Trusted Design

Darkhotel’s attacks in 2015

概要

Darkhotel APT attacks dated 2014 and earlier are characterized by the misuse of stolen certificates, the deployment of .hta files with multiple techniques, and the use of unusual methods like the infiltration of hotel Wi-Fi to place backdoors in targets’ systems. In 2015, many of these techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team. The Darkhotel APT continues to spearphish targets around the world, with a wider geographic reach than its previous botnet buildout and hotel Wi-Fi attacks. Some of the targets are diplomatic or have strategic commercial interests.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 33.46
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1116 - Code Signing
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Kimsuky

Score: 68.25
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1116 - Code Signing
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1152 - Launchctl
  • T1557.003 - DHCP Spoofing
  • T1546.008 - Accessibility Features
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 16.34
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
MITREへのリンク →

Ember Bear

Score: 34.46
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 14.48
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1116 - Code Signing
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 10.82
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1116 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Contagious Interview

Score: 38.18
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 76.39
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1557.003 - DHCP Spoofing
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 16.74
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 59.70
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1116 - Code Signing
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1164 - Re-opened Applications
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

LAPSUS$

Score: 44.18
Matched TTPs:
  • T1216.001 - PubPrn
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Akira

Score: 3.29
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
MITREへのリンク →

HAFNIUM

Score: 31.08
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Chimera

Score: 15.52
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1116 - Code Signing
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 71.42
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1685.001 - Disable or Modify Windows Event Log
  • T1552.005 - Cloud Instance Metadata API
  • T1116 - Code Signing
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1139 - Bash History
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Ke3chang

Score: 15.76
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 14.18
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 51.83
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1021.008 - Direct Cloud VM Connections
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

ZIRCONIUM

Score: 23.99
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Leviathan

Score: 37.89
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1116 - Code Signing
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Mustard Tempest

Score: 16.82
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silent Librarian

Score: 11.96
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1546.008 - Accessibility Features
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 23.14
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

OilRig

Score: 22.33
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 31.95
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Turla

Score: 33.91
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-1811

Score: 26.13
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1566.004 - Spearphishing Voice
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Threat Group-3390

Score: 24.81
Matched TTPs:
  • T1116 - Code Signing
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 14.44
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN5

Score: 5.49
Matched TTPs:
  • T1116 - Code Signing
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

Patchwork

Score: 13.97
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 18.82
Matched TTPs:
  • T1116 - Code Signing
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT5

Score: 7.21
Matched TTPs:
  • T1116 - Code Signing
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Lotus Blossom

Score: 5.68
Matched TTPs:
  • T1116 - Code Signing
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

TeamTNT

Score: 28.37
Matched TTPs:
  • T1116 - Code Signing
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1612 - Build Image on Host
  • T1142 - Keychain
  • T1519 - Emond
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 34.19
Matched TTPs:
  • T1116 - Code Signing
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

MuddyWater

Score: 20.58
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT3

Score: 11.98
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 14.49
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1038 - DLL Search Order Hijacking
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 14.51
Matched TTPs:
  • T1116 - Code Signing
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 13.26
Matched TTPs:
  • T1116 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 17.23
Matched TTPs:
  • T1116 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BackdoorDiplomacy

Score: 7.45
Matched TTPs:
  • T1116 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 34.52
Matched TTPs:
  • T1116 - Code Signing
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 16.05
Matched TTPs:
  • T1116 - Code Signing
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Moonstone Sleet

Score: 18.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

LuminousMoth

Score: 12.63
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 34.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1546.018 - Python Startup Hooks
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 9.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1142 - Keychain
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 8.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 9.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1542.004 - ROMMONkit
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 27.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 8.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 5.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 4.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1546.017 - Udev Rules
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 9.26
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN8

Score: 5.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 24.27
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT1

Score: 6.27
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 7.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 5.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Windshift

Score: 11.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 4.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 14.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 30.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

TA505

Score: 9.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 14.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 8.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
MITREへのリンク →

Scattered Spider

Score: 25.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

CURIUM

Score: 18.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1557.003 - DHCP Spoofing
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Velvet Ant

Score: 8.20
Matched TTPs:
  • T1583.005 - Botnet
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 8.42
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

