Trusted Design

Neutralizing Remote Access Trojan Efficacy

概要

Continuously incorporating known remote access trojan (RAT) controller locations into operational defense workflow and detection technologies is useful, and automating correlation with internal telemetry will identify potential infections, but the deeper value to the business, that reduces risk, is to understand the adversary behind each RAT instance. Adversary attribution is difficult, but worthwhile, since motivation informs methodology. Exploring an attacker’s capabilities and infrastructure becomes an ancillary benefit. One of the best ways to achieve consistent attribution results is to develop original attribution methodologies. An example of one such methodology – proactive Internet services enumeration – and the applied results for Trojans like njRAT and Dark Comet are detailed in this report.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 7.16
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 36.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

menuPass

Score: 24.80
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1119 - Automated Collection
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

INC Ransom

Score: 18.46
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Gamaredon Group

Score: 39.90
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1571 - Non-Standard Port
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 42.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1589.002 - Email Addresses
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 49.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1070 - Indicator Removal
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

MuddyWater

Score: 27.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 23.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Leviathan

Score: 38.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1584.008 - Network Devices
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Velvet Ant

Score: 23.15
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1040 - Network Sniffing
  • T1049 - System Network Connections Discovery
  • T1571 - Non-Standard Port
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN7

Score: 46.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

GALLIUM

Score: 14.46
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 84.19
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1592 - Gather Victim Host Information
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1007 - System Service Discovery
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1590 - Gather Victim Network Information
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1587.004 - Exploits
  • T1570 - Lateral Tool Transfer
  • T1614 - System Location Discovery
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Blue Mockingbird

Score: 9.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 4.98
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 54.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1090.002 - External Proxy
  • T1589.002 - Email Addresses
  • T1070 - Indicator Removal
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

Lotus Blossom

Score: 11.34
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sandworm Team

Score: 88.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1590.001 - Domain Properties
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Earth Lusca

Score: 32.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Indrik Spider

Score: 23.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1590 - Gather Victim Network Information
  • T1136 - Create Account
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 19.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Stealth Falcon

Score: 5.50
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1071.001 - Web Protocols
MITREへのリンク →

Aquatic Panda

Score: 17.06
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT29

Score: 30.96
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 33.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1119 - Automated Collection
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windshift

Score: 18.85
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 20.30
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1119 - Automated Collection
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ToddyCat

Score: 10.71
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 3.08
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 30.93
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1119 - Automated Collection
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT42

Score: 25.87
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1573.002 - Asymmetric Cryptography
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 42.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1119 - Automated Collection
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1595.001 - Scanning IP Blocks
  • T1018 - Remote System Discovery
  • T1588.005 - Exploits
MITREへのリンク →

Chimera

Score: 39.42
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1213.002 - Sharepoint
  • T1119 - Automated Collection
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1556.001 - Domain Controller Authentication
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

BlackByte

Score: 29.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1491.001 - Internal Defacement
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 33.62
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Magic Hound

Score: 66.58
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1016.002 - Wi-Fi Discovery
  • T1595.002 - Vulnerability Scanning
  • T1589.002 - Email Addresses
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT41

Score: 45.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN8

Score: 21.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Kimsuky

Score: 84.66
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1071.003 - Mail Protocols
  • T1596 - Search Open Technical Databases
  • T1589.002 - Email Addresses
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1587 - Develop Capabilities
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 15.16
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

APT38

Score: 22.46
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1036.006 - Space after Filename
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Moonstone Sleet

Score: 32.21
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1591 - Gather Victim Org Information
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ke3chang

Score: 29.01
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1213.002 - Sharepoint
  • T1587.001 - Malware
  • T1119 - Automated Collection
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 45.18
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1213.002 - Sharepoint
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1119 - Automated Collection
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1590 - Gather Victim Network Information
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Winter Vivern

Score: 23.10
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 6.58
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN10

Score: 6.30
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT39

Score: 24.80
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT37

Score: 10.39
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tropic Trooper

Score: 17.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 27.84
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1124 - System Time Discovery
MITREへのリンク →

