Trusted Design

The Curious Case of CZ Solution

概要

While investigating an uptick in Spy-Net spam campaigns, we came across a malware binary that was digitally signed that struck our interest. Spy-Net allows an attacker to interact with the victim via a remote shell to upload/download files, interact with the registry, running processes and services as well as capture images of the desktop and record form the webcam and audio. It also contains functionality to extract saved passwords and turn the victim into a proxy server. During the build process, an attacker can choose to enable a keylogger and evasion functionality designed to stop the information process if a debugger or virtual machine is found.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 18.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1080 - Taint Shared Content
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 59.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1489 - Service Stop
  • T1543.003 - Windows Service
  • T1559.001 - Component Object Model
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

menuPass

Score: 47.18
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1218.004 - InstallUtil
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1055.012 - Process Hollowing
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 19.59
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Gamaredon Group

Score: 98.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1497.001 - System Checks
  • T1559.001 - Component Object Model
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1090 - Proxy
  • T1568 - Dynamic Resolution
  • T1102 - Web Service
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

APT32

Score: 68.85
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1552.002 - Credentials in Registry
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1027.016 - Junk Code Insertion
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Mustang Panda

Score: 96.03
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1218.004 - InstallUtil
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1219.001 - IDE Tunneling
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1654 - Log Enumeration
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

MuddyWater

Score: 61.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 50.27
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.011 - Rundll32
  • T1489 - Service Stop
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1547.004 - Winlogon Helper DLL
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Leviathan

Score: 39.72
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 29.18
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1040 - Network Sniffing
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1037.004 - RC Scripts
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN7

Score: 66.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1546.011 - Application Shimming
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 28.37
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 67.83
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1552 - Unsecured Credentials
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1552.004 - Private Keys
  • T1003.001 - LSASS Memory
  • T1090 - Proxy
  • T1654 - Log Enumeration
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
MITREへのリンク →

Blue Mockingbird

Score: 32.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1090 - Proxy
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Naikon

Score: 6.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1046 - Network Service Discovery
MITREへのリンク →

Lazarus Group

Score: 104.35
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.011 - Rundll32
  • T1027.009 - Embedded Payloads
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1489 - Service Stop
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1620 - Reflective Code Loading
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1134.002 - Create Process with Token
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Lotus Blossom

Score: 15.83
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sandworm Team

Score: 69.21
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1489 - Service Stop
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090 - Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 37.78
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Indrik Spider

Score: 21.93
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1489 - Service Stop
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 32.19
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1568 - Dynamic Resolution
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Stealth Falcon

Score: 10.72
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1012 - Query Registry
MITREへのリンク →

Aquatic Panda

Score: 33.71
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT29

Score: 48.65
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1568 - Dynamic Resolution
  • T1553.005 - Mark-of-the-Web Bypass
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1037.004 - RC Scripts
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 64.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Windshift

Score: 18.95
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1036.001 - Invalid Code Signature
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN6

Score: 24.95
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1553.002 - Code Signing
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

ToddyCat

Score: 12.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Deep Panda

Score: 13.59
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Threat Group-3390

Score: 54.96
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 28.09
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547 - Boot or Logon Autostart Execution
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1056 - Input Capture
MITREへのリンク →

Ember Bear

Score: 40.23
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
MITREへのリンク →

Chimera

Score: 41.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 58.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1480 - Execution Guardrails
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1570 - Lateral Tool Transfer
  • T1614.001 - System Language Discovery
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 40.98
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Magic Hound

Score: 56.31
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT41

Score: 66.59
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN8

Score: 31.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Dragonfly

Score: 29.04
Matched TTPs:
  • T1113 - Screen Capture
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 39.54
Matched TTPs:
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1003.001 - LSASS Memory
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT28

Score: 79.01
Matched TTPs:
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1003 - OS Credential Dumping
  • T1014 - Rootkit
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1092 - Communication Through Removable Media
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1137.002 - Office Test
  • T1001.001 - Junk Data
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

MoustachedBouncer

Score: 7.48
Matched TTPs:
  • T1113 - Screen Capture
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1027.002 - Software Packing
MITREへのリンク →

