SOC Incident Toolkit
Back to Campaigns
Exploit of Romcom RAT's

Exploit of Romcom RAT's

RATRomcom

The RomCom RAT is a malicious software program used by a threat actor to remotely control compromised systems, often by impersonating well-known brands and deploying fake versions of legitimate software through phishing campaigns.

Indicators of Compromise

Domains (30)

aaa.stage.16549040.dns.alleivice.comteoresp.comadvanced-ip-scaner.comtinheranter.comoptasko.comcuba4ikm4jakjgmkeztyawtdgr2xymvy6nvgw5cglswg3si76icnqd.onionwitorophron.comcombinedresidency.orgleftthenhispar.runastylgilast.comthehentoftbet.rutoftoflethens.comnotfiled.comtycahatit.rukurvalarva.comotinrofha.rubabbedidndu.ruyou-supported.comjohntotrepwron.comreninparwil.com+10 more

Hashes (132)

4de5d433af5701462517719ce097bb4c0e5676c9eaced2fcfdcbf3dca4dd77333aaab055345f3ab4550f42c5b555893d171285dc8b15b4b53e3a7116eeadf99963077dc87680952cca87ff4fe60a552041a2def6b45cbeea4c32ef0836a0af7025e97c6253054bca05681ff7cae6b28f5714628a269caa5115da49c94737ce82ec09b4312e40fd26ac09cbfee4cf89d7b7a755c387e473249684f18aa699eb651d119d19e25bff343e6f9e73ca7bf856c3f5aeb44dc793ec4927b842cf6ec2999b5d67df89a5350dfcff611dde239ac43508c4fd4c9069a9b6a4a3f81b943afac4f476d523310b8e3afe7bca761b8cbaa9ea2b9f01237ca4652fc834b5d202456ac2ce7d1285b9c0e2e5b7ddc03da1cbca51b5da98d9ad72e7f773b8e80d80521238008bf6f429e072eaf6030c06e2d3123d03ea9b36f5a232a1ec90d907be57b5ef2af8a8b45d5f87aa4773f8144fa96c036a8204c7bc285e295f9cd2d1deb0379e39ee8a8414531104dc4a13ab5762ff5023163b1ca7c7749112b3673cd3dba1649dec72c316587b10d92993aee1eca304497ff076348e098310f530779002a326c264f538b035c3de87f9f8294bec272c1182f90832a4e86db1e47cbb1ab26c9f3a0bd1a84706767bfb802632a262912e95a8+112 more

IPv4 (76)

37.44.253.21217.79.43.14879.141.169.22031.184.198.111204.13.164.118192.137.100.96154.35.175.225222.252.53.3364.52.169.174216.45.55.331.184.198.8431.184.198.90141.98.87.124159.203.70.3937.120.193.12331.44.184.8431.184.198.74185.153.199.16869.30.232.13862.210.54.235+56 more

CVEs (2)

CVE-2022-24521CVE-2020-1472

APT Groups

RomCom

Russian Federation

Notes

<div>The world of cyber threats is constantly evolving, and it's important for individuals and organizations to stay informed about the latest dangers. One threat that has recently emerged is the RomCom RAT (Remote Access Trojan). In this post, we'll discuss what the RomCom RAT is, how it operates, and how you can protect yourself from it.</div><div><br></div><div>What is the RomCom RAT?</div><div><br></div><div>The RomCom RAT is a type of malware that allows an attacker to gain remote access and control of a compromised system. The attackers behind the RomCom RAT have been found to use the reputation of well-known brands, such as SolarWinds, KeePass, and PDF Technologies, to carry out their attacks. This makes it difficult for victims to recognize the threat and take appropriate action.</div><div><br></div><div>How Does the RomCom RAT Operate?</div><div><br></div><div>The RomCom threat actor uses a scheme that involves imitating the original legitimate HTML code, registering similar malicious domains, altering legitimate applications, uploading the malicious bundles to fake websites, sending targeted phishing emails, and potentially using additional infection vectors. In preparation for an attack, the RomCom threat actor will perform the following steps: scraping the original legitimate HTML code from the vendor to spoof, registering a malicious domain similar to the legitimate one, altering a legitimate application, uploading the malicious bundle to a decoy website, and deploying targeted phishing emails to the victims.</div><div><br></div><div>Who is at Risk of a RomCom RAT Attack?</div><div><br></div><div>Currently, Ukraine appears to be the primary target of RomCom RAT attacks, but some English-speaking countries, such as the United Kingdom, are also being targeted. Given the location of the targets and the current geopolitical situation, it's unlikely that the RomCom RAT threat actor is motivated by cybercrime.</div>

