Trusted Design

Malware Meets SysAdmin – Automation Tools Gone Bad

概要

Talos recently spotted a targeted phishing attack with several unique characteristics that are not normally seen. While we monitor phishing campaigns used to distribute threats such as Dridex, Upatre, and Cryptowall, targeted phishing attacks are more convincing because the format of the message is personalized to the targeted user. This targeted attack was more difficult to detect because adversaries chose to leverage AutoIT, a well known freeware administration tool for automating system management in corporate environments. This notable characteristic made this attack worthy of further analysis. Utilizing AutoIT within a payload is unique because it is a legitimate management tool. In this attack, AutoIT was utilized to install a Remote Access Trojan (RAT) and maintain persistence on the host in a manner that’s similar to normal administration activity.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT41

Score: 49.13
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1014 - Rootkit
  • T1568.002 - Domain Generation Algorithms
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT29

Score: 35.55
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1568 - Dynamic Resolution
  • T1583.006 - Web Services
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Rocke

Score: 22.65
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 48.28
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1027.005 - Indicator Removal from Tools
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1124 - System Time Discovery
MITREへのリンク →

APT38

Score: 22.79
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Moonstone Sleet

Score: 28.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN8

Score: 14.18
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Ke3chang

Score: 22.42
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

FIN7

Score: 44.12
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

HAFNIUM

Score: 26.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1550.001 - Application Access Token
MITREへのリンク →

Winter Vivern

Score: 18.52
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 7.98
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN10

Score: 7.68
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT32

Score: 40.01
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT39

Score: 28.37
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT37

Score: 10.74
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Lazarus Group

Score: 57.41
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1547.009 - Shortcut Modification
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Tropic Trooper

Score: 23.53
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 32.13
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

Earth Lusca

Score: 31.31
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Magic Hound

Score: 51.37
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1036.010 - Masquerade Account Name
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 22.34
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1012 - Query Registry
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Chimera

Score: 29.56
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Patchwork

Score: 23.59
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Stealth Falcon

Score: 5.32
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1057 - Process Discovery
  • T1012 - Query Registry
MITREへのリンク →

Volt Typhoon

Score: 41.43
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1587.004 - Exploits
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1124 - System Time Discovery
MITREへのリンク →

LuminousMoth

Score: 14.20
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aquatic Panda

Score: 28.98
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1021 - Remote Services
  • T1595.002 - Vulnerability Scanning
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Gamaredon Group

Score: 44.36
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1497.001 - System Checks
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 13.34
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 37.06
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1021 - Remote Services
  • T1585.002 - Email Accounts
  • T1547.004 - Winlogon Helper DLL
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

OilRig

Score: 46.46
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HEXANE

Score: 21.37
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Windshift

Score: 16.43
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MuddyWater

Score: 28.40
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 37.02
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Medusa Group

Score: 45.79
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1585.002 - Email Accounts
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sandworm Team

Score: 60.57
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-1811

Score: 26.62
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1036.010 - Masquerade Account Name
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 21.98
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1598.002 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

APT3

Score: 18.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Kimsuky

Score: 68.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1587 - Develop Capabilities
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 13.75
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 43.38
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021 - Remote Services
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1585 - Establish Accounts
  • T1070.004 - File Deletion
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 23.07
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1136 - Create Account
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 14.31
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Contagious Interview

Score: 73.89
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1204.005 - Malicious Library
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1546.004 - Unix Shell Configuration Modification
  • T1656 - Impersonation
  • T1585 - Establish Accounts
  • T1543.001 - Launch Agent
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1547.013 - XDG Autostart Entries
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 14.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 50.60
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1546.013 - PowerShell Profile
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1027.005 - Indicator Removal from Tools
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 57.92
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1176.002 - IDE Extensions
  • T1219.001 - IDE Tunneling
  • T1070 - Indicator Removal
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tonto Team

Score: 7.61
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 32.91
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1480 - Execution Guardrails
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 59.51
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1014 - Rootkit
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1105 - Ingress Tool Transfer
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Storm-0501

Score: 10.00
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Axiom

Score: 24.95
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

Leviathan

Score: 41.19
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 26.55
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA551

Score: 11.48
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1036 - Masquerading
  • T1589.002 - Email Addresses
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 13.53
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT42

Score: 26.24
Matched TTPs:
  • T1547 - Boot or Logon Autostart Execution
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1573.002 - Asymmetric Cryptography
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
MITREへのリンク →

FIN13

Score: 19.93
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1087 - Account Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
MITREへのリンク →

Salt Typhoon

Score: 8.26
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

Play

Score: 16.17
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 8.86
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 11.80
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1056.002 - GUI Input Capture
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

