Trusted Design

Stegoloader: A Stealthy Information Stealer

概要

Malware authors are evolving their techniques to evade network and host-based detection mechanisms. Stegoloader could represent an emerging trend in malware: the use of digital steganography to hide malicious code. The Stegoloader malware family (also known as Win32/Gatak.DR and TSPY_GATAK.GTK despite not sharing any similarities with the Gataka banking trojan) was first identified at the end of 2013 and has attracted little public attention. Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers have analyzed multiple variants of this malware, which stealthily steals information from compromised systems. Stegoloader's modular design allows its operator to deploy modules as necessary, limiting the exposure of the malware capabilities during investigations and reverse engineering analysis. The modules analyzed by CTU researchers list recently accessed documents, enumerate installed programs, list recently visited websites, steal passwords, and steal installation files for the IDA tool.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 75.45
Matched TTPs:
  • T1218.011 - Rundll32
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1102 - Web Service
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

FIN7

Score: 42.15
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 21.01
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Kimsuky

Score: 90.31
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1027.001 - Binary Padding
  • T1027.016 - Junk Code Insertion
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1587 - Develop Capabilities
  • T1680 - Local Storage Discovery
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 39.98
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1027.005 - Indicator Removal from Tools
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1070.004 - File Deletion
MITREへのリンク →

Carbanak

Score: 8.25
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT3

Score: 23.95
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1027.005 - Indicator Removal from Tools
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 40.55
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA551

Score: 13.33
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 18.73
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

Wizard Spider

Score: 36.41
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1569.002 - Service Execution
  • T1055.001 - Dynamic-link Library Injection
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT32

Score: 49.33
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Lazarus Group

Score: 72.47
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1680 - Local Storage Discovery
  • T1055.001 - Dynamic-link Library Injection
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 29.54
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

CopyKittens

Score: 5.18
Matched TTPs:
  • T1218.011 - Rundll32
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

APT41

Score: 49.61
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sandworm Team

Score: 49.10
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT28

Score: 62.14
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1001.001 - Junk Data
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

HAFNIUM

Score: 23.56
Matched TTPs:
  • T1218.011 - Rundll32
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 48.06
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1565.003 - Runtime Data Manipulation
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Daggerfly

Score: 20.09
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RedCurl

Score: 24.40
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1573.002 - Asymmetric Cryptography
  • T1059.006 - Python
  • T1070.004 - File Deletion
MITREへのリンク →

LazyScripter

Score: 16.52
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aquatic Panda

Score: 25.96
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 23.64
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
  • T1490 - Inhibit System Recovery
MITREへのリンク →

MuddyWater

Score: 41.95
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 24.10
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 59.58
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1027.005 - Indicator Removal from Tools
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Ember Bear

Score: 29.75
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1588.005 - Exploits
MITREへのリンク →

APT39

Score: 32.66
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Poseidon Group

Score: 7.77
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 62.11
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tonto Team

Score: 9.73
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 39.20
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1614.001 - System Language Discovery
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sowbug

Score: 6.76
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Axiom

Score: 26.59
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

Leviathan

Score: 44.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1027.001 - Binary Padding
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

Contagious Interview

Score: 50.69
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1204.005 - Malicious Library
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
MITREへのリンク →

Inception

Score: 17.41
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 6.20
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Elderwood

Score: 8.47
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 23.95
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 6.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 3.75
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sidewinder

Score: 15.55
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 17.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

APT33

Score: 11.17
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 11.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Higaisa

Score: 20.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.001 - Binary Padding
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1680 - Local Storage Discovery
  • T1027.015 - Compression
MITREへのリンク →

Fox Kitten

Score: 17.92
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1102 - Web Service
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 42.24
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 25.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 14.92
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Storm-1811

Score: 10.63
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tropic Trooper

Score: 36.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1221 - Template Injection
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Mofang

Score: 5.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Whitefly

Score: 6.88
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 25.23
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 6.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 37.62
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1610 - Deploy Container
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

Metador

Score: 9.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 6.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

OilRig

Score: 48.67
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 35.07
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1055.002 - Portable Executable Injection
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Mustard Tempest

Score: 14.73
Matched TTPs:
  • T1583.008 - Malvertising
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 18.20
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 42.98
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1027.001 - Binary Padding
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 25.31
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1087 - Account Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

Dragonfly

Score: 33.40
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1564.002 - Hidden Users
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 31.45
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Agrius

Score: 11.55
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT5

Score: 18.02
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1070 - Indicator Removal
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

Volt Typhoon

Score: 44.64
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1587.004 - Exploits
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 35.47
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1027.001 - Binary Padding
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT42

Score: 16.58
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Indrik Spider

Score: 19.86
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1136 - Create Account
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 7.86
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 29.88
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1027.001 - Binary Padding
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

admin@338

Score: 5.94
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Earth Lusca

Score: 37.68
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

BackdoorDiplomacy

Score: 13.64
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Akira

Score: 12.62
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.001 - Binary Padding
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
MITREへのリンク →

Naikon

Score: 5.56
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Chimera

Score: 25.72
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1680 - Local Storage Discovery
MITREへのリンク →

PROMETHIUM

Score: 5.63
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1189 - Drive-by Compromise
MITREへのリンク →

INC Ransom

Score: 15.62
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

LuminousMoth

Score: 12.85
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 9.32
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 8.48
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

Velvet Ant

Score: 16.40
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Silence

Score: 13.48
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

ToddyCat

Score: 11.25
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1680 - Local Storage Discovery
MITREへのリンク →

