[],"owner_name":null},{"id":"1ac8d363-2903-43da-9c1d-2b28179638c8","name":"ZLib","type":"malware","source":"MITRE","software_attack_id":"S0086","tidal_id":"223cc61f-4e90-5573-83c5-3160572c7eb8","created":"2017-05-31T21:32:56.394000Z","modified":"2022-09-30T20:52:00.462000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[],"owner_name":null},{"id":"a106fb66-bd68-40cc-9374-8b59234a0cec","name":"Zloader","type":"malware","source":"Tidal Cyber","software_attack_id":"S3125","tidal_id":"4cba73ab-544e-5d46-8f7c-0eb3aa367f9e","created":"2024-06-13T20:12:32.849531Z","modified":"2024-06-13T20:12:32.849535Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"4aad7a0e-8915-4968-8ad7-4e9ca3857e6e","name":"DELoader","description":"","source":"Tidal Cyber","associated_software_id":"84e1bda5-3ebf-419b-8967-7bd29aa37c83","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"6f9e801b-c522-4278-b245-02f401c0ed8c","name":"SILENTNIGHT","description":"","source":"Tidal Cyber","associated_software_id":"633179d3-6f75-4661-b835-fe0c53816edf","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"673a504f-d5e7-40b5-9e69-0a7c3709f03f","name":"Terdot","description":"","source":"Tidal Cyber","associated_software_id":"8ed6228c-46a5-4caa-8b49-c114d82a7180","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"","group_attack_id":"G3034","group_id":"d2fd3da1-e49c-4273-9add-3d15afc3b837","name":"Zloader Threat Actors","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"66eae061-bf10-42a0-9b84-de12ca6103f9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"a06fa950-348d-410b-b1da-89e94106f335","tag":"39357cc1-dbb1-49e4-9fe0-ff24032b94d5"},{"id":"30c544b9-ce1d-4666-80ff-81a19922d3af","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"},{"id":"0a578b17-3d60-4a4c-88f4-8ba394893bde","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"195b0821-a81f-43c5-b9cb-05e9ee0dd5ac","name":"Zoho Assist","type":"tool","source":"Tidal Cyber","software_attack_id":"S3396","tidal_id":"cdc6e028-87ef-5665-9f38-359fee4ab9a2","created":"2024-10-14T19:20:44.952118Z","modified":"2024-10-14T19:20:44.952123Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"},{"id":"6a70674f-8fcb-400a-ac70-8e53fb2d69c4","name":"Linux"},{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Google Cloud Blog November 10 2025](/references/343dab24-9d2e-4269-ab54-3dba4d684a9c)]</sup>","group_attack_id":"G3147","group_id":"ad1251f6-9d49-46ae-ac8e-27cefd099b26","name":"UNC6485","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"},{"description":"<sup>[[U.S. CISA LockBit Citrix Bleed November 21 2023](/references/21f56e0c-9605-4fbb-9cb1-f868ba6eb053)]</sup>","group_attack_id":"G3013","group_id":"d0f3353c-fbdd-4bd5-8793-a42e1f319b59","name":"LockBit Ransomware Actors & Affiliates","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Unit 42 9 15 2023](/references/5e9842ae-180f-4645-a5f5-5ddfb8b2d810)]</sup>","group_attack_id":"G1015","group_id":"3d77fb6c-cfb4-5563-b0be-7aa1ad535337","name":"Scattered Spider","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Sygnia Luna Moth July 1 2022](/references/115590b2-ab57-432c-900e-000627464a11)]</sup>","group_attack_id":"G3042","group_id":"cca12ba9-f65f-4a29-87ab-a9fc0f99521f","name":"Luna Moth","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[CrowdStrike 2025 Global Threat Report](/references/a69b0ce3-f314-4b32-bfb3-b1380c4f0ec4)]</sup>","group_attack_id":"G3082","group_id":"99c648f7-be33-42d0-af39-231b1e0951ee","name":"CHATTY SPIDER","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"}],"tags":[{"id":"7e38c632-706d-4faa-be91-686e4bc8ba1e","tag":"9c8319bf-0a97-4cea-a7be-6b8432cc35a1"},{"id":"229eb9fd-6bd6-4f6d-90be-3caeaf477c33","tag":"e727eaa6-ef41-4965-b93a-8ad0c51d0236"},{"id":"765dde0a-310d-4623-9092-dc4653157cc6","tag":"e1af18e3-3224-4e4c-9d0f-533768474508"}],"owner_name":"TidalCyberIan"},{"id":"57671d03-3b03-4174-8991-de66979d3e1a","name":"Zoho Unified Endpoint Management System (UEMS) Agent","type":"tool","source":"Tidal