Trusted Design

Malware Meets SysAdmin – Automation Tools Gone Bad

概要

Talos recently spotted a targeted phishing attack with several unique characteristics that are not normally seen. While we monitor phishing campaigns used to distribute threats such as Dridex, Upatre, and Cryptowall, targeted phishing attacks are more convincing because the format of the message is personalized to the targeted user. This targeted attack was more difficult to detect because adversaries chose to leverage AutoIT, a well known freeware administration tool for automating system management in corporate environments. This notable characteristic made this attack worthy of further analysis. Utilizing AutoIT within a payload is unique because it is a legitimate management tool. In this attack, AutoIT was utilized to install a Remote Access Trojan (RAT) and maintain persistence on the host in a manner that’s similar to normal administration activity.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 49.13
Matched TTPs:
  • T1067 - Bootkit
  • T1557 - Adversary-in-the-Middle
  • T1499.001 - OS Exhaustion Flood
  • T1539 - Steal Web Session Cookie
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

APT29

Score: 35.55
Matched TTPs:
  • T1067 - Bootkit
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1036.002 - Right-to-Left Override
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 22.65
Matched TTPs:
  • T1067 - Bootkit
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 48.28
Matched TTPs:
  • T1067 - Bootkit
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 22.79
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Moonstone Sleet

Score: 28.81
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 14.18
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Ke3chang

Score: 22.42
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN7

Score: 44.12
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

HAFNIUM

Score: 26.00
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Winter Vivern

Score: 18.52
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 7.98
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN10

Score: 7.68
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

APT32

Score: 40.01
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT39

Score: 28.37
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1543.003 - Windows Service
  • T1499.002 - Service Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT37

Score: 10.74
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lazarus Group

Score: 57.41
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1050 - New Service
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Tropic Trooper

Score: 23.53
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 32.13
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Earth Lusca

Score: 31.31
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 51.37
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1578.002 - Create Cloud Instance
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

ZIRCONIUM

Score: 22.34
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Chimera

Score: 29.56
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

Patchwork

Score: 23.59
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Stealth Falcon

Score: 5.32
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 41.43
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1488 - Disk Content Wipe
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 14.20
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 28.98
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Gamaredon Group

Score: 44.36
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1562.009 - Safe Mode Boot
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 13.34
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1174 - Password Filter DLL
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 37.06
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1038 - DLL Search Order Hijacking
  • T1589 - Gather Victim Identity Information
  • T1183 - Image File Execution Options Injection
  • T1003.001 - LSASS Memory
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

OilRig

Score: 46.46
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

HEXANE

Score: 21.37
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Windshift

Score: 16.43
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 28.40
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 37.02
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 45.79
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Sandworm Team

Score: 60.57
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 26.62
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sidewinder

Score: 21.98
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT3

Score: 18.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Kimsuky

Score: 68.33
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 13.75
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 43.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1656 - Impersonation
  • T1070.009 - Clear Persistence
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 23.07
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 14.31
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 73.89
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1016 - System Network Configuration Discovery
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1564.009 - Resource Forking
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1651 - Cloud Administration Command
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Star Blizzard

Score: 14.22
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 50.60
Matched TTPs:
  • T1056.001 - Keylogging
  • T1014 - Rootkit
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1059.004 - Unix Shell
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Mustang Panda

Score: 57.92
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1562.006 - Indicator Blocking
  • T1677 - Poisoned Pipeline Execution
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Tonto Team

Score: 7.61
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 32.91
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.010 - Downgrade Attack
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 59.51
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1499.001 - OS Exhaustion Flood
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-0501

Score: 10.00
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
MITREへのリンク →

Axiom

Score: 24.95
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 41.19
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 26.55
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 11.48
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 13.53
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 26.24
Matched TTPs:
  • T1110.002 - Password Cracking
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1128 - Netsh Helper DLL
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN13

Score: 19.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Salt Typhoon

Score: 8.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 16.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 8.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 11.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1574.010 - Services File Permissions Weakness
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

DarkVishnya

Score: 5.38
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
MITREへのリンク →

Lotus Blossom

Score: 5.02
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 12.84
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

PROMETHIUM

Score: 3.70
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Carbanak

Score: 5.38
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
MITREへのリンク →

Cobalt Group

Score: 21.56
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Cinnamon Tempest

