Trusted Design

The Curious Case of CZ Solution

概要

While investigating an uptick in Spy-Net spam campaigns, we came across a malware binary that was digitally signed that struck our interest. Spy-Net allows an attacker to interact with the victim via a remote shell to upload/download files, interact with the registry, running processes and services as well as capture images of the desktop and record form the webcam and audio. It also contains functionality to extract saved passwords and turn the victim into a proxy server. During the build process, an attacker can choose to enable a keylogger and evasion functionality designed to stop the information process if a debugger or virtual machine is found.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 18.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1591.003 - Identify Business Tempo
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 59.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1600 - Weaken Encryption
  • T1176.001 - Browser Extensions
  • T1547.012 - Print Processors
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

menuPass

Score: 47.18
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1588.006 - Vulnerabilities
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1001 - Data Obfuscation
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

INC Ransom

Score: 19.59
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gamaredon Group

Score: 98.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1547.012 - Print Processors
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1045 - Software Packing
  • T1036.002 - Right-to-Left Override
  • T1612 - Build Image on Host
  • T1562.010 - Downgrade Attack
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

APT32

Score: 68.85
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1608.004 - Drive-by Target
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1092 - Communication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustang Panda

Score: 96.03
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1588.006 - Vulnerabilities
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1593.002 - Search Engines
  • T1562.006 - Indicator Blocking
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

MuddyWater

Score: 61.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1547.012 - Print Processors
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1546.005 - Trap
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 50.27
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1600 - Weaken Encryption
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1546.005 - Trap
  • T1003.001 - LSASS Memory
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Leviathan

Score: 39.72
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1597.002 - Purchase Technical Data
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1204 - User Execution
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

Velvet Ant

Score: 29.18
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1583.005 - Botnet
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1219.002 - Remote Desktop Software
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 66.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1555 - Credentials from Password Stores
  • T1205 - Traffic Signaling
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

GALLIUM

Score: 28.37
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 67.83
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1567 - Exfiltration Over Web Service
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1535 - Unused/Unsupported Cloud Regions
  • T1546.005 - Trap
  • T1045 - Software Packing
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
MITREへのリンク →

Blue Mockingbird

Score: 32.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1045 - Software Packing
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

Naikon

Score: 6.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1209 - Time Providers
MITREへのリンク →

Lazarus Group

Score: 104.35
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1132.001 - Standard Encoding
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1600 - Weaken Encryption
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1558.005 - Ccache Files
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1205 - Traffic Signaling
  • T1050 - New Service
  • T1070.006 - Timestomp
  • T1032 - Standard Cryptographic Protocol
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1547.011 - Plist Modification
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Lotus Blossom

Score: 15.83
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

Sandworm Team

Score: 69.21
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1600 - Weaken Encryption
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1045 - Software Packing
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 37.78
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Indrik Spider

Score: 21.93
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.013 - Mavinject
  • T1600 - Weaken Encryption
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

TA2541

Score: 32.19
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1036.002 - Right-to-Left Override
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Stealth Falcon

Score: 10.72
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Aquatic Panda

Score: 33.71
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT29

Score: 48.65
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1036.002 - Right-to-Left Override
  • T1138 - Application Shimming
  • T1608.005 - Link Target
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1219.002 - Remote Desktop Software
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 64.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1556 - Modify Authentication Process
MITREへのリンク →

Windshift

Score: 18.95
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1078 - Valid Accounts
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN6

Score: 24.95
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1103 - AppInit DLLs
  • T1584.003 - Virtual Private Server
  • T1546.005 - Trap
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

ToddyCat

Score: 12.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Deep Panda

Score: 13.59
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Threat Group-3390

Score: 54.96
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1546.005 - Trap
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 28.09
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1110.002 - Password Cracking
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
MITREへのリンク →

Ember Bear

Score: 40.23
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
MITREへのリンク →

Chimera

Score: 41.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1032 - Standard Cryptographic Protocol
  • T1155 - AppleScript
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackByte

Score: 58.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1562.010 - Downgrade Attack
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1566.004 - Spearphishing Voice
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN13

Score: 40.98
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1546.005 - Trap
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Magic Hound

Score: 56.31
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT41

Score: 66.59
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

FIN8

Score: 31.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1027.017 - SVG Smuggling
  • T1612 - Build Image on Host
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1556 - Modify Authentication Process
MITREへのリンク →

Dragonfly

Score: 29.04
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 39.54
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1546.005 - Trap
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT28

