Trusted Design

Sakula Malware Family

概要

Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers analyzed multiple versions of a remote access trojan (RAT) named Sakula (also known as Sakurel and VIPER). The RAT, which according to compile timestamps first surfaced in November 2012, has been used in targeted intrusions through 2015. Sakula enables an adversary to run interactive commands as well as to download and execute additional components. Sakula uses HTTP GET and POST communication for command and control (C2). Network communication is obfuscated with single-byte XOR encoding. Sakula also leverages single-byte XOR encoding to obfuscate various strings and files embedded in the resource section, which are subsequently used for User Account Control (UAC) bypass on both 32 and 64-bit systems. Most samples maintain persistence through a registry Run key, although some samples configure themselves as a service.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 38.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

menuPass

Score: 48.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Wizard Spider

Score: 70.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 21.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Fox Kitten

Score: 44.56
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.004 - SSH
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1546.008 - Accessibility Features
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Volt Typhoon

Score: 75.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1552 - Unsecured Credentials
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1552.004 - Private Keys
  • T1003.001 - LSASS Memory
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 15.60
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Mustang Panda

Score: 97.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1072 - Software Deployment Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 29.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Chimera

Score: 58.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1070.006 - Timestomp
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Gallmaker

Score: 4.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sea Turtle

Score: 14.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1071.001 - Web Protocols
  • T1078.003 - Local Accounts
MITREへのリンク →

APT39

Score: 70.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1059.010 - AutoHotKey & AutoIT
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 34.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1573.002 - Asymmetric Cryptography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

APT5

Score: 38.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.004 - SSH
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1070 - Indicator Removal
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 28.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

GALLIUM

Score: 35.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 75.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1546.008 - Accessibility Features
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1008 - Fallback Channels
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 65.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 92.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1070.006 - Timestomp
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1137.002 - Office Test
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1001.001 - Junk Data
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Turla

Score: 88.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.011 - Fileless Storage
  • T1564.012 - File/Path Exclusions
  • T1546.013 - PowerShell Profile
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

Sowbug

Score: 10.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1082 - System Information Discovery
  • T1039 - Data from Network Shared Drive
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BRONZE BUTLER

Score: 47.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1053.002 - At
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 63.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1014 - Rootkit
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1070.006 - Timestomp
  • T1681 - Search Threat Vendor Data
  • T1003.001 - LSASS Memory
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1037.004 - RC Scripts
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

Kimsuky

Score: 93.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1027.016 - Junk Code Insertion
  • T1036.004 - Masquerade Task or Service
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1587 - Develop Capabilities
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

APT3

Score: 42.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1021.002 - SMB/Windows Admin Shares
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN8

Score: 39.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Ke3chang

Score: 51.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Lotus Blossom

Score: 16.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 51.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 48.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Magic Hound

Score: 68.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 41.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 23.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 14.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ToddyCat

Score: 19.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cinnamon Tempest

Score: 15.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 74.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1559.001 - Component Object Model
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1072 - Software Deployment Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Gamaredon Group

Score: 79.62
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1559.001 - Component Object Model
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1102 - Web Service
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

APT32

Score: 82.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.011 - Fileless Storage
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1072 - Software Deployment Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Leviathan

Score: 49.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1041 - Exfiltration Over C2 Channel
  • T1218.010 - Regsvr32
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 38.03
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1037.004 - RC Scripts
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN7

Score: 70.51
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

Blue Mockingbird

Score: 25.55
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 10.74
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1036.004 - Masquerade Task or Service
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 118.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1070.006 - Timestomp
  • T1620 - Reflective Code Loading
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1134.002 - Create Process with Token
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sandworm Team

Score: 78.57
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1584.005 - Botnet
  • T1072 - Software Deployment Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Indrik Spider

Score: 33.67
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1136 - Create Account
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 28.44
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Stealth Falcon

Score: 15.02
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
MITREへのリンク →

APT29

Score: 59.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1037.004 - RC Scripts
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

OilRig

Score: 74.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1021.004 - SSH
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Windshift

Score: 21.99
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 35.00
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Deep Panda