Score: 7.55
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 7.04
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 21.46
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

BlackTech

Score: 8.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 5.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 11.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT1

Score: 12.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

APT33

Score: 4.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

EXOTIC LILY

Score: 12.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 3.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 5.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

TA2541

Score: 19.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1036.002 - Right-to-Left Override
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 11.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 12.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 42.92
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1557.002 - ARP Cache Poisoning
  • T1498 - Network Denial of Service
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Silent Librarian

Score: 8.12
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 18.28
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT5

Score: 17.61
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 28.68
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1591.001 - Determine Physical Locations
  • T1008 - Fallback Channels
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 11.02
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 12.00
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 16.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BackdoorDiplomacy

Score: 5.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 12.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Fox Kitten

Score: 14.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

menuPass

Score: 14.34
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

ToddyCat

Score: 7.41
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volatile Cedar

Score: 8.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 20.96
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Akira

Score: 12.69
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
  • T1622 - Debugger Evasion
MITREへのリンク →

PLATINUM

Score: 9.27
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Gorgon Group

Score: 7.04
Matched TTPs:
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LAPSUS$

Score: 32.68
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1601 - Modify System Image
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1557.002 - ARP Cache Poisoning
MITREへのリンク →

Ferocious Kitten

Score: 4.29
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 11.86
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

RedEcho

Score: 6.03
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Malteiro

Score: 4.42
Matched TTPs:
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Deep Panda

Score: 4.67
Matched TTPs:
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
MITREへのリンク →

Higaisa

Score: 9.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1578.001 - Create Snapshot
MITREへのリンク →

Inception

Score: 6.61
Matched TTPs:
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Leafminer

Score: 4.48
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN6

Score: 15.21
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Silence

Score: 8.92
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 13.31
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Daggerfly

Score: 13.82
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

The White Company

Score: 7.37
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT18

Score: 6.00
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Contagious Interview

Score: 0.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1016 - System Network Configuration Discovery
  • T1126 - Network Share Connection Removal
  • T1552.003 - Shell History
  • T1183 - Image File Execution Options Injection
  • T1562.010 - Downgrade Attack
  • T1030 - Data Transfer Size Limits
  • T1199 - Trusted Relationship
  • T1656 - Impersonation
  • T1608.005 - Link Target
  • T1547.008 - LSASS Driver
  • T1033 - System Owner/User Discovery
  • T1064 - Scripting
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1044 - File System Permissions Weakness
  • T1558 - Steal or Forge Kerberos Tickets
  • T1564.009 - Resource Forking
  • T1597 - Search Closed Sources
  • T1221 - Template Injection
  • T1070.009 - Clear Persistence
  • T1651 - Cloud Administration Command
  • T1021.006 - Windows Remote Management
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1570 - Lateral Tool Transfer
  • T1003.007 - Proc Filesystem
  • T1197 - BITS Jobs
  • T1055.014 - VDSO Hijacking
  • T1126 - Network Share Connection Removal
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1183 - Image File Execution Options Injection
  • T1030 - Data Transfer Size Limits
  • T1199 - Trusted Relationship
  • T1656 - Impersonation
  • T1003.003 - NTDS
  • T1608.005 - Link Target
  • T1176.001 - Browser Extensions
  • T1033 - System Owner/User Discovery
  • T1583.006 - Web Services
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1601.001 - Patch System Image
  • T1506 - Web Session Cookie
  • T1008 - Fallback Channels
  • T1134.002 - Create Process with Token
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 0.69
Matched TTPs:
  • T1075 - Pass the Hash
  • T1566.002 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1005 - Data from Local System
  • T1547.013 - XDG Autostart Entries
  • T1566.004 - Spearphishing Voice
  • T1557 - Adversary-in-the-Middle
  • T1564.008 - Email Hiding Rules
  • T1140 - Deobfuscate/Decode Files or Information
  • T1187 - Forced Authentication
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1573 - Encrypted Channel
  • T1033 - System Owner/User Discovery
  • T1586.002 - Email Accounts
  • T1601.001 - Patch System Image
  • T1134.002 - Create Process with Token
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1070.009 - Clear Persistence
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT28