Cyber","software_attack_id":"S3626","tidal_id":"4c7e947d-a4bf-5913-a82b-278c7041479b","created":"2025-11-19T17:45:38.353947Z","modified":"2025-11-19T17:45:38.353950Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"9b79a01f-cb55-4935-8b0e-1293e4340526","name":"SAgentInstaller_16.7.10368.56560.exe","description":"<sup>[[Google Cloud Blog November 10 2025](/references/343dab24-9d2e-4269-ab54-3dba4d684a9c)]</sup>","source":"USER","associated_software_id":"6db129a9-ff43-4f73-bc73-4dbddd919f7a","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[Google Cloud Blog November 10 2025](/references/343dab24-9d2e-4269-ab54-3dba4d684a9c)]</sup>","group_attack_id":"G3147","group_id":"ad1251f6-9d49-46ae-ac8e-27cefd099b26","name":"UNC6485","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"464955db-4f88-4fc0-9ffc-c656a1eb8cd9","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"524891ec-7fb9-42bd-956b-182474677108","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"78f28905-91e9-496d-8192-2b007a7bbd30","name":"ZoomClutch","type":"malware","source":"Tidal Cyber","software_attack_id":"S3789","tidal_id":"464a48da-de19-57c9-8dce-58e777f07755","created":"2025-12-24T14:57:25.216252Z","modified":"2025-12-24T14:57:25.216257Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[{"description":"<sup>[[Securelist October 28 2025](/references/cb5511fe-e8c0-4878-b986-a5b5aaa902d8)]</sup>","group_attack_id":"G0082","group_id":"dfbce236-735c-436d-b433-933bd6eae17b","name":"APT38","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"75933d55-2ac6-434e-8e07-87280e333fc7","tag":"2e85babc-77cd-4455-9c6e-312223a956de"},{"id":"f5b8fadd-0e6b-4cdb-b670-5176d38f2589","tag":"4d767e87-4cf6-438a-927a-43d2d0beaab7"},{"id":"c86cbb3d-58ab-4952-886a-0fe2f7857eb1","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"1ac68e5e-929e-4360-b85d-6bb2af4fe7fb","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"75dd9acb-fcff-4b0b-b45b-f943fb589d78","name":"Zox","type":"malware","source":"MITRE","software_attack_id":"S0672","tidal_id":"aeeec965-a236-50d2-8486-86da7d33e06b","created":"2022-01-09T22:02:05.615000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"5713c24d-5e11-4ecd-9748-2ac2c49b6584","name":"Gresim","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"7835d0eb-283d-409e-827f-89579dddb21c","owner_id":null,"owner_name":null},{"id":"ce7c5740-ac32-4556-b0a3-66de61acc094","name":"ZoxRPC","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"df7b9419-47dc-4a77-bad0-3892fe251260","owner_id":null,"owner_name":null},{"id":"18204ba2-79ea-4170-aafe-7ee953c504c4","name":"ZoxPNG","description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","source":"MITRE","associated_software_id":"3835527c-d5ce-43cc-92a6-2afee915dea6","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Novetta-Axiom](https://app.tidalcyber.com/references/0dd428b9-849b-4108-87b1-20050b86f420)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null},{"id":"e37a5ec5-794b-4abe-90d7-a2d05ced2a67","name":"zsh","type":"tool","source":"Tidal Cyber","software_attack_id":"S3853","tidal_id":"223593c1-edb0-5804-b67b-593d1615dc7c","created":"2025-12-29T17:41:09.246435Z","modified":"2025-12-29T17:41:09.246438Z","platforms":[{"id":"1169eb80-c3a4-4028-abd7-99fc5f4e60d2","name":"macOS"}],"associated_software":[],"groups":[],"tags":[{"id":"28b71d2c-62cf-460a-890e-a15668c9aaed","tag":"509a90c7-9ca9-4b23-bca2-cd38ef6a6207"},{"id":"cd20a9be-1bbb-4104-89b9-bab93486ccb0","tag":"0d3ca5b9-2ea9-4daf-b3b5-11f1c6f9ebd3"},{"id":"f4f23ac9-3852-4d25-8128-d24253204b99","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"d4df6645-10e5-41b0-a462-5296a07490e3","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"fc98e061-1a92-4fb5-bd94-eeba6b81932e","name":"Zunput","type":"malware","source":"Tidal Cyber","software_attack_id":"S3539","tidal_id":"7911b72b-57a6-51e2-813e-f163d930efc3","created":"2025-09-10T16:39:28.934253Z","modified":"2025-09-10T16:39:28.934257Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"983f9618-128b-4c37-9776-3d9cf61b92d6","name":"SitePut.exe","description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","source":"USER","associated_software_id":"3dfb2800-96a2-44c2-a95b-4ac6030e898e","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"},{"id":"c5971efe-f936-4a88-9c67-5e132b5c8212","name":"SitePuts.exe","description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","source":"USER","associated_software_id":"afafef70-f8ca-4415-ab39-9474f0df1736","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan"}],"groups":[{"description":"<sup>[[welivesecurity.com