Score: 14.33
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 62.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 28.90
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547 - Boot or Logon Autostart Execution
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 42.21
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
MITREへのリンク →

BlackByte

Score: 53.93
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1614.001 - System Language Discovery
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT38

Score: 58.88
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1565.003 - Runtime Data Manipulation
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Moonstone Sleet

Score: 32.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 27.25
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 22.98
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN10

Score: 11.30
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

APT37

Score: 33.47
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Tropic Trooper

Score: 39.61
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

ZIRCONIUM

Score: 32.87
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Patchwork

Score: 29.58
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

LuminousMoth

Score: 19.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 25.55
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Dragonfly

Score: 50.51
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1059 - Command and Scripting Interpreter
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Storm-1811

Score: 38.92
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 24.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

TA577

Score: 4.80
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Poseidon Group

Score: 7.77
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Tonto Team

Score: 16.98
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Suckfly

Score: 3.55
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Storm-0501

Score: 36.43
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1552.004 - Private Keys
  • T1021.006 - Windows Remote Management
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
  • T1027.002 - Software Packing
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Axiom

Score: 26.40
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

Contagious Interview

Score: 48.27
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Inception

Score: 18.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 15.75
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 8.47
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 24.86
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Transparent Tribe

Score: 6.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 10.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

Saint Bear

Score: 16.84
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
MITREへのリンク →

BITTER

Score: 14.38
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 25.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Higaisa

Score: 27.07
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 10.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Mofang

Score: 5.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Whitefly

Score: 10.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 11.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 53.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1552.004 - Private Keys
  • T1136.001 - Local Account
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 12.03
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 50.87
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.004 - SSH
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1070.006 - Timestomp
  • T1552.004 - Private Keys
  • T1055.002 - Portable Executable Injection
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Daggerfly

Score: 23.07
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1136.001 - Local Account
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN5

Score: 10.76
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 16.47
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 11.40
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 9.05
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

admin@338

Score: 8.10
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

PROMETHIUM

Score: 10.39
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Machete

Score: 10.27
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 11.01
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Silence

Score: 30.85
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1072 - Software Deployment Tools
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

SideCopy

Score: 14.55
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 12.85
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Salt Typhoon

Score: 20.81
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1588.002 - Tool
  • T1136 - Create Account
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Aoqin Dragon

Score: 11.70
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Cleaver

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RTM

Score: 10.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 6.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 17.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 13.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1003.001 - LSASS Memory
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 13.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 15.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Rancor

Score: 9.83
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 6.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
  • T1071.001 - Web Protocols
MITREへのリンク →

Cobalt Group

Score: 32.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

EXOTIC LILY

Score: 9.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Nomadic Octopus

Score: 4.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 18.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 17.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Molerats

Score: 11.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 10.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1124 - System Time Discovery
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 8.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 10.86
Matched TTPs:
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

DarkVishnya

Score: 12.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

Evilnum

Score: 10.26
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 38.59
Matched TTPs:
  • T1021.004 - SSH
  • T1082 - System Information Discovery
  • T1552.004 - Private Keys
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Windigo

Score: 9.50
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

LAPSUS$

Score: 23.34
Matched TTPs:
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1552.008 - Chat Messages
  • T1588.002 - Tool
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1003.003 - NTDS
MITREへのリンク →

GOLD SOUTHFIELD

Score: 8.85
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Volatile Cedar

Score: 4.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MoustachedBouncer

Score: 6.59
Matched TTPs:
  • T1659 - Content Injection
  • T1027.002 - Software Packing
MITREへのリンク →

Threat Group-1314

Score: 6.17
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1072 - Software Deployment Tools
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Orangeworm

Score: 3.12
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.001 - Web Protocols
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Thrip