Mitigation

<h3 style="box-sizing: border-box; font-family: &quot; line-height: 1.1; color: rgb(51, 51, 51); margin-top: 20px; margin-bottom: 10px; font-size: 24px;">MITRE ATT&amp;CK TECHNIQUES</h3><p style="box-sizing: border-box; margin-bottom: 10px; line-height: 1.5; font-size: 16px; color: rgb(51, 51, 51); font-family: &quot;">Cuba ransomware actors use the ATT&amp;CK techniques listed in Table 6.&nbsp;<strong style="box-sizing: border-box;">Note:</strong>&nbsp;For details on TTPs listed in the table, see FBI Flash&nbsp;<a href="https://www.ic3.gov/Media/News/2021/211203-2.pdf" style="box-sizing: border-box; background-color: transparent; color: rgb(43, 114, 175);">Indicators of Compromise Associated with Cuba Ransomware</a>.</p><table class="Table" style="box-sizing: border-box; border-collapse: collapse; border-spacing: 0px; color: rgb(51, 51, 51); font-family: &quot; border: none;"><tbody style="box-sizing: border-box;"><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-width: 1px; border-style: solid; border-color: black; width: 660px; background-color: rgb(174, 170, 170);"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; break-after: avoid;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;">Resource Development</b></span></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; height: 22px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; height: 22px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; height: 22px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; height: 58px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Compromise Infrastructure: Domains</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; height: 58px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; break-after: avoid;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1584/001/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1584.001</a></span></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; height: 58px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors use compromised networks to conduct their operations.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 660px; background-color: rgb(174, 170, 170); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; break-after: avoid;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Initial Access</span></b></span></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; background-color: rgb(217, 217, 217); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; background-color: rgb(217, 217, 217); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; background-color: rgb(217, 217, 217); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Valid Accounts</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1078/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1078</a></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors have been known to use compromised credentials to get into a victim’s network.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">External Remote Services</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1133/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1133</a></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors may leverage external-facing remote services to gain initial access to a victim’s network.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Exploit Public-Facing Application</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1190/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1190</a></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><span style="box-sizing: border-box; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial;"><span style="box-sizing: border-box; color: rgb(36, 36, 36);">Cuba ransomware actors are known to exploit vulnerabilities in public-facing systems.</span></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Phishing</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1566/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1566</a></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors have sent phishing emails to obtain initial access to systems.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 660px; background-color: rgb(174, 170, 170); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Execution</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Command and Scripting Interpreter: PowerShell</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1059/001/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1059.001</a></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors have used PowerShell to escalate privileges.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Software Deployment Tools</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1072/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1072</a></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors use Hancitor as a tool to spread malicious files throughout a victim’s network.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 660px; background-color: rgb(174, 170, 170); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Privilege Escalation</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; background-color: rgb(191, 191, 191); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; background-color: rgb(191, 191, 191); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; background-color: rgb(191, 191, 191); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Exploitation for Privilege Escalation</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1068/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1068</a></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors have exploited ZeroLogon to gain administrator privileges.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 660px; background-color: rgb(174, 170, 170); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Defense Evasion</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; background-color: rgb(191, 191, 191); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; background-color: rgb(191, 191, 191); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; background-color: rgb(191, 191, 191); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Impair Defenses: Disable or Modify Tools</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1562/001/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1562.001</a></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors leveraged a loader that disables security tools within the victim network.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 660px; background-color: rgb(174, 170, 170); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Lateral Movement</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Remote Services Session: RDP Hijacking</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1563/002/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1563.002</a></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors used RDP sessions to move laterally.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 660px; background-color: rgb(174, 170, 170); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Credential Access</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Credential Dumping: LSASS Memory</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1003/001/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1003.001</a></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors use LSASS memory to retrieve stored compromised credentials.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Steal or Forge Kerberos Tickets: Kerberoasting</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1558/003/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1558.003</a></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Cuba ransomware actors used the Kerberoasting technique to identify service accounts linked to active directory.</span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td colspan="3" style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 660px; background-color: rgb(174, 170, 170); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p align="center" style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px; text-align: center;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Command and Control</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Technique Title</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">ID</span></b></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; background-color: rgb(208, 206, 206); border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><b style="box-sizing: border-box;"><span style="box-sizing: border-box; color: black;">Use</span></b></span></span></span></span></p></td></tr><tr style="box-sizing: border-box;"><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 236px; border-top: none; border-right: 1px solid black; border-left: 1px solid black;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Proxy: Manipulate Command and Control Communications</span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 130px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;"><a href="https://attack.mitre.org/versions/v12/techniques/T1090/" style="box-sizing: border-box; background-color: transparent; color: rgb(5, 99, 193); text-decoration-line: underline;">T1090</a></span></span></span></span></p></td><td style="box-sizing: border-box; padding: 0in 7px; border-bottom: 1px solid black; width: 294px; border-top: none; border-right: 1px solid black; border-left: none;"><p style="box-sizing: border-box; margin-top: 8px; margin-bottom: 8px; line-height: 1.5; font-size: 16px;"><span style="box-sizing: border-box; font-size: 11pt;"><span style="box-sizing: border-box; line-height: 16.8667px;"><span style="box-sizing: border-box; font-family: Arial, sans-serif;">Industrial Spy ransomware actors use HTTP/HTTPS proxy via a C2 server to direct traffic to avoid direct connection.&nbsp;</span></span></span></p></td></tr></tbody></table>