Patchwork

Score: 20.58
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

LuminousMoth

Score: 15.39
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 28.95
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Dragonfly

Score: 37.51
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Storm-1811

Score: 27.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 23.18
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

APT3

Score: 14.16
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1090.002 - External Proxy
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 14.30
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1119 - Automated Collection
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Contagious Interview

Score: 58.77
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1567 - Exfiltration Over Web Service
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 15.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
MITREへのリンク →

LAPSUS$

Score: 49.73
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1213.002 - Sharepoint
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1003.003 - NTDS
  • T1213.005 - Messaging Applications
MITREへのリンク →

Akira

Score: 9.00
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1657 - Financial Theft
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT28

Score: 90.21
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1119 - Automated Collection
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1036 - Masquerading
  • T1557.004 - Evil Twin
  • T1071.003 - Mail Protocols
  • T1595.002 - Vulnerability Scanning
  • T1596 - Search Open Technical Databases
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1213 - Data from Information Repositories
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1001.001 - Junk Data
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Andariel

Score: 15.92
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 46.66
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1071.003 - Mail Protocols
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Mustard Tempest

Score: 14.74
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silent Librarian

Score: 9.12
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1589.002 - Email Addresses
  • T1588.002 - Tool
MITREへのリンク →

EXOTIC LILY

Score: 24.15
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1102 - Web Service
  • T1597 - Search Closed Sources
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

UNC3886

Score: 27.89
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1212 - Exploitation for Credential Access
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Salt Typhoon

Score: 15.14
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

Play

Score: 12.36
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 8.86
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 16.43
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1102 - Web Service
  • T1039 - Data from Network Shared Drive
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

Moses Staff

Score: 6.40
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 24.83
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 5.26
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 9.10
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1119 - Automated Collection
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 7.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 12.85
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1119 - Automated Collection
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT33

Score: 11.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 14.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA505

Score: 8.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 13.38
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 42.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1213.005 - Messaging Applications
MITREへのリンク →

CURIUM

Score: 17.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN5

Score: 7.32
Matched TTPs:
  • T1119 - Automated Collection
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1018 - Remote System Discovery
MITREへのリンク →

APT5

Score: 12.32
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1070 - Indicator Removal
  • T1049 - System Network Connections Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 23.98
Matched TTPs:
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

admin@338

Score: 6.96
Matched TTPs:
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

DarkVishnya

Score: 10.82
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1200 - Hardware Additions
MITREへのリンク →

Windigo

Score: 5.72
Matched TTPs:
  • T1082 - System Information Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Darkhotel

Score: 9.73
Matched TTPs:
  • T1082 - System Information Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Rocke

Score: 16.29
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1571 - Non-Standard Port
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Inception

Score: 10.01
Matched TTPs:
  • T1082 - System Information Discovery
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

Higaisa

Score: 13.25
Matched TTPs:
  • T1082 - System Information Discovery
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Malteiro

Score: 5.63
Matched TTPs:
  • T1082 - System Information Discovery
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Daggerfly

Score: 10.70
Matched TTPs:
  • T1082 - System Information Discovery
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 7.10
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

SideCopy

Score: 16.35
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1614 - System Location Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT18

Score: 3.17
Matched TTPs:
  • T1082 - System Information Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sowbug

Score: 4.24
Matched TTPs:
  • T1082 - System Information Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

BITTER

Score: 6.28
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 11.04
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

BackdoorDiplomacy

Score: 7.29
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Fox Kitten

Score: 19.93
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1213.005 - Messaging Applications
MITREへのリンク →

Volatile Cedar

Score: 8.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Axiom

Score: 17.82
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1563.002 - RDP Hijacking
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA551

Score: 6.67
Matched TTPs:
  • T1036 - Masquerading
  • T1589.002 - Email Addresses
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PLATINUM

Score: 9.27
Matched TTPs:
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

SilverTerrier

Score: 7.00
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1657 - Financial Theft
  • T1071.001 - Web Protocols
MITREへのリンク →

Tonto Team

Score: 7.76
Matched TTPs:
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 12.36
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Metador

Score: 5.27
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Leafminer

Score: 4.16
Matched TTPs:
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

APT-C-36