GOLD SOUTHFIELD

Score: 11.94
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Winter Vivern

Score: 18.57
Matched TTPs:
  • T1113 - Screen Capture
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 30.09
Matched TTPs:
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1553.002 - Code Signing
  • T1106 - Native API
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Group5

Score: 5.60
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1070.004 - File Deletion
MITREへのリンク →

APT39

Score: 58.48
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1021.002 - SMB/Windows Admin Shares
  • T1553.006 - Code Signing Policy Modification
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Kimsuky

Score: 81.40
Matched TTPs:
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1027.016 - Junk Code Insertion
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 11.78
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

APT19

Score: 19.02
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

UNC3886

Score: 63.91
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1564.011 - Ignore Process Interrupts
  • T1003.001 - LSASS Memory
  • T1548 - Abuse Elevation Control Mechanism
  • T1673 - Virtual Machine Discovery
  • T1588.001 - Malware
  • T1205.001 - Port Knocking
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1059.001 - PowerShell
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1070.004 - File Deletion
  • T1037.004 - RC Scripts
  • T1505.006 - vSphere Installation Bundles
MITREへのリンク →

Carbanak

Score: 10.85
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT3

Score: 33.56
Matched TTPs:
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA551

Score: 13.33
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 32.79
Matched TTPs:
  • T1218.011 - Rundll32
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1553.002 - Code Signing
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CopyKittens

Score: 7.86
Matched TTPs:
  • T1218.011 - Rundll32
  • T1553.002 - Code Signing
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

HAFNIUM

Score: 15.94
Matched TTPs:
  • T1218.011 - Rundll32
  • T1016.001 - Internet Connection Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 55.42
Matched TTPs:
  • T1218.011 - Rundll32
  • T1056.001 - Keylogging
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1565.003 - Runtime Data Manipulation
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1553.005 - Mark-of-the-Web Bypass
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Daggerfly

Score: 18.60
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1059.001 - PowerShell
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RedCurl

Score: 37.71
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1552.002 - Credentials in Registry
  • T1082 - System Information Discovery
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
MITREへのリンク →

LazyScripter

Score: 17.32
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 27.75
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003 - OS Credential Dumping
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1552.004 - Private Keys
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1614.001 - System Language Discovery
  • T1219.002 - Remote Desktop Software
  • T1027.002 - Software Packing
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 21.33
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Ajax Security Team

Score: 3.50
Matched TTPs:
  • T1056.001 - Keylogging
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 28.98
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1497.001 - System Checks
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT5

Score: 26.78
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1070 - Indicator Removal
  • T1654 - Log Enumeration
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1059.001 - PowerShell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Tonto Team

Score: 17.38
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PLATINUM

Score: 15.92
Matched TTPs:
  • T1056.001 - Keylogging
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1003.001 - LSASS Memory
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

FIN4

Score: 6.86
Matched TTPs:
  • T1056.001 - Keylogging
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Sowbug

Score: 9.90
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1082 - System Information Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

HEXANE

Score: 27.93
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Ke3chang

Score: 34.98
Matched TTPs:
  • T1056.001 - Keylogging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Poseidon Group

Score: 8.57
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Suckfly

Score: 6.29
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1553.002 - Code Signing
  • T1046 - Network Service Discovery
MITREへのリンク →

Axiom

Score: 22.78
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1563.002 - RDP Hijacking
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Winnti Group

Score: 7.51
Matched TTPs:
  • T1014 - Rootkit
  • T1553.002 - Code Signing
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 37.24
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1552.004 - Private Keys
  • T1055.002 - Portable Executable Injection
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TeamTNT

Score: 45.22
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1552.004 - Private Keys
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1204.003 - Malicious Image
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 32.87
Matched TTPs:
  • T1123 - Audio Capture
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1036.001 - Invalid Code Signature
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 68.30
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1553.006 - Code Signing Policy Modification
  • T1112 - Modify Registry
  • T1134.002 - Create Process with Token
  • T1547.004 - Winlogon Helper DLL
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