Score: 79.01
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1597.002 - Purchase Technical Data
  • T1499.001 - OS Exhaustion Flood
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1078.001 - Default Accounts
  • T1546.005 - Trap
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1588.003 - Code Signing Certificates
  • T1564.004 - NTFS File Attributes
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MoustachedBouncer

Score: 7.48
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 11.94
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Winter Vivern

Score: 18.57
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548 - Abuse Elevation Control Mechanism
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 30.09
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1103 - AppInit DLLs
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Group5

Score: 5.60
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT39

Score: 58.48
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1596.003 - Digital Certificates
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1032 - Standard Cryptographic Protocol
  • T1021 - Remote Services
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Kimsuky

Score: 81.40
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1092 - Communication Through Removable Media
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 11.78
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT19

Score: 19.02
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

UNC3886

Score: 63.91
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1546.005 - Trap
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1136.002 - Domain Account
  • T1547.015 - Login Items
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1497.002 - User Activity Based Checks
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1546.002 - Screensaver
  • T1070.009 - Clear Persistence
  • T1219.002 - Remote Desktop Software
  • T1003.006 - DCSync
MITREへのリンク →

Carbanak

Score: 10.85
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT3

Score: 33.56
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

TA551

Score: 13.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 32.79
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1103 - AppInit DLLs
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CopyKittens

Score: 7.86
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1103 - AppInit DLLs
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 15.94
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1099 - Timestomp
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 55.42
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1675 - ESXi Administration Command
  • T1120 - Peripheral Device Discovery
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1138 - Application Shimming
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Daggerfly

Score: 18.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1497.002 - User Activity Based Checks
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedCurl

Score: 37.71
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1608.004 - Drive-by Target
  • T1120 - Peripheral Device Discovery
  • T1558.005 - Ccache Files
  • T1584.003 - Virtual Private Server
  • T1546.005 - Trap
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
MITREへのリンク →

LazyScripter

Score: 17.32
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 27.75
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1597.002 - Purchase Technical Data
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1535 - Unused/Unsupported Cloud Regions
  • T1155 - AppleScript
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1102.002 - Bidirectional Communication
  • T1565.002 - Transmitted Data Manipulation
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 21.33
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1546.005 - Trap
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Ajax Security Team

Score: 3.50
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 28.98
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 26.78
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1677 - Poisoned Pipeline Execution
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1497.002 - User Activity Based Checks
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Tonto Team

Score: 17.38
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PLATINUM

Score: 15.92
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1546.005 - Trap
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

FIN4

Score: 6.86
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Sowbug

Score: 9.90
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1120 - Peripheral Device Discovery
  • T1542.004 - ROMMONkit
MITREへのリンク →

HEXANE

Score: 27.93
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Ke3chang

Score: 34.98
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Poseidon Group

Score: 8.57
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Suckfly

Score: 6.29
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1103 - AppInit DLLs
  • T1209 - Time Providers
MITREへのリンク →

Axiom

Score: 22.78
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1189 - Drive-by Compromise
  • T1622 - Debugger Evasion
MITREへのリンク →

Winnti Group

Score: 7.51
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1103 - AppInit DLLs
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 37.24
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1535 - Unused/Unsupported Cloud Regions
  • T1114.003 - Email Forwarding Rule
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 45.22
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1535 - Unused/Unsupported Cloud Regions
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1142 - Keychain
  • T1597 - Search Closed Sources
  • T1137.003 - Outlook Forms
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 32.87
Matched TTPs:
  • T1485.001 - Lifecycle-Triggered Deletion
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 68.30
Matched TTPs:
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1021 - Remote Services
  • T1059.009 - Cloud API
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1003.001 - LSASS Memory
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-1811

Score: 20.78
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1566.004 - Spearphishing Voice
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 6.86
Matched TTPs:
  • T1218.013 - Mavinject
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 8.67
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 31.89
Matched TTPs:
  • T1218.013 - Mavinject
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Transparent Tribe

Score: 8.47
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

admin@338

Score: 7.15
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

BackdoorDiplomacy

Score: 14.24
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Akira

Score: 12.11
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
  • T1622 - Debugger Evasion
MITREへのリンク →

Tropic Trooper

Score: 32.60
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PROMETHIUM

Score: 11.69
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1103 - AppInit DLLs
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LuminousMoth

Score: 18.21
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1103 - AppInit DLLs
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Whitefly

Score: 6.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 6.98
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT1

Score: 13.05
Matched TTPs:
  • T1218.013 - Mavinject
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1546.005 - Trap
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