SideCopy

Score: 9.12
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 6.46
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 10.23
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 17.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Rocke

Score: 8.05
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Medusa Group

Score: 24.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Fox Kitten

Score: 16.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

Cinnamon Tempest

Score: 5.44
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Winter Vivern

Score: 18.47
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volatile Cedar

Score: 8.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 5.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 8.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT41

Score: 27.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1566.004 - Spearphishing Voice
  • T1564.003 - Hidden Window
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

IndigoZebra

Score: 5.16
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 8.53
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Ferocious Kitten

Score: 5.81
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
MITREへのリンク →

BRONZE BUTLER

Score: 19.58
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

PLATINUM

Score: 4.73
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

Aquatic Panda

Score: 6.68
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 7.76
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 4.37
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 7.60
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 7.61
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 5.90
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN10

Score: 3.08
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Tropic Trooper

Score: 8.64
Matched TTPs:
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 10.06
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Higaisa

Score: 7.57
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 4.04
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 5.38
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1193 - Spearphishing Attachment
  • T1199 - Trusted Relationship
  • T1049 - System Network Connections Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1484.002 - Trust Modification
  • T1187 - Forced Authentication
  • T1546.008 - Accessibility Features
  • T1562.004 - Disable or Modify System Firewall
  • T1566.002 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1547.002 - Authentication Package
  • T1005 - Data from Local System
  • T1045 - Software Packing
  • T1111 - Multi-Factor Authentication Interception
  • T1583.005 - Botnet
  • T1558 - Steal or Forge Kerberos Tickets
  • T1102.003 - One-Way Communication
  • T1566.004 - Spearphishing Voice
  • T1564.008 - Email Hiding Rules
  • T1033 - System Owner/User Discovery
  • T1218.010 - Regsvr32
  • T1114 - Email Collection
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1557.003 - DHCP Spoofing
  • T1098.007 - Additional Local or Domain Groups
  • T1546.016 - Installer Packages
MITREへのリンク →

APT28

Score: 0.81
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.012 - Hypervisor CLI
  • T1139 - Bash History
  • T1116 - Code Signing
  • T1562.004 - Disable or Modify System Firewall
  • T1546.007 - Netsh Helper DLL
  • T1146 - Clear Command History
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1059.001 - PowerShell
  • T1592.003 - Firmware
  • T1547.011 - Plist Modification
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1583.005 - Botnet
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.001 - Disable or Modify Windows Event Log
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1552.005 - Cloud Instance Metadata API
  • T1608.005 - Link Target
  • T1152 - Launchctl
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1003.003 - NTDS
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1546.008 - Accessibility Features
  • T1116 - Code Signing
  • T1566.002 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1008 - Fallback Channels
  • T1037 - Boot or Logon Initialization Scripts
  • T1583.005 - Botnet
  • T1102.003 - One-Way Communication
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1091 - Replication Through Removable Media
  • T1197 - BITS Jobs
  • T1606.002 - SAML Tokens
  • T1557.003 - DHCP Spoofing
  • T1608.005 - Link Target
  • T1152 - Launchctl
  • T1098.007 - Additional Local or Domain Groups
  • T1690 - Prevent Command History Logging
MITREへのリンク →

Volt Typhoon

Score: 0.68
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1049 - System Network Connections Discovery
  • T1574.002 - DLL Side-Loading
  • T1140 - Deobfuscate/Decode Files or Information
  • T1116 - Code Signing
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1045 - Software Packing
  • T1102.003 - One-Way Communication
  • T1164 - Re-opened Applications
  • T1566.004 - Spearphishing Voice
  • T1685.001 - Disable or Modify Windows Event Log
  • T1148 - HISTCONTROL
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1159 - Launch Agent
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.012 - Hypervisor CLI
  • T1578.002 - Create Cloud Instance
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1021.008 - Direct Cloud VM Connections
  • T1562.004 - Disable or Modify System Firewall
  • T1098.002 - Additional Email Delegate Permissions
  • T1566.002 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1045 - Software Packing
  • T1566.004 - Spearphishing Voice
  • T1547.008 - LSASS Driver
  • T1608.005 - Link Target
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る