Storm-1811

Score: 20.78
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1570 - Lateral Tool Transfer
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 6.86
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 8.67
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 31.89
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Transparent Tribe

Score: 8.47
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

admin@338

Score: 7.15
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BackdoorDiplomacy

Score: 14.24
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Akira

Score: 12.11
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Tropic Trooper

Score: 32.60
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PROMETHIUM

Score: 11.69
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1553.002 - Code Signing
  • T1205.001 - Port Knocking
  • T1189 - Drive-by Compromise
MITREへのリンク →

LuminousMoth

Score: 18.21
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1553.002 - Code Signing
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Whitefly

Score: 6.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 6.98
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 13.05
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Sidewinder

Score: 16.81
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Fox Kitten

Score: 32.24
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

SideCopy

Score: 12.65
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 10.55
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
MITREへのリンク →

APT33

Score: 17.62
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LAPSUS$

Score: 18.65
Matched TTPs:
  • T1489 - Service Stop
  • T1005 - Data from Local System
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1531 - Account Access Removal
MITREへのリンク →

Contagious Interview

Score: 38.37
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1090 - Proxy
  • T1497 - Virtualization/Sandbox Evasion
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Salt Typhoon

Score: 10.19
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 21.29
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1048 - Exfiltration Over Alternative Protocol
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 11.70
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Cleaver

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
MITREへのリンク →

Moses Staff

Score: 12.03
Matched TTPs:
  • T1587.001 - Malware
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 30.91
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Gallmaker

Score: 6.62
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BITTER

Score: 15.53
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Malteiro

Score: 7.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1614.001 - System Language Discovery
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 6.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 10.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 9.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Higaisa

Score: 18.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 7.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 16.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 18.53
Matched TTPs:
  • T1204.002 - Malicious File
  • T1553.002 - Code Signing
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

TA459

Score: 3.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 4.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 21.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Andariel

Score: 17.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Molerats

Score: 13.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1553.002 - Code Signing
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 5.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 7.84
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 10.39
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
MITREへのリンク →

DarkVishnya

Score: 10.98
Matched TTPs:
  • T1543.003 - Windows Service
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
MITREへのリンク →

Agrius

Score: 21.26
Matched TTPs:
  • T1543.003 - Windows Service
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1046 - Network Service Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Evilnum

Score: 10.26
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 26.28
Matched TTPs:
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1552.004 - Private Keys
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Windigo

Score: 9.50
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

ZIRCONIUM

Score: 19.69
Matched TTPs:
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT18

Score: 3.36
Matched TTPs:
  • T1082 - System Information Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sea Turtle

Score: 17.87
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1564.011 - Ignore Process Interrupts
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Volatile Cedar

Score: 4.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN5

Score: 4.98
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1070.004 - File Deletion
MITREへのリンク →

POLONIUM

Score: 7.60
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 8.30
Matched TTPs:
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

RedEcho

Score: 3.29
Matched TTPs:
  • T1568 - Dynamic Resolution
MITREへのリンク →

Thrip

Score: 7.32
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN10

Score: 6.91
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1082 - System Information Discovery
  • T1202 - Indirect Command Execution
  • T1027.007 - Dynamic API Resolution
  • T1070 - Indicator Removal
  • T1056.001 - Keylogging
  • T1491.001 - Internal Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090.002 - External Proxy
  • T1562.001 - Disable or Modify Tools
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1574.001 - DLL
  • T1587.001 - Malware
  • T1218 - System Binary Proxy Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1620 - Reflective Code Loading
  • T1553.002 - Code Signing
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
  • T1010 - Application Window Discovery
  • T1547.009 - Shortcut Modification
  • T1005 - Data from Local System
  • T1574.013 - KernelCallbackTable
  • T1203 - Exploitation for Client Execution
  • T1134.002 - Create Process with Token
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1012 - Query Registry
  • T1583.006 - Web Services
  • T1543.003 - Windows Service
  • T1218.011 - Rundll32
  • T1046 - Network Service Discovery
  • T1070.004 - File Deletion
  • T1027.009 - Embedded Payloads
  • T1489 - Service Stop
  • T1189 - Drive-by Compromise
  • T1106 - Native API
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1036.003 - Rename Legitimate Utilities
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