Score: 6.52
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

RedEcho

Score: 3.93
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.80
Matched TTPs:
  • T1070.006 - Timestomp
  • T1588.002 - Tool
  • T1074.001 - Local Data Staging
  • T1584.004 - Server
  • T1010 - Application Window Discovery
  • T1090.002 - External Proxy
  • T1027.007 - Dynamic API Resolution
  • T1543.003 - Windows Service
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1202 - Indirect Command Execution
  • T1583.006 - Web Services
  • T1021.001 - Remote Desktop Protocol
  • T1057 - Process Discovery
  • T1134.002 - Create Process with Token
  • T1218 - System Binary Proxy Execution
  • T1106 - Native API
  • T1082 - System Information Discovery
  • T1529 - System Shutdown/Reboot
  • T1547.009 - Shortcut Modification
  • T1070.004 - File Deletion
  • T1021.002 - SMB/Windows Admin Shares
  • T1562.001 - Disable or Modify Tools
  • T1021.004 - SSH
  • T1574.013 - KernelCallbackTable
  • T1071.001 - Web Protocols
  • T1036.003 - Rename Legitimate Utilities
  • T1620 - Reflective Code Loading
  • T1027.013 - Encrypted/Encoded File
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1008 - Fallback Channels
  • T1070 - Indicator Removal
  • T1102.002 - Bidirectional Communication
  • T1036.004 - Masquerade Task or Service
  • T1090.001 - Internal Proxy
  • T1033 - System Owner/User Discovery
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Mustang Panda

Score: 0.68
Matched TTPs:
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1003.003 - NTDS
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1074.001 - Local Data Staging
  • T1219.002 - Remote Desktop Software
  • T1027.007 - Dynamic API Resolution
  • T1587.001 - Malware
  • T1678 - Delay Execution
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1082 - System Information Discovery
  • T1072 - Software Deployment Tools
  • T1027.016 - Junk Code Insertion
  • T1070.004 - File Deletion
  • T1027.012 - LNK Icon Smuggling
  • T1003 - OS Credential Dumping
  • T1219.001 - IDE Tunneling
  • T1176.002 - IDE Extensions
  • T1518 - Software Discovery
  • T1071.001 - Web Protocols
  • T1102 - Web Service
  • T1105 - Ingress Tool Transfer
  • T1574.001 - DLL
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1070 - Indicator Removal
  • T1608.001 - Upload Malware
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1560.001 - Archive via Utility
  • T1027 - Obfuscated Files or Information
  • T1608 - Stage Capabilities
MITREへのリンク →

Turla

Score: 0.68
Matched TTPs:
  • T1584.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1584.004 - Server
  • T1059.006 - Python
  • T1587.001 - Malware
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1007 - System Service Discovery
  • T1583.006 - Web Services
  • T1025 - Data from Removable Media
  • T1057 - Process Discovery
  • T1134.002 - Create Process with Token
  • T1027.011 - Fileless Storage
  • T1106 - Native API
  • T1082 - System Information Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1078.003 - Local Accounts
  • T1562.001 - Disable or Modify Tools
  • T1588.001 - Malware
  • T1546.013 - PowerShell Profile
  • T1071.001 - Web Protocols
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1102 - Web Service
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1564.012 - File/Path Exclusions
  • T1102.002 - Bidirectional Communication
  • T1055 - Process Injection
  • T1090.001 - Internal Proxy
  • T1560.001 - Archive via Utility
MITREへのリンク →

