Trusted Design

Stegoloader: A Stealthy Information Stealer

概要

Malware authors are evolving their techniques to evade network and host-based detection mechanisms. Stegoloader could represent an emerging trend in malware: the use of digital steganography to hide malicious code. The Stegoloader malware family (also known as Win32/Gatak.DR and TSPY_GATAK.GTK despite not sharing any similarities with the Gataka banking trojan) was first identified at the end of 2013 and has attracted little public attention. Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers have analyzed multiple variants of this malware, which stealthily steals information from compromised systems. Stegoloader's modular design allows its operator to deploy modules as necessary, limiting the exposure of the malware capabilities during investigations and reverse engineering analysis. The modules analyzed by CTU researchers list recently accessed documents, enumerate installed programs, list recently visited websites, steal passwords, and steal installation files for the IDA tool.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 75.45
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1612 - Build Image on Host
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1554 - Compromise Host Software Binary
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 42.15
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT19

Score: 21.01
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Kimsuky

Score: 90.31
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1580 - Cloud Infrastructure Discovery
  • T1092 - Communication Through Removable Media
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1126 - Network Share Connection Removal
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 39.98
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
MITREへのリンク →

Carbanak

Score: 8.25
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT3

Score: 23.95
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 40.55
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 13.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 18.73
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Wizard Spider

Score: 36.41
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.007 - Dynamic API Resolution
  • T1587 - Develop Capabilities
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 49.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lazarus Group

Score: 72.47
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1587 - Develop Capabilities
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 29.54
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

CopyKittens

Score: 5.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

APT41

Score: 49.61
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1177 - LSASS Driver
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

Sandworm Team

Score: 49.10
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 62.14
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1564.004 - NTFS File Attributes
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HAFNIUM

Score: 23.56
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 48.06
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1675 - ESXi Administration Command
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Daggerfly

Score: 20.09
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedCurl

Score: 24.40
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
MITREへのリンク →

LazyScripter

Score: 16.52
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 25.96
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 23.64
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 41.95
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 24.10
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Turla

Score: 59.58
Matched TTPs:
  • T1056.001 - Keylogging
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1059.004 - Unix Shell
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Ember Bear

Score: 29.75
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1003.003 - NTDS
MITREへのリンク →

APT39

Score: 32.66
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Poseidon Group

Score: 7.77
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Mustang Panda

Score: 62.11
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Tonto Team

Score: 9.73
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 39.20
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

Sowbug

Score: 6.76
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1542.004 - ROMMONkit
MITREへのリンク →

Axiom

Score: 26.59
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 44.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1580 - Cloud Infrastructure Discovery
  • T1204 - User Execution
  • T1554 - Compromise Host Software Binary
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 50.69
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1016 - System Network Configuration Discovery
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Inception

Score: 17.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 6.20
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Elderwood

Score: 8.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 23.95
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 6.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 3.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 15.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 17.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT33

Score: 11.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 11.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 20.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1580 - Cloud Infrastructure Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1665 - Hide Infrastructure
  • T1546.017 - Udev Rules
MITREへのリンク →

Fox Kitten

Score: 17.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1612 - Build Image on Host
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 42.24
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 25.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 14.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
  • T1587 - Develop Capabilities
MITREへのリンク →

Storm-1811

Score: 10.63
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 36.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1587 - Develop Capabilities
MITREへのリンク →

Mofang

Score: 5.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Whitefly

Score: 6.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 25.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 6.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 37.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1071.003 - Mail Protocols
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

Metador

Score: 9.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Putter Panda

Score: 6.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
MITREへのリンク →

OilRig

Score: 48.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 35.07
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1114.003 - Email Forwarding Rule
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Mustard Tempest

Score: 14.73
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 18.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 42.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1580 - Cloud Infrastructure Discovery
  • T1177 - LSASS Driver
  • T1138 - Application Shimming
  • T1608.005 - Link Target
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 25.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Dragonfly

Score: 33.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1654 - Log Enumeration
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 31.45
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Agrius