DarkVishnya

Score: 5.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Lotus Blossom

Score: 5.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

Blue Mockingbird

Score: 12.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

PROMETHIUM

Score: 3.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 5.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Cobalt Group

Score: 21.56
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cinnamon Tempest

Score: 7.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Evilnum

Score: 7.04
Matched TTPs:
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 21.46
Matched TTPs:
  • T1497.001 - System Checks
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

BlackTech

Score: 8.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 5.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 11.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 12.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1585.002 - Email Accounts
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT33

Score: 4.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

EXOTIC LILY

Score: 12.25
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Molerats

Score: 3.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 5.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1056.002 - GUI Input Capture
MITREへのリンク →

TA2541

Score: 19.24
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1568 - Dynamic Resolution
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 11.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 12.72
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 42.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1598.004 - Spearphishing Voice
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1578.002 - Create Cloud Instance
  • T1136 - Create Account
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Silent Librarian

Score: 8.12
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1588.002 - Tool
MITREへのリンク →

CURIUM

Score: 18.28
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT5

Score: 17.61
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1070 - Indicator Removal
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 28.68
Matched TTPs:
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1053.002 - At
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

SideCopy

Score: 11.02
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 12.00
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 16.68
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

BackdoorDiplomacy

Score: 5.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 12.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Fox Kitten

Score: 14.18
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1012 - Query Registry
  • T1585 - Establish Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

menuPass

Score: 14.34
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ToddyCat

Score: 7.41
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Volatile Cedar

Score: 8.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 20.96
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 12.69
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

PLATINUM

Score: 9.27
Matched TTPs:
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

Gorgon Group

Score: 7.04
Matched TTPs:
  • T1547.009 - Shortcut Modification
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LAPSUS$

Score: 32.68
Matched TTPs:
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1656 - Impersonation
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

Ferocious Kitten

Score: 4.29
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 11.86
Matched TTPs:
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

RedEcho

Score: 6.03
Matched TTPs:
  • T1568 - Dynamic Resolution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Malteiro

Score: 4.42
Matched TTPs:
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Deep Panda

Score: 4.67
Matched TTPs:
  • T1057 - Process Discovery
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

Higaisa

Score: 9.45
Matched TTPs:
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1124 - System Time Discovery
MITREへのリンク →

Inception

Score: 6.61
Matched TTPs:
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Leafminer

Score: 4.48
Matched TTPs:
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN6

Score: 15.21
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Silence

Score: 8.92
Matched TTPs:
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Velvet Ant

Score: 13.31
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Daggerfly

Score: 13.82
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

The White Company

Score: 7.37
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1124 - System Time Discovery
MITREへのリンク →

APT18

Score: 6.00
Matched TTPs:
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Contagious Interview

Score: 0.79
Matched TTPs:
  • T1657 - Financial Theft
  • T1547.013 - XDG Autostart Entries
  • T1562.001 - Disable or Modify Tools
  • T1497 - Virtualization/Sandbox Evasion
  • T1608.001 - Upload Malware
  • T1656 - Impersonation
  • T1543.001 - Launch Agent
  • T1070.004 - File Deletion
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1480 - Execution Guardrails
  • T1204.004 - Malicious Copy and Paste
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1566.003 - Spearphishing via Service
  • T1036 - Masquerading
  • T1546.004 - Unix Shell Configuration Modification
  • T1204.005 - Malicious Library
  • T1681 - Search Threat Vendor Data
  • T1583.006 - Web Services
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1585 - Establish Accounts
  • T1587 - Develop Capabilities
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1588.005 - Exploits
  • T1543.003 - Windows Service
  • T1518.001 - Security Software Discovery
  • T1608.001 - Upload Malware
  • T1656 - Impersonation
  • T1021.001 - Remote Desktop Protocol
  • T1589.002 - Email Addresses
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1583 - Acquire Infrastructure
  • T1534 - Internal Spearphishing
  • T1598 - Phishing for Information
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1585 - Establish Accounts
  • T1102.001 - Dead Drop Resolver
  • T1007 - System Service Discovery
  • T1587 - Develop Capabilities
  • T1057 - Process Discovery
MITREへのリンク →

Sandworm Team

Score: 0.69
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1033 - System Owner/User Discovery
  • T1203 - Exploitation for Client Execution
  • T1598.003 - Spearphishing Link
  • T1584.004 - Server
  • T1219 - Remote Access Tools
  • T1570 - Lateral Tool Transfer
  • T1608.001 - Upload Malware
  • T1499 - Endpoint Denial of Service
  • T1589.002 - Email Addresses
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1070.004 - File Deletion
  • T1195 - Supply Chain Compromise
  • T1583 - Acquire Infrastructure
  • T1584.005 - Botnet
  • T1595.002 - Vulnerability Scanning
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1491.002 - External Defacement
MITREへのリンク →

