Trusted Design

Aggressive Malware Pushers: Prolific Cyber Surfers Beware

概要

On April 19, Cyphort hardware sandbox trolled over a site www.49lou.com that served up 83 pieces of Windows executable files (EXE and DLL binaries) with zero user interaction. By now, most of the malware researchers are used to seeing drive-by infections that serve up a handful of malware, from droppers to payloads. However, getting 83 pieces in one shot is way too “generous” by any account and it surely peaked the interest of our researchers. For the security minded: How did this happen? What are those binary pieces? What does this tell us and what can we do for better protection? In this article, we share all our findings along these lines. - See more at: http://www.cyphort.com/aggressive-malware-pushers-prolific-cyber-surfers-beware/#sthash.x76DAv2g.dpuf

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 71.37
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1602 - Data from Configuration Repository
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1205 - Traffic Signaling
  • T1070.006 - Timestomp
  • T1677 - Poisoned Pipeline Execution
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1086 - PowerShell
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 18.73
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 36.31
Matched TTPs:
  • T1056.001 - Keylogging
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustang Panda

Score: 56.31
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1593.002 - Search Engines
  • T1677 - Poisoned Pipeline Execution
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
MITREへのリンク →

APT38

Score: 43.51
Matched TTPs:
  • T1602 - Data from Configuration Repository
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1675 - ESXi Administration Command
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 47.51
Matched TTPs:
  • T1602 - Data from Configuration Repository
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

Ember Bear

Score: 22.65
Matched TTPs:
  • T1602 - Data from Configuration Repository
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1668 - Exclusive Control
MITREへのリンク →

APT37

Score: 22.51
Matched TTPs:
  • T1602 - Data from Configuration Repository
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 17.14
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1136.002 - Domain Account
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

Volt Typhoon

Score: 35.60
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 12.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 9.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Elderwood

Score: 9.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 28.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 9.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 47.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT18

Score: 3.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 25.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1580 - Cloud Infrastructure Discovery
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 13.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 23.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1001.003 - Protocol or Service Impersonation
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 16.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT33

Score: 6.38
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 8.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 25.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 15.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1580 - Cloud Infrastructure Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 17.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 10.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 37.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 16.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 4.82
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Magic Hound

Score: 29.63
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1578.002 - Create Cloud Instance
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 13.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 10.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Tropic Trooper

Score: 26.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 6.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 31.58
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1016 - System Network Configuration Discovery
  • T1064 - Scripting
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
MITREへのリンク →

Whitefly

Score: 5.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 19.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 6.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 22.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 7.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 40.59
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 43.07
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1484 - Domain or Tenant Policy Modification
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 34.76
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1001.003 - Protocol or Service Impersonation
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 23.89
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 26.91
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Gamaredon Group

Score: 68.90
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1608 - Stage Capabilities
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1086 - PowerShell
  • T1546.017 - Udev Rules
MITREへのリンク →

Kimsuky

Score: 49.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1580 - Cloud Infrastructure Discovery
  • T1092 - Communication Through Removable Media
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 13.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Indrik Spider

Score: 9.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LuminousMoth

Score: 17.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 27.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1580 - Cloud Infrastructure Discovery
  • T1138 - Application Shimming
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Play

Score: 11.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 12.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1058 - Service Registry Permissions Weakness
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 22.16
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1558.005 - Ccache Files
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1070.009 - Clear Persistence
MITREへのリンク →

Ke3chang

Score: 12.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 38.30
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1205 - Traffic Signaling
  • T1092 - Communication Through Removable Media
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 6.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dragonfly

Score: 23.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 7.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 5.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 5.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 6.46
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

PLATINUM

Score: 6.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 12.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 16.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 8.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 10.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PROMETHIUM

Score: 4.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Star Blizzard

Score: 4.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Rancor

Score: 5.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 25.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001.003 - Protocol or Service Impersonation
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN4

Score: 5.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Cobalt Group

Score: 19.77
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 7.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Patchwork

Score: 25.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1580 - Cloud Infrastructure Discovery
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 4.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 12.62
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 23.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

SideCopy

Score: 8.89
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 5.67
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 16.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 30.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1580 - Cloud Infrastructure Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MuddyWater

Score: 30.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Naikon

Score: 3.40
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
MITREへのリンク →

Molerats

Score: 11.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 6.59
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

IndigoZebra

Score: 3.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 11.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 3.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 7.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 17.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1078 - Valid Accounts
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 11.77
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 31.97
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

DarkVishnya

Score: 7.32
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

Aquatic Panda

Score: 17.37
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BlackByte

Score: 26.23
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

Carbanak

Score: 5.18
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT3

Score: 19.95
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 8.96
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
MITREへのリンク →

Evilnum

Score: 7.33
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 8.64
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT1