Score: 11.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
MITREへのリンク →

APT5

Score: 18.02
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1677 - Poisoned Pipeline Execution
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
MITREへのリンク →

Volt Typhoon

Score: 44.64
Matched TTPs:
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1488 - Disk Content Wipe
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

BRONZE BUTLER

Score: 35.47
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1580 - Cloud Infrastructure Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT42

Score: 16.58
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Indrik Spider

Score: 19.86
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 7.86
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 29.88
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1580 - Cloud Infrastructure Discovery
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1008 - Fallback Channels
MITREへのリンク →

admin@338

Score: 5.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

Earth Lusca

Score: 37.68
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

BackdoorDiplomacy

Score: 13.64
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Akira

Score: 12.62
Matched TTPs:
  • T1218.013 - Mavinject
  • T1580 - Cloud Infrastructure Discovery
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
MITREへのリンク →

Naikon

Score: 5.56
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1506 - Web Session Cookie
MITREへのリンク →

Chimera

Score: 25.72
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1665 - Hide Infrastructure
MITREへのリンク →

PROMETHIUM

Score: 5.63
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

INC Ransom

Score: 15.62
Matched TTPs:
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LuminousMoth

Score: 12.85
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 9.32
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT1

Score: 8.48
Matched TTPs:
  • T1218.013 - Mavinject
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

Velvet Ant

Score: 16.40
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Silence

Score: 13.48
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

ToddyCat

Score: 11.25
Matched TTPs:
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1665 - Hide Infrastructure
MITREへのリンク →

SideCopy

Score: 11.05
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 7.31
Matched TTPs:
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Salt Typhoon

Score: 8.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 16.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

RTM

Score: 7.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 6.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gallmaker

Score: 3.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.011 - Lua
MITREへのリンク →

DarkHydrus

Score: 7.19
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 12.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 19.59
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 25.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1027.017 - SVG Smuggling
  • T1612 - Build Image on Host
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
MITREへのリンク →

APT37

Score: 22.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Rancor

Score: 7.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1204 - User Execution
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 4.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Cobalt Group

Score: 26.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 14.35
Matched TTPs:
  • T1087.002 - Domain Account
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Nomadic Octopus

Score: 6.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 14.14
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 15.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 11.09
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

The White Company

Score: 7.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 11.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackTech

Score: 9.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Windshift

Score: 13.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 49.56
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Cinnamon Tempest

Score: 13.20
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 7.33
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 18.86
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 11.39
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 15.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Volatile Cedar

Score: 6.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moafee

Score: 3.03
Matched TTPs:
  • T1580 - Cloud Infrastructure Discovery
MITREへのリンク →

LAPSUS$

Score: 14.72
Matched TTPs:
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1601 - Modify System Image
  • T1592.003 - Firmware
MITREへのリンク →

Deep Panda

Score: 13.10
Matched TTPs:
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Scattered Spider

Score: 19.38
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1498 - Network Denial of Service
  • T1547.013 - XDG Autostart Entries
  • T1204.001 - Malicious Link
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Stealth Falcon