Score: 0.67
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1566.003 - Spearphishing via Service
  • T1197 - BITS Jobs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597.002 - Purchase Technical Data
  • T1055.008 - Ptrace System Calls
  • T1059.012 - Hypervisor CLI
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1608.005 - Link Target
  • T1548.004 - Elevated Execution with Prompt
  • T1685.001 - Disable or Modify Windows Event Log
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1592.003 - Firmware
  • T1558 - Steal or Forge Kerberos Tickets
  • T1146 - Clear Command History
  • T1562.004 - Disable or Modify System Firewall
  • T1070.009 - Clear Persistence
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Mustang Panda

Score: 0.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1567.002 - Exfiltration to Cloud Storage
  • T1562.006 - Indicator Blocking
  • T1055.005 - Thread Local Storage
  • T1597.002 - Purchase Technical Data
  • T1183 - Image File Execution Options Injection
  • T1159 - Launch Agent
  • T1199 - Trusted Relationship
  • T1136.001 - Local Account
  • T1218.010 - Regsvr32
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1583.006 - Web Services
  • T1071.001 - Web Protocols
  • T1677 - Poisoned Pipeline Execution
  • T1070.009 - Clear Persistence
  • T1569.001 - Launchctl
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Lazarus Group

Score: 0.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1567.002 - Exfiltration to Cloud Storage
  • T1570 - Lateral Tool Transfer
  • T1557 - Adversary-in-the-Middle
  • T1055.005 - Thread Local Storage
  • T1183 - Image File Execution Options Injection
  • T1059.012 - Hypervisor CLI
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1608.005 - Link Target
  • T1546.016 - Installer Packages
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1176.001 - Browser Extensions
  • T1583.006 - Web Services
  • T1050 - New Service
  • T1134.002 - Create Process with Token
  • T1597 - Search Closed Sources
  • T1677 - Poisoned Pipeline Execution
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1543.003 - Windows Service
  • T1216 - System Script Proxy Execution
  • T1174 - Password Filter DLL
MITREへのリンク →

Turla

Score: 0.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.004 - Unix Shell
  • T1547.013 - XDG Autostart Entries
  • T1570 - Lateral Tool Transfer
  • T1566.004 - Spearphishing Voice
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1199 - Trusted Relationship
  • T1578.001 - Create Snapshot
  • T1608.005 - Link Target
  • T1546.016 - Installer Packages
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1543.003 - Windows Service
  • T1014 - Rootkit
  • T1056.001 - Keylogging
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1566.004 - Spearphishing Voice
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1187 - Forced Authentication
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1578.002 - Create Cloud Instance
  • T1608.005 - Link Target
  • T1547.008 - LSASS Driver
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1592.003 - Firmware
  • T1683 - Generate Content
  • T1134.002 - Create Process with Token
  • T1597 - Search Closed Sources
  • T1562.004 - Disable or Modify System Firewall
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1070.003 - Clear Command History
  • T1543.003 - Windows Service
MITREへのリンク →

UNC3886

Score: 0.57
Matched TTPs:
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1606 - Forge Web Credentials
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1067 - Bootkit
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
  • T1585.002 - Email Accounts
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1021.006 - Windows Remote Management
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT41

Score: 0.57
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1570 - Lateral Tool Transfer
  • T1566.004 - Spearphishing Voice
  • T1557 - Adversary-in-the-Middle
  • T1067 - Bootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1573 - Encrypted Channel
  • T1176.001 - Browser Extensions
  • T1499.001 - OS Exhaustion Flood
  • T1539 - Steal Web Session Cookie
  • T1008 - Fallback Channels
  • T1562.004 - Disable or Modify System Firewall
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

FIN7

Score: 0.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1578.001 - Create Snapshot
  • T1608.005 - Link Target
  • T1573 - Encrypted Channel
  • T1176.001 - Browser Extensions
  • T1564.002 - Hidden Users
  • T1115 - Clipboard Data
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1011.001 - Exfiltration Over Bluetooth
  • T1601.001 - Patch System Image
  • T1622 - Debugger Evasion
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Medusa Group

Score: 0.56
Matched TTPs:
  • T1598 - Phishing for Information
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1566.004 - Spearphishing Voice
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1608.005 - Link Target
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1506 - Web Session Cookie
  • T1128 - Netsh Helper DLL
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1216 - System Script Proxy Execution
  • T1218.003 - CMSTP
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る