APT28

Score: 0.65
Matched TTPs:
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1003.003 - NTDS
  • T1588.002 - Tool
  • T1584.008 - Network Devices
  • T1074.001 - Local Data Staging
  • T1589.001 - Credentials
  • T1090.002 - External Proxy
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1211 - Exploitation for Defense Evasion
  • T1546.015 - Component Object Model Hijacking
  • T1669 - Wi-Fi Networks
  • T1036 - Masquerading
  • T1059.003 - Windows Command Shell
  • T1210 - Exploitation of Remote Services
  • T1189 - Drive-by Compromise
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1025 - Data from Removable Media
  • T1057 - Process Discovery
  • T1137.002 - Office Test
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1021.002 - SMB/Windows Admin Shares
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
  • T1001.001 - Junk Data
  • T1014 - Rootkit
  • T1071.001 - Web Protocols
  • T1027.013 - Encrypted/Encoded File
  • T1105 - Ingress Tool Transfer
  • T1005 - Data from Local System
  • T1203 - Exploitation for Client Execution
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1040 - Network Sniffing
  • T1102.002 - Bidirectional Communication
  • T1550.001 - Application Access Token
  • T1560.001 - Archive via Utility
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1587 - Develop Capabilities
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1074.001 - Local Data Staging
  • T1518.001 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1059.006 - Python
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1007 - System Service Discovery
  • T1003.001 - LSASS Memory
  • T1218.010 - Regsvr32
  • T1136.001 - Local Account
  • T1583.006 - Web Services
  • T1021.001 - Remote Desktop Protocol
  • T1057 - Process Discovery
  • T1082 - System Information Discovery
  • T1027.016 - Junk Code Insertion
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1027.012 - LNK Icon Smuggling
  • T1078.003 - Local Accounts
  • T1562.001 - Disable or Modify Tools
  • T1071.001 - Web Protocols
  • T1027.010 - Command Obfuscation
  • T1620 - Reflective Code Loading
  • T1105 - Ingress Tool Transfer
  • T1005 - Data from Local System
  • T1041 - Exfiltration Over C2 Channel
  • T1112 - Modify Registry
  • T1102.001 - Dead Drop Resolver
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1040 - Network Sniffing
  • T1102.002 - Bidirectional Communication
  • T1055 - Process Injection
  • T1036.004 - Masquerade Task or Service
  • T1608.001 - Upload Malware
  • T1560.001 - Archive via Utility
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT32

Score: 0.60
Matched TTPs:
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1543.003 - Windows Service
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1012 - Query Registry
  • T1036 - Masquerading
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1218.010 - Regsvr32
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1059 - Command and Scripting Interpreter
  • T1027.011 - Fileless Storage
  • T1082 - System Information Discovery
  • T1072 - Software Deployment Tools
  • T1027.016 - Junk Code Insertion
  • T1070.004 - File Deletion
  • T1021.002 - SMB/Windows Admin Shares
  • T1078.003 - Local Accounts
  • T1003 - OS Credential Dumping
  • T1071.001 - Web Protocols
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1102 - Web Service
  • T1027.013 - Encrypted/Encoded File
  • T1105 - Ingress Tool Transfer
  • T1574.001 - DLL
  • T1041 - Exfiltration Over C2 Channel
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1569.002 - Service Execution
  • T1055 - Process Injection
  • T1036.004 - Masquerade Task or Service
  • T1033 - System Owner/User Discovery
  • T1608.001 - Upload Malware
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Medusa Group

Score: 0.57
Matched TTPs:
  • T1505.003 - Web Shell
  • T1003.003 - NTDS
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1608.002 - Upload Tool
  • T1047 - Windows Management Instrumentation
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1018 - Remote System Discovery
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1021.001 - Remote Desktop Protocol
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1082 - System Information Discovery
  • T1072 - Software Deployment Tools
  • T1219 - Remote Access Tools
  • T1190 - Exploit Public-Facing Application
  • T1529 - System Shutdown/Reboot
  • T1559.001 - Component Object Model
  • T1070.004 - File Deletion
  • T1218.014 - MMC
  • T1562.001 - Disable or Modify Tools
  • T1071.001 - Web Protocols
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1573.002 - Asymmetric Cryptography
  • T1490 - Inhibit System Recovery
  • T1650 - Acquire Access
  • T1112 - Modify Registry
  • T1569.002 - Service Execution
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Sandworm Team

Score: 0.57
Matched TTPs:
  • T1505.003 - Web Shell
  • T1003.003 - NTDS
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1195.002 - Compromise Software Supply Chain
  • T1018 - Remote System Discovery
  • T1003.001 - LSASS Memory
  • T1499 - Endpoint Denial of Service
  • T1106 - Native API
  • T1082 - System Information Discovery
  • T1219 - Remote Access Tools
  • T1072 - Software Deployment Tools
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.001 - Web Protocols
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1195 - Supply Chain Compromise
  • T1490 - Inhibit System Recovery
  • T1005 - Data from Local System
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1584.005 - Botnet
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1040 - Network Sniffing
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1033 - System Owner/User Discovery
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Gamaredon Group