Score: 3.75
Matched TTPs:
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1126 - Network Share Connection Removal
  • T1580 - Cloud Infrastructure Discovery
  • T1654 - Log Enumeration
  • T1003.007 - Proc Filesystem
  • T1070.009 - Clear Persistence
  • T1526 - Cloud Service Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1608.005 - Link Target
  • T1665 - Hide Infrastructure
  • T1091 - Replication Through Removable Media
  • T1570 - Lateral Tool Transfer
  • T1553.004 - Install Root Certificate
  • T1059.011 - Lua
  • T1213.006 - Databases
  • T1059.009 - Cloud API
  • T1684 - Social Engineering
  • T1092 - Communication Through Removable Media
  • T1552.003 - Shell History
  • T1176.001 - Browser Extensions
  • T1601.001 - Patch System Image
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1583.006 - Web Services
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1537 - Transfer Data to Cloud Account
  • T1608 - Stage Capabilities
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1583 - Acquire Infrastructure
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1506 - Web Session Cookie
  • T1547.002 - Authentication Package
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1552.005 - Cloud Instance Metadata API
  • T1546.017 - Udev Rules
  • T1554 - Compromise Host Software Binary
  • T1070.009 - Clear Persistence
  • T1606.001 - Web Cookies
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.009 - Safe Mode Boot
  • T1608.005 - Link Target
  • T1542.004 - ROMMONkit
  • T1091 - Replication Through Removable Media
  • T1200 - Hardware Additions
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1553.004 - Install Root Certificate
  • T1059.011 - Lua
  • T1059.009 - Cloud API
  • T1684 - Social Engineering
  • T1092 - Communication Through Removable Media
  • T1601.001 - Patch System Image
  • T1583.006 - Web Services
  • T1218.013 - Mavinject
  • T1547.013 - XDG Autostart Entries
  • T1608 - Stage Capabilities
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1583 - Acquire Infrastructure
  • T1061 - Graphical User Interface
  • T1506 - Web Session Cookie
  • T1612 - Build Image on Host
  • T1547.002 - Authentication Package
MITREへのリンク →

Lazarus Group

Score: 0.67
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1597 - Search Closed Sources
  • T1070.008 - Clear Mailbox Data
  • T1070.009 - Clear Persistence
  • T1606.001 - Web Cookies
  • T1059.010 - AutoHotKey & AutoIT
  • T1069.001 - Local Groups
  • T1546.016 - Installer Packages
  • T1608.005 - Link Target
  • T1070.006 - Timestomp
  • T1665 - Hide Infrastructure
  • T1089 - Disabling Security Tools
  • T1570 - Lateral Tool Transfer
  • T1174 - Password Filter DLL
  • T1176.001 - Browser Extensions
  • T1583.006 - Web Services
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
  • T1087.002 - Domain Account
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1132.001 - Standard Encoding
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587 - Develop Capabilities
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Turla

Score: 0.63
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1597 - Search Closed Sources
  • T1552.005 - Cloud Instance Metadata API
  • T1059.012 - Hypervisor CLI
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1204 - User Execution
  • T1546.016 - Installer Packages
  • T1608.005 - Link Target
  • T1570 - Lateral Tool Transfer
  • T1059.009 - Cloud API
  • T1684 - Social Engineering
  • T1059.004 - Unix Shell
  • T1601.001 - Patch System Image
  • T1583.006 - Web Services
  • T1606.002 - SAML Tokens
  • T1218.013 - Mavinject
  • T1547.013 - XDG Autostart Entries
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1056.001 - Keylogging
  • T1027.004 - Compile After Delivery
  • T1587 - Develop Capabilities
  • T1506 - Web Session Cookie
  • T1547.002 - Authentication Package
  • T1136.002 - Domain Account
MITREへのリンク →

APT28

Score: 0.62
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.004 - NTFS File Attributes
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.005 - Cloud Instance Metadata API
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1566.003 - Spearphishing via Service
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
  • T1200 - Hardware Additions
  • T1553.004 - Install Root Certificate
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
  • T1218.013 - Mavinject
  • T1548.004 - Elevated Execution with Prompt
  • T1547.013 - XDG Autostart Entries
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1204 - User Execution
  • T1608.005 - Link Target
  • T1089 - Disabling Security Tools
  • T1597.002 - Purchase Technical Data
  • T1091 - Replication Through Removable Media
  • T1159 - Launch Agent
  • T1059.011 - Lua
  • T1169 - Sudo
  • T1092 - Communication Through Removable Media
  • T1583.006 - Web Services
  • T1136.001 - Local Account
  • T1606.002 - SAML Tokens
  • T1218.013 - Mavinject
  • T1547.013 - XDG Autostart Entries
  • T1608 - Stage Capabilities
  • T1087.002 - Domain Account
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1071.001 - Web Protocols
  • T1612 - Build Image on Host
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る