SideCopy

Score: 11.05
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 7.31
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Salt Typhoon

Score: 8.26
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

Play

Score: 16.17
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RTM

Score: 7.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 6.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gallmaker

Score: 3.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

DarkHydrus

Score: 7.19
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
  • T1221 - Template Injection
MITREへのリンク →

PLATINUM

Score: 12.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

HEXANE

Score: 19.59
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 25.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

APT37

Score: 22.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Rancor

Score: 7.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Cobalt Group

Score: 26.00
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN6

Score: 14.35
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
MITREへのリンク →

Nomadic Octopus

Score: 6.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 14.14
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 15.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Molerats

Score: 11.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 7.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 11.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

BlackTech

Score: 9.49
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Windshift

Score: 13.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 49.56
Matched TTPs:
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

Cinnamon Tempest

Score: 13.20
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Evilnum

Score: 7.33
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 18.86
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Winter Vivern

Score: 11.39
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Sea Turtle

Score: 15.26
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Volatile Cedar

Score: 6.38
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moafee

Score: 3.03
Matched TTPs:
  • T1027.001 - Binary Padding
MITREへのリンク →

LAPSUS$

Score: 14.72
Matched TTPs:
  • T1593.003 - Code Repositories
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
MITREへのリンク →

Deep Panda

Score: 13.10
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1027.005 - Indicator Removal from Tools
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
MITREへのリンク →

Scattered Spider

Score: 19.38
Matched TTPs:
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1136 - Create Account
  • T1105 - Ingress Tool Transfer
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Stealth Falcon

Score: 3.75
Matched TTPs:
  • T1057 - Process Discovery
  • T1012 - Query Registry
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.78
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1057 - Process Discovery
  • T1059.006 - Python
  • T1176.001 - Browser Extensions
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1102.002 - Bidirectional Communication
  • T1218.011 - Rundll32
  • T1102.001 - Dead Drop Resolver
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1588.005 - Exploits
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1657 - Financial Theft
  • T1112 - Modify Registry
  • T1566 - Phishing
  • T1518.001 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1007 - System Service Discovery
  • T1587.001 - Malware
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.012 - LNK Icon Smuggling
  • T1587 - Develop Capabilities
  • T1027.001 - Binary Padding
  • T1055 - Process Injection
  • T1105 - Ingress Tool Transfer
  • T1027.002 - Software Packing
  • T1543.003 - Windows Service
  • T1012 - Query Registry
  • T1680 - Local Storage Discovery
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1564.003 - Hidden Window
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1102.003 - One-Way Communication
  • T1057 - Process Discovery
  • T1027.004 - Compile After Delivery
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1102.002 - Bidirectional Communication
  • T1218.011 - Rundll32
  • T1001 - Data Obfuscation
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1497.001 - System Checks
  • T1112 - Modify Registry
  • T1025 - Data from Removable Media
  • T1102 - Web Service
  • T1518.001 - Security Software Discovery
  • T1221 - Template Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.012 - LNK Icon Smuggling
  • T1027.015 - Compression
  • T1055 - Process Injection
  • T1105 - Ingress Tool Transfer
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1564.003 - Hidden Window
MITREへのリンク →

Lazarus Group

Score: 0.67
Matched TTPs:
  • T1218 - System Binary Proxy Execution
  • T1057 - Process Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1218.011 - Rundll32
  • T1055.001 - Dynamic-link Library Injection
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1583.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1027.009 - Embedded Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1587.001 - Malware
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1070 - Indicator Removal
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
  • T1543.003 - Windows Service
  • T1027.007 - Dynamic API Resolution
  • T1012 - Query Registry
  • T1680 - Local Storage Discovery
  • T1574.013 - KernelCallbackTable
  • T1070.004 - File Deletion
  • T1010 - Application Window Discovery
MITREへのリンク →

Turla

Score: 0.63
Matched TTPs:
  • T1057 - Process Discovery
  • T1564.012 - File/Path Exclusions
  • T1059.006 - Python
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1055.001 - Dynamic-link Library Injection
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1583.006 - Web Services
  • T1112 - Modify Registry
  • T1025 - Data from Removable Media
  • T1102 - Web Service
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1140 - Deobfuscate/Decode Files or Information
  • T1007 - System Service Discovery
  • T1587.001 - Malware
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1105 - Ingress Tool Transfer
  • T1012 - Query Registry
  • T1027.005 - Indicator Removal from Tools
  • T1584.006 - Web Services
MITREへのリンク →

APT28

Score: 0.62
Matched TTPs:
  • T1057 - Process Discovery
  • T1589.001 - Credentials
  • T1027.013 - Encrypted/Encoded File
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1218.011 - Rundll32
  • T1203 - Exploitation for Client Execution
  • T1001.001 - Junk Data
  • T1190 - Exploit Public-Facing Application
  • T1014 - Rootkit
  • T1583.006 - Web Services
  • T1025 - Data from Removable Media
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1036 - Masquerading
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1546.015 - Component Object Model Hijacking
  • T1105 - Ingress Tool Transfer
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1564.003 - Hidden Window
  • T1003 - OS Credential Dumping
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1057 - Process Discovery
  • T1678 - Delay Execution
  • T1574.001 - DLL
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1203 - Exploitation for Client Execution
  • T1622 - Debugger Evasion
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1102 - Web Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1587.001 - Malware
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1070 - Indicator Removal
  • T1027.012 - LNK Icon Smuggling
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1176.002 - IDE Extensions
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1518 - Software Discovery
  • T1003 - OS Credential Dumping
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る