UNC6148

T1003 - OS Credential Dumping T1005 - Data from Local System T1014 - Rootkit T1021.004 - Remote Services SSH T1027 - Obfuscated Files or Information T1036.005 - Masquerading Match Legitimate Resource Name or Location T1041 - Exfiltration Over C Channel T1055 - Process Injection T1055.012 - Process Injection Process Hollowing T1059.004 - Command and Scripting Interpreter Unix Shell T1070.004 - Indicator Removal File Deletion T1078 - Valid Accounts T1112 - Modify Registry T1133 - External Remote Services T1140 - DeobfuscateDecode Files or Information T1190 - Exploit PublicFacing Application T1219 - Remote Access Tools T1505.003 - Server Software Component Web Shell T1552.001 - Unsecured Credentials Credentials In Files T1562.001 - Impair Defenses Disable or Modify Tools T1565 - Data Manipulation T1574.006 - Hijack Execution Flow Dynamic Linker Hijacking