Score: 8.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

Chimera

Score: 16.14
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Velvet Ant

Score: 7.66
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1597 - Search Closed Sources
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

GALLIUM

Score: 18.35
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 12.73
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BackdoorDiplomacy

Score: 9.58
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 12.09
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 14.50
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 8.27
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 7.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Storm-0501

Score: 11.07
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
  • T1204.001 - Malicious Link
MITREへのリンク →

INC Ransom

Score: 6.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 17.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HAFNIUM

Score: 11.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT5

Score: 12.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.009 - Clear Persistence
MITREへのリンク →

MoustachedBouncer

Score: 6.59
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Moafee

Score: 3.03
Matched TTPs:
  • T1580 - Cloud Infrastructure Discovery
MITREへのリンク →

Akira

Score: 4.83
Matched TTPs:
  • T1580 - Cloud Infrastructure Discovery
  • T1597 - Search Closed Sources
MITREへのリンク →

LAPSUS$

Score: 7.15
Matched TTPs:
  • T1136.002 - Domain Account
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

Deep Panda

Score: 7.42
Matched TTPs:
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Stealth Falcon

Score: 3.75
Matched TTPs:
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Leafminer

Score: 4.48
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81
Matched TTPs:
  • T1069.001 - Local Groups
  • T1583.006 - Web Services
  • T1606.002 - SAML Tokens
  • T1070.006 - Timestomp
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1606.001 - Web Cookies
  • T1547.002 - Authentication Package
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1086 - PowerShell
  • T1491.002 - External Defacement
  • T1070.008 - Clear Mailbox Data
  • T1602 - Data from Configuration Repository
  • T1547.013 - XDG Autostart Entries
  • T1570 - Lateral Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1558.005 - Ccache Files
  • T1597 - Search Closed Sources
  • T1598.003 - Spearphishing Link
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
  • T1174 - Password Filter DLL
  • T1677 - Poisoned Pipeline Execution
  • T1218.010 - Regsvr32
  • T1132.001 - Standard Encoding
  • T1205 - Traffic Signaling
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Gamaredon Group

Score: 0.79
Matched TTPs:
  • T1583.006 - Web Services
  • T1059.013 - Container CLI/API
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1606.001 - Web Cookies
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1086 - PowerShell
  • T1608 - Stage Capabilities
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1542.004 - ROMMONkit
  • T1552.005 - Cloud Instance Metadata API
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
  • T1598.003 - Spearphishing Link
  • T1061 - Graphical User Interface
  • T1059.011 - Lua
  • T1546.017 - Udev Rules
  • T1562.009 - Safe Mode Boot
  • T1092 - Communication Through Removable Media
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1058 - Service Registry Permissions Weakness
  • T1591.003 - Identify Business Tempo
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1583.006 - Web Services
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1608 - Stage Capabilities
  • T1547.013 - XDG Autostart Entries
  • T1136.001 - Local Account
  • T1159 - Launch Agent
  • T1003 - OS Credential Dumping
  • T1059.010 - AutoHotKey & AutoIT
  • T1569.001 - Launchctl
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1092 - Communication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1218.010 - Regsvr32
  • T1593.002 - Search Engines
  • T1091 - Replication Through Removable Media
  • T1058 - Service Registry Permissions Weakness
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Sandworm Team

Score: 0.60
Matched TTPs:
  • T1204.001 - Malicious Link
  • T1606.002 - SAML Tokens
  • T1075 - Pass the Hash
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1005 - Data from Local System
  • T1070.009 - Clear Persistence
  • T1602 - Data from Configuration Repository
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1049 - System Network Connections Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.010 - AutoHotKey & AutoIT
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT28

Score: 0.59
Matched TTPs:
  • T1583.006 - Web Services
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1491.002 - External Defacement
  • T1547.013 - XDG Autostart Entries
  • T1542.004 - ROMMONkit
  • T1552.005 - Cloud Instance Metadata API
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.010 - AutoHotKey & AutoIT
  • T1499.001 - OS Exhaustion Flood
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.003 - Spearphishing via Service
  • T1059.012 - Hypervisor CLI
  • T1055.008 - Ptrace System Calls
  • T1218.010 - Regsvr32
  • T1548.004 - Elevated Execution with Prompt
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Kimsuky

Score: 0.58
Matched TTPs:
  • T1583.006 - Web Services
  • T1606.002 - SAML Tokens
  • T1027.014 - Polymorphic Code
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1608 - Stage Capabilities
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1537 - Transfer Data to Cloud Account
  • T1580 - Cloud Infrastructure Discovery
  • T1597 - Search Closed Sources
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.011 - Lua
  • T1176.001 - Browser Extensions
  • T1092 - Communication Through Removable Media
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る