Sidewinder

Score: 16.81
Matched TTPs:
  • T1218.013 - Mavinject
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Fox Kitten

Score: 32.24
Matched TTPs:
  • T1218.013 - Mavinject
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

SideCopy

Score: 12.65
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 10.55
Matched TTPs:
  • T1178 - SID-History Injection
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

APT33

Score: 17.62
Matched TTPs:
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1546.005 - Trap
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

LAPSUS$

Score: 18.65
Matched TTPs:
  • T1600 - Weaken Encryption
  • T1584.003 - Virtual Private Server
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1601 - Modify System Image
MITREへのリンク →

Contagious Interview

Score: 38.37
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1045 - Software Packing
  • T1064 - Scripting
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1556 - Modify Authentication Process
MITREへのリンク →

Salt Typhoon

Score: 10.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 21.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1142 - Keychain
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 11.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Cleaver

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
MITREへのリンク →

Moses Staff

Score: 12.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 30.91
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Gallmaker

Score: 6.62
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
MITREへのリンク →

BITTER

Score: 15.53
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 7.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 6.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 10.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 9.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Higaisa

Score: 18.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
  • T1546.017 - Udev Rules
MITREへのリンク →

Rancor

Score: 7.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1204 - User Execution
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 16.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 18.53
Matched TTPs:
  • T1087.002 - Domain Account
  • T1103 - AppInit DLLs
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

TA459

Score: 3.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 4.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 21.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Andariel

Score: 17.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 13.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1103 - AppInit DLLs
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

The White Company

Score: 5.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 7.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 10.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

DarkVishnya

Score: 10.98
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

Agrius

Score: 21.26
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1546.005 - Trap
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1209 - Time Providers
  • T1622 - Debugger Evasion
MITREへのリンク →

Evilnum

Score: 10.26
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 26.28
Matched TTPs:
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1535 - Unused/Unsupported Cloud Regions
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Windigo

Score: 9.50
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

ZIRCONIUM

Score: 19.69
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT18

Score: 3.36
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sea Turtle

Score: 17.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Volatile Cedar

Score: 4.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN5

Score: 4.98
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

POLONIUM

Score: 7.60
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 8.30
Matched TTPs:
  • T1136.002 - Domain Account
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

RedEcho

Score: 3.29
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

Thrip

Score: 7.32
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN10

Score: 6.91
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1583.006 - Web Services
  • T1606.001 - Web Cookies
  • T1032 - Standard Cryptographic Protocol
  • T1590.003 - Network Trust Dependencies
  • T1070.009 - Clear Persistence
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1600 - Weaken Encryption
  • T1209 - Time Providers
  • T1047 - Windows Management Instrumentation
  • T1069.001 - Local Groups
  • T1089 - Disabling Security Tools
  • T1055.005 - Thread Local Storage
  • T1199 - Trusted Relationship
  • T1584.003 - Virtual Private Server
  • T1050 - New Service
  • T1547.002 - Authentication Package
  • T1677 - Poisoned Pipeline Execution
  • T1070.008 - Clear Mailbox Data
  • T1132.001 - Standard Encoding
  • T1583 - Acquire Infrastructure
  • T1059.012 - Hypervisor CLI
  • T1176.001 - Browser Extensions
  • T1569.002 - Service Execution
  • T1547.011 - Plist Modification
  • T1570 - Lateral Tool Transfer
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1497.002 - User Activity Based Checks
  • T1558.005 - Ccache Files
  • T1622 - Debugger Evasion
  • T1070.006 - Timestomp
  • T1059.010 - AutoHotKey & AutoIT
  • T1103 - AppInit DLLs
  • T1596.003 - Digital Certificates
  • T1087.004 - Cloud Account
  • T1556 - Modify Authentication Process
  • T1120 - Peripheral Device Discovery
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1205 - Traffic Signaling
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1608.005 - Link Target
  • T1174 - Password Filter DLL
MITREへのリンク →