September 4 2025](/references/5dc5f9be-761b-4e8b-acf5-937682717758)]</sup>","group_attack_id":"G3123","group_id":"7023678c-7079-4192-87a8-444f4f691490","name":"GhostRedirector","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"USER"}],"tags":[{"id":"150a0647-6b2e-4026-ada0-db3918e8ebb9","tag":"c45ce044-b5b9-426a-866c-130e9f2a4427"},{"id":"5f5817de-b42e-48f5-a861-6ac9ffcfb172","tag":"c6e1f516-1a18-4ff9-b563-e6ac8103b104"},{"id":"23409733-3e13-447a-aa3b-aa508226aca6","tag":"2feda37d-5579-4102-a073-aa02e82cb49f"}],"owner_name":"TidalCyberIan"},{"id":"49314d4e-dc04-456f-918e-a3bedfc3192a","name":"zwShell","type":"malware","source":"MITRE","software_attack_id":"S0350","tidal_id":"d5b6fa1d-bfe5-5cc6-b833-d15bd5cc66e3","created":"2019-01-30T17:48:35.006000Z","modified":"2022-09-22T00:38:34.857000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[],"tags":[{"id":"05df08fe-4002-4a1c-a7a0-39e9194824e9","tag":"f8669b82-2194-49a9-8e20-92e7f9ab0a6f"}],"owner_name":null},{"id":"eea89ff2-036d-4fa6-bbed-f89502c62318","name":"ZxShell","type":"malware","source":"MITRE","software_attack_id":"S0412","tidal_id":"48bdcb52-739d-57b4-bc55-a93be2639591","created":"2019-09-24T12:59:57.991000Z","modified":"2022-05-11T14:00:00.188000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[{"id":"c4b9dd8f-3c2c-4445-863d-abf4f1a75797","name":"Sensocode","description":"<sup>[[Talos ZxShell Oct 2014](https://app.tidalcyber.com/references/41c20013-71b3-4957-98f0-fb919014c93e)]</sup>","source":"MITRE","associated_software_id":"9be660db-2271-4eed-9e9e-736b2a425a44","owner_id":null,"owner_name":null}],"groups":[{"description":"<sup>[[Mandiant APT Groups List](/references/c984fcfc-1bfd-4b1e-9034-a6ff3e6ebf97)]</sup>","group_attack_id":"G3020","group_id":"4173c301-0307-458d-89dd-2583e94247ec","name":"APT20","owner_id":"bebdd211-52f4-4abc-94ff-b3a7df904561","owner_name":"TidalCyberIan","source":"Tidal Cyber"},{"description":"<sup>[[Secureworks BRONZEUNION Feb 2019](https://app.tidalcyber.com/references/691df278-fd7d-4b73-a22c-227bc7641dec)]</sup>","group_attack_id":"G0027","group_id":"79be2f31-5626-425e-844c-fd9c99e38fe5","name":"Threat Group-3390","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[FireEye APT41 Aug 2019](https://app.tidalcyber.com/references/20f8e252-0a95-4ebd-857c-d05b0cde0904)]</sup>","group_attack_id":"G0096","group_id":"502223ee-8947-42f8-a532-a3b3da12b7d9","name":"APT41","owner_id":null,"owner_name":null,"source":"MITRE"},{"description":"<sup>[[Talos ZxShell Oct 2014](https://app.tidalcyber.com/references/41c20013-71b3-4957-98f0-fb919014c93e)]</sup><sup>[[Cisco Group 72](https://app.tidalcyber.com/references/b9201737-ef72-46d4-8e86-89fee5b98aa8)]</sup>","group_attack_id":"G0001","group_id":"90f4d3f9-3fe3-4a64-8dc1-172c6d037dca","name":"Axiom","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[{"id":"8a1cd602-7354-40f9-b49e-e3c684c0a528","tag":"62bde669-3020-4682-be68-36c83b2588a4"},{"id":"7b24e747-2480-4bb4-97e0-e14fed8d0b8c","tag":"febea5b6-2ea2-402b-8bec-f3f5b3f73c59"}],"owner_name":null},{"id":"91e1ee26-d6ae-4203-a466-93c9e5019b47","name":"ZxxZ","type":"malware","source":"MITRE","software_attack_id":"S1013","tidal_id":"6e4d3dba-eb83-5977-ae28-9f2d35ba5e3f","created":"2022-06-02T12:27:33.899000Z","modified":"2022-06-02T12:27:58.811000Z","platforms":[{"id":"196f9bd6-876c-4cdd-96e8-5d7a4c88eb23","name":"Windows"}],"associated_software":[],"groups":[{"description":"<sup>[[Cisco Talos Bitter Bangladesh May 2022](https://app.tidalcyber.com/references/097583ed-03b0-41cd-bf85-66d473f46439)]</sup>","group_attack_id":"G1002","group_id":"3a02aa1b-851a-43e1-b83b-58037f3c7025","name":"BITTER","owner_id":null,"owner_name":null,"source":"MITRE"}],"tags":[],"owner_name":null}]}