Gamaredon Group

Score: 0.73
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1090 - Proxy
  • T1082 - System Information Discovery
  • T1491.001 - Internal Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1027.010 - Command Obfuscation
  • T1497.001 - System Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1480 - Execution Guardrails
  • T1620 - Reflective Code Loading
  • T1027.016 - Junk Code Insertion
  • T1080 - Taint Shared Content
  • T1027.004 - Compile After Delivery
  • T1005 - Data from Local System
  • T1027.015 - Compression
  • T1112 - Modify Registry
  • T1039 - Data from Network Shared Drive
  • T1105 - Ingress Tool Transfer
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1559.001 - Component Object Model
  • T1025 - Data from Removable Media
  • T1027.012 - LNK Icon Smuggling
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1218.011 - Rundll32
  • T1070.004 - File Deletion
  • T1001 - Data Obfuscation
  • T1568 - Dynamic Resolution
  • T1106 - Native API
  • T1027 - Obfuscated Files or Information
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

Mustang Panda

Score: 0.69
Matched TTPs:
  • T1082 - System Information Discovery
  • T1070 - Indicator Removal
  • T1622 - Debugger Evasion
  • T1140 - Deobfuscate/Decode Files or Information
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1608.001 - Upload Malware
  • T1574.001 - DLL
  • T1518 - Software Discovery
  • T1587.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
  • T1219.002 - Remote Desktop Software
  • T1027.016 - Junk Code Insertion
  • T1553.002 - Code Signing
  • T1176.002 - IDE Extensions
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1654 - Log Enumeration
  • T1105 - Ingress Tool Transfer
  • T1003 - OS Credential Dumping
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1678 - Delay Execution
  • T1583.006 - Web Services
  • T1027.012 - LNK Icon Smuggling
  • T1102 - Web Service
  • T1219.001 - IDE Tunneling
  • T1218.004 - InstallUtil
  • T1505.003 - Web Shell
  • T1046 - Network Service Discovery
  • T1070.004 - File Deletion
  • T1027 - Obfuscated Files or Information
  • T1106 - Native API
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.007 - Dynamic API Resolution
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1113 - Screen Capture
  • T1082 - System Information Discovery
  • T1056.001 - Keylogging
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
  • T1027.002 - Software Packing
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1059.001 - PowerShell
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1587.001 - Malware
  • T1055 - Process Injection
  • T1027.010 - Command Obfuscation
  • T1041 - Exfiltration Over C2 Channel
  • T1219.002 - Remote Desktop Software
  • T1620 - Reflective Code Loading
  • T1218.010 - Regsvr32
  • T1027.016 - Junk Code Insertion
  • T1553.002 - Code Signing
  • T1021.001 - Remote Desktop Protocol
  • T1005 - Data from Local System
  • T1040 - Network Sniffing
  • T1112 - Modify Registry
  • T1055.012 - Process Hollowing
  • T1105 - Ingress Tool Transfer
  • T1057 - Process Discovery
  • T1003.001 - LSASS Memory
  • T1012 - Query Registry
  • T1583.006 - Web Services
  • T1543.003 - Windows Service
  • T1027.012 - LNK Icon Smuggling
  • T1218.011 - Rundll32
  • T1505.003 - Web Shell
  • T1070.004 - File Deletion
  • T1102.001 - Dead Drop Resolver
  • T1027 - Obfuscated Files or Information
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1113 - Screen Capture
  • T1559.002 - Dynamic Data Exchange
  • T1056.001 - Keylogging
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090.002 - External Proxy
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1211 - Exploitation for Defense Evasion
  • T1546.015 - Component Object Model Hijacking
  • T1014 - Rootkit
  • T1005 - Data from Local System
  • T1040 - Network Sniffing
  • T1203 - Exploitation for Client Execution
  • T1036 - Masquerading
  • T1039 - Data from Network Shared Drive
  • T1021.002 - SMB/Windows Admin Shares
  • T1003 - OS Credential Dumping
  • T1057 - Process Discovery
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1025 - Data from Removable Media
  • T1583.006 - Web Services
  • T1218.011 - Rundll32
  • T1505.003 - Web Shell
  • T1070.004 - File Deletion
  • T1001.001 - Junk Data
  • T1137.002 - Office Test
  • T1189 - Drive-by Compromise
  • T1092 - Communication Through Removable Media
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Turla