Gamaredon Group

Score: 0.73
Matched TTPs:
  • T1583.006 - Web Services
  • T1547.012 - Print Processors
  • T1045 - Software Packing
  • T1608 - Stage Capabilities
  • T1091 - Replication Through Removable Media
  • T1606.001 - Web Cookies
  • T1061 - Graphical User Interface
  • T1036.002 - Right-to-Left Override
  • T1552.005 - Cloud Instance Metadata API
  • T1590.003 - Network Trust Dependencies
  • T1070.009 - Clear Persistence
  • T1087.002 - Domain Account
  • T1542.004 - ROMMONkit
  • T1562.010 - Downgrade Attack
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
  • T1047 - Windows Management Instrumentation
  • T1199 - Trusted Relationship
  • T1584.003 - Virtual Private Server
  • T1547.002 - Authentication Package
  • T1059.011 - Lua
  • T1583 - Acquire Infrastructure
  • T1570 - Lateral Tool Transfer
  • T1597 - Search Closed Sources
  • T1497.002 - User Activity Based Checks
  • T1612 - Build Image on Host
  • T1601.001 - Patch System Image
  • T1059.009 - Cloud API
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.009 - Safe Mode Boot
  • T1684 - Social Engineering
  • T1087.004 - Cloud Account
  • T1059.013 - Container CLI/API
  • T1099 - Timestomp
  • T1120 - Peripheral Device Discovery
  • T1218.013 - Mavinject
  • T1205 - Traffic Signaling
  • T1608.005 - Link Target
  • T1092 - Communication Through Removable Media
  • T1156 - Malicious Shell Modification
MITREへのリンク →

Mustang Panda

Score: 0.69
Matched TTPs:
  • T1583.006 - Web Services
  • T1608 - Stage Capabilities
  • T1091 - Replication Through Removable Media
  • T1590.003 - Network Trust Dependencies
  • T1588.006 - Vulnerabilities
  • T1070.009 - Clear Persistence
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1593.002 - Search Engines
  • T1204 - User Execution
  • T1209 - Time Providers
  • T1169 - Sudo
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
  • T1677 - Poisoned Pipeline Execution
  • T1059.011 - Lua
  • T1136.001 - Local Account
  • T1102 - Web Service
  • T1597.002 - Purchase Technical Data
  • T1218.010 - Regsvr32
  • T1497.002 - User Activity Based Checks
  • T1612 - Build Image on Host
  • T1562.006 - Indicator Blocking
  • T1059.010 - AutoHotKey & AutoIT
  • T1071.001 - Web Protocols
  • T1546.005 - Trap
  • T1103 - AppInit DLLs
  • T1087.004 - Cloud Account
  • T1555.003 - Credentials from Web Browsers
  • T1556 - Modify Authentication Process
  • T1159 - Launch Agent
  • T1120 - Peripheral Device Discovery
  • T1606.002 - SAML Tokens
  • T1218.013 - Mavinject
  • T1608.005 - Link Target
  • T1055.005 - Thread Local Storage
  • T1092 - Communication Through Removable Media
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1583.006 - Web Services
  • T1608 - Stage Capabilities
  • T1091 - Replication Through Removable Media
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.009 - Clear Persistence
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1027.014 - Polymorphic Code
  • T1199 - Trusted Relationship
  • T1584.003 - Virtual Private Server
  • T1565.002 - Transmitted Data Manipulation
  • T1547.002 - Authentication Package
  • T1001 - Data Obfuscation
  • T1059.011 - Lua
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1570 - Lateral Tool Transfer
  • T1597 - Search Closed Sources
  • T1497.002 - User Activity Based Checks
  • T1622 - Debugger Evasion
  • T1601.001 - Patch System Image
  • T1059.009 - Cloud API
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1103 - AppInit DLLs
  • T1596.003 - Digital Certificates
  • T1684 - Social Engineering
  • T1087.004 - Cloud Account
  • T1555.003 - Credentials from Web Browsers
  • T1120 - Peripheral Device Discovery
  • T1606.002 - SAML Tokens
  • T1218.013 - Mavinject
  • T1205 - Traffic Signaling
  • T1608.005 - Link Target
  • T1003.007 - Proc Filesystem
  • T1092 - Communication Through Removable Media
  • T1156 - Malicious Shell Modification
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1583.005 - Botnet
  • T1032 - Standard Cryptographic Protocol
  • T1552.005 - Cloud Instance Metadata API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.009 - Clear Persistence
  • T1087.002 - Domain Account
  • T1588.003 - Code Signing Certificates
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
  • T1199 - Trusted Relationship
  • T1584.003 - Virtual Private Server
  • T1547.002 - Authentication Package
  • T1059.001 - PowerShell
  • T1583 - Acquire Infrastructure
  • T1059.012 - Hypervisor CLI
  • T1078.001 - Default Accounts
  • T1547.011 - Plist Modification
  • T1548.004 - Elevated Execution with Prompt
  • T1597.002 - Purchase Technical Data
  • T1218.010 - Regsvr32
  • T1497.002 - User Activity Based Checks
  • T1564.004 - NTFS File Attributes
  • T1059.010 - AutoHotKey & AutoIT
  • T1206 - Sudo Caching
  • T1566.003 - Spearphishing via Service
  • T1546.005 - Trap
  • T1596.003 - Digital Certificates
  • T1555.003 - Credentials from Web Browsers
  • T1218.013 - Mavinject
  • T1608.005 - Link Target
  • T1499.001 - OS Exhaustion Flood
  • T1156 - Malicious Shell Modification
MITREへのリンク →