APT28

Score: 0.67
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1203 - Exploitation for Client Execution
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1014 - Rootkit
  • T1546.015 - Component Object Model Hijacking
  • T1189 - Drive-by Compromise
  • T1210 - Exploitation of Remote Services
  • T1211 - Exploitation for Defense Evasion
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1669 - Wi-Fi Networks
  • T1598 - Phishing for Information
  • T1595.002 - Vulnerability Scanning
  • T1550.001 - Application Access Token
  • T1589.001 - Credentials
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1498 - Network Denial of Service
  • T1003 - OS Credential Dumping
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 0.65
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1622 - Debugger Evasion
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1598.003 - Spearphishing Link
  • T1678 - Delay Execution
  • T1219.001 - IDE Tunneling
  • T1608.001 - Upload Malware
  • T1070.004 - File Deletion
  • T1176.002 - IDE Extensions
  • T1608 - Stage Capabilities
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1027.007 - Dynamic API Resolution
  • T1518 - Software Discovery
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1003 - OS Credential Dumping
  • T1057 - Process Discovery
MITREへのリンク →

Lazarus Group

Score: 0.64
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1033 - System Owner/User Discovery
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1584.004 - Server
  • T1562.001 - Disable or Modify Tools
  • T1543.003 - Windows Service
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1589.002 - Email Addresses
  • T1070.004 - File Deletion
  • T1124 - System Time Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1547.009 - Shortcut Modification
  • T1036.003 - Rename Legitimate Utilities
  • T1057 - Process Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Turla

Score: 0.62
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1027.005 - Indicator Removal from Tools
  • T1584.004 - Server
  • T1547.004 - Winlogon Helper DLL
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1546.013 - PowerShell Profile
  • T1124 - System Time Discovery
  • T1564.012 - File/Path Exclusions
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1584.006 - Web Services
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1033 - System Owner/User Discovery
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1036.010 - Masquerade Account Name
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1589.002 - Email Addresses
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1595.002 - Vulnerability Scanning
  • T1027.010 - Command Obfuscation
  • T1566.002 - Spearphishing Link
  • T1566.003 - Spearphishing via Service
  • T1589.001 - Credentials
  • T1583.006 - Web Services
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1573 - Encrypted Channel
  • T1057 - Process Discovery
MITREへのリンク →

UNC3886

Score: 0.57
Matched TTPs:
  • T1587.004 - Exploits
  • T1548 - Abuse Elevation Control Mechanism
  • T1562.001 - Disable or Modify Tools
  • T1681 - Search Threat Vendor Data
  • T1027.005 - Indicator Removal from Tools
  • T1124 - System Time Discovery
  • T1037 - Boot or Logon Initialization Scripts
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1212 - Exploitation for Credential Access
  • T1070.004 - File Deletion
  • T1057 - Process Discovery
  • T1587.001 - Malware
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1554 - Compromise Host Software Binary
  • T1588.001 - Malware
MITREへのリンク →

APT41

Score: 0.57
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1033 - System Owner/User Discovery
  • T1203 - Exploitation for Client Execution
  • T1568.002 - Domain Generation Algorithms
  • T1014 - Rootkit
  • T1595.003 - Wordlist Scanning
  • T1480.001 - Environmental Keying
  • T1543.003 - Windows Service
  • T1037 - Boot or Logon Initialization Scripts
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1021.001 - Remote Desktop Protocol
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1070.004 - File Deletion
  • T1595.002 - Vulnerability Scanning
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN7

Score: 0.57
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1033 - System Owner/User Discovery
  • T1608.004 - Drive-by Target
  • T1497.002 - User Activity Based Checks
  • T1219 - Remote Access Tools
  • T1543.003 - Windows Service
  • T1674 - Input Injection
  • T1608.001 - Upload Malware
  • T1210 - Exploitation of Remote Services
  • T1021.001 - Remote Desktop Protocol
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1124 - System Time Discovery
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1057 - Process Discovery
MITREへのリンク →

Medusa Group

Score: 0.56
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1657 - Financial Theft
  • T1033 - System Owner/User Discovery
  • T1650 - Acquire Access
  • T1573.002 - Asymmetric Cryptography
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1543.003 - Windows Service
  • T1518.001 - Security Software Discovery
  • T1570 - Lateral Tool Transfer
  • T1608.002 - Upload Tool
  • T1021.001 - Remote Desktop Protocol
  • T1190 - Exploit Public-Facing Application
  • T1070.004 - File Deletion
  • T1027.010 - Command Obfuscation
  • T1583.006 - Web Services
  • T1585.002 - Email Accounts
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る