Score: 0.57
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1016.001 - Internet Connection Discovery
  • T1090 - Proxy
  • T1082 - System Information Discovery
  • T1570 - Lateral Tool Transfer
  • T1553.006 - Code Signing Policy Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
  • T1059.001 - PowerShell
  • T1007 - System Service Discovery
  • T1587.001 - Malware
  • T1055 - Process Injection
  • T1027.010 - Command Obfuscation
  • T1090.001 - Internal Proxy
  • T1588.001 - Malware
  • T1005 - Data from Local System
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1112 - Modify Registry
  • T1134.002 - Create Process with Token
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1012 - Query Registry
  • T1583.006 - Web Services
  • T1025 - Data from Removable Media
  • T1102 - Web Service
  • T1547.004 - Winlogon Helper DLL
  • T1189 - Drive-by Compromise
  • T1106 - Native API
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

FIN7

Score: 0.57
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1113 - Screen Capture
  • T1559.002 - Dynamic Data Exchange
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1546.011 - Application Shimming
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1587.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1497.002 - User Activity Based Checks
  • T1027.010 - Command Obfuscation
  • T1620 - Reflective Code Loading
  • T1027.016 - Junk Code Insertion
  • T1553.002 - Code Signing
  • T1021.001 - Remote Desktop Protocol
  • T1005 - Data from Local System
  • T1105 - Ingress Tool Transfer
  • T1057 - Process Discovery
  • T1219 - Remote Access Tools
  • T1583.006 - Web Services
  • T1543.003 - Windows Service
  • T1218.011 - Rundll32
  • T1674 - Input Injection
  • T1569.002 - Service Execution
  • T1195.002 - Compromise Software Supply Chain
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

UNC3886

Score: 0.56
Matched TTPs:
  • T1037.004 - RC Scripts
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1562.001 - Disable or Modify Tools
  • T1059.001 - PowerShell
  • T1673 - Virtual Machine Discovery
  • T1190 - Exploit Public-Facing Application
  • T1587.001 - Malware
  • T1548 - Abuse Elevation Control Mechanism
  • T1564.011 - Ignore Process Interrupts
  • T1205.001 - Port Knocking
  • T1014 - Rootkit
  • T1588.001 - Malware
  • T1554 - Compromise Host Software Binary
  • T1040 - Network Sniffing
  • T1203 - Exploitation for Client Execution
  • T1057 - Process Discovery
  • T1003.001 - LSASS Memory
  • T1218.011 - Rundll32
  • T1505.006 - vSphere Installation Bundles
  • T1070.004 - File Deletion
  • T1212 - Exploitation for Credential Access
MITREへのリンク →

APT32

Score: 0.55
Matched TTPs:
  • T1082 - System Information Discovery
  • T1570 - Lateral Tool Transfer
  • T1056.001 - Keylogging
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1608.001 - Upload Malware
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1027.010 - Command Obfuscation
  • T1041 - Exfiltration Over C2 Channel
  • T1218.010 - Regsvr32
  • T1027.016 - Junk Code Insertion
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1036 - Masquerading
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1021.002 - SMB/Windows Admin Shares
  • T1003 - OS Credential Dumping
  • T1105 - Ingress Tool Transfer
  • T1003.001 - LSASS Memory
  • T1012 - Query Registry
  • T1583.006 - Web Services
  • T1543.003 - Windows Service
  • T1102 - Web Service
  • T1218.011 - Rundll32
  • T1505.003 - Web Shell
  • T1046 - Network Service Discovery
  • T1552.002 - Credentials in Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1569.002 - Service Execution
  • T1588.002 - Tool
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1036.003 - Rename Legitimate Utilities
  • T1047 - Windows Management Instrumentation
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る