Turla

Score: 0.57
Matched TTPs:
  • T1583.006 - Web Services
  • T1045 - Software Packing
  • T1032 - Standard Cryptographic Protocol
  • T1552.005 - Cloud Instance Metadata API
  • T1590.003 - Network Trust Dependencies
  • T1547.013 - XDG Autostart Entries
  • T1204 - User Execution
  • T1003.001 - LSASS Memory
  • T1199 - Trusted Relationship
  • T1584.003 - Virtual Private Server
  • T1566.004 - Spearphishing Voice
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1569.002 - Service Execution
  • T1570 - Lateral Tool Transfer
  • T1597 - Search Closed Sources
  • T1497.002 - User Activity Based Checks
  • T1612 - Build Image on Host
  • T1601.001 - Patch System Image
  • T1059.009 - Cloud API
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1099 - Timestomp
  • T1021 - Remote Services
  • T1136.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1606.002 - SAML Tokens
  • T1218.013 - Mavinject
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1608.005 - Link Target
  • T1003.007 - Proc Filesystem
MITREへのリンク →

FIN7

Score: 0.57
Matched TTPs:
  • T1583.006 - Web Services
  • T1573 - Encrypted Channel
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1047 - Windows Management Instrumentation
  • T1199 - Trusted Relationship
  • T1584.003 - Virtual Private Server
  • T1547.002 - Authentication Package
  • T1586.002 - Email Accounts
  • T1059.001 - PowerShell
  • T1583 - Acquire Infrastructure
  • T1564.002 - Hidden Users
  • T1176.001 - Browser Extensions
  • T1555 - Credentials from Password Stores
  • T1011.001 - Exfiltration Over Bluetooth
  • T1497.002 - User Activity Based Checks
  • T1027.007 - Dynamic API Resolution
  • T1622 - Debugger Evasion
  • T1601.001 - Patch System Image
  • T1059.010 - AutoHotKey & AutoIT
  • T1206 - Sudo Caching
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1606.002 - SAML Tokens
  • T1218.013 - Mavinject
  • T1205 - Traffic Signaling
  • T1608.005 - Link Target
  • T1092 - Communication Through Removable Media
  • T1156 - Malicious Shell Modification
MITREへのリンク →

UNC3886

Score: 0.56
Matched TTPs:
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1583.006 - Web Services
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1070.009 - Clear Persistence
  • T1003.006 - DCSync
  • T1566.004 - Spearphishing Voice
  • T1219.002 - Remote Desktop Software
  • T1547.015 - Login Items
  • T1583 - Acquire Infrastructure
  • T1090.002 - External Proxy
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1497.002 - User Activity Based Checks
  • T1585.002 - Email Accounts
  • T1546.002 - Screensaver
  • T1546.005 - Trap
  • T1606 - Forge Web Credentials
  • T1136.002 - Domain Account
  • T1606.002 - SAML Tokens
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT32

Score: 0.55
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1091 - Replication Through Removable Media
  • T1032 - Standard Cryptographic Protocol
  • T1070.009 - Clear Persistence
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1027.014 - Polymorphic Code
  • T1209 - Time Providers
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1583 - Acquire Infrastructure
  • T1059.012 - Hypervisor CLI
  • T1176.001 - Browser Extensions
  • T1570 - Lateral Tool Transfer
  • T1597.002 - Purchase Technical Data
  • T1218.010 - Regsvr32
  • T1497.002 - User Activity Based Checks
  • T1027.007 - Dynamic API Resolution
  • T1612 - Build Image on Host
  • T1608.004 - Drive-by Target
  • T1601.001 - Patch System Image
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1596.003 - Digital Certificates
  • T1684 - Social Engineering
  • T1087.004 - Cloud Account
  • T1555.003 - Credentials from Web Browsers
  • T1556 - Modify Authentication Process
  • T1120 - Peripheral Device Discovery
  • T1218.013 - Mavinject
  • T1174 - Password Filter DLL
  • T1608.005 - Link Target
  • T1092 - Communication Through Removable Media
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る