Score: 0.57
Matched TTPs:
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1027.004 - Compile After Delivery
  • T1583.006 - Web Services
  • T1025 - Data from Removable Media
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1082 - System Information Discovery
  • T1027.016 - Junk Code Insertion
  • T1559.001 - Component Object Model
  • T1070.004 - File Deletion
  • T1027.012 - LNK Icon Smuggling
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1071.001 - Web Protocols
  • T1027.010 - Command Obfuscation
  • T1620 - Reflective Code Loading
  • T1102 - Web Service
  • T1105 - Ingress Tool Transfer
  • T1001 - Data Obfuscation
  • T1005 - Data from Local System
  • T1041 - Exfiltration Over C2 Channel
  • T1112 - Modify Registry
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1102.002 - Bidirectional Communication
  • T1055 - Process Injection
  • T1033 - System Owner/User Discovery
  • T1497.001 - System Checks
  • T1027.015 - Compression
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 0.56
Matched TTPs:
  • T1588.002 - Tool
  • T1543.003 - Windows Service
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1195.002 - Compromise Software Supply Chain
  • T1210 - Exploitation of Remote Services
  • T1497.002 - User Activity Based Checks
  • T1583.006 - Web Services
  • T1021.001 - Remote Desktop Protocol
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1082 - System Information Discovery
  • T1219 - Remote Access Tools
  • T1027.016 - Junk Code Insertion
  • T1190 - Exploit Public-Facing Application
  • T1078.003 - Local Accounts
  • T1021.004 - SSH
  • T1674 - Input Injection
  • T1027.010 - Command Obfuscation
  • T1620 - Reflective Code Loading
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1005 - Data from Local System
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1008 - Fallback Channels
  • T1569.002 - Service Execution
  • T1102.002 - Bidirectional Communication
  • T1036.004 - Masquerade Task or Service
  • T1033 - System Owner/User Discovery
  • T1608.001 - Upload Malware
MITREへのリンク →

APT41

Score: 0.56
Matched TTPs:
  • T1003.003 - NTDS
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1543.003 - Windows Service
  • T1047 - Windows Management Instrumentation
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1195.002 - Compromise Software Supply Chain
  • T1027.002 - Software Packing
  • T1018 - Remote System Discovery
  • T1003.001 - LSASS Memory
  • T1003.002 - Security Account Manager
  • T1136.001 - Local Account
  • T1021.001 - Remote Desktop Protocol
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1021.002 - SMB/Windows Admin Shares
  • T1480.001 - Environmental Keying
  • T1014 - Rootkit
  • T1071.001 - Web Protocols
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1203 - Exploitation for Client Execution
  • T1112 - Modify Registry
  • T1102.001 - Dead Drop Resolver
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1008 - Fallback Channels
  • T1569.002 - Service Execution
  • T1055 - Process Injection
  • T1036.004 - Masquerade Task or Service
  • T1033 - System Owner/User Discovery
  • T1560.001 - Archive via Utility
  • T1546.008 - Accessibility Features
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Volt Typhoon

Score: 0.55
Matched TTPs:
  • T1505.003 - Web Shell
  • T1003.003 - NTDS
  • T1588.002 - Tool
  • T1584.008 - Network Devices
  • T1074.001 - Local Data Staging
  • T1584.004 - Server
  • T1010 - Application Window Discovery
  • T1047 - Windows Management Instrumentation
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1018 - Remote System Discovery
  • T1007 - System Service Discovery
  • T1003.001 - LSASS Memory
  • T1021.001 - Remote Desktop Protocol
  • T1552.004 - Private Keys
  • T1057 - Process Discovery
  • T1218 - System Binary Proxy Execution
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1552 - Unsecured Credentials
  • T1518 - Software Discovery
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1584.005 - Botnet
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1090.001 - Internal Proxy
  • T1033 - System Owner/User Discovery
  • T1497.001 - System Checks
  • T1560.001 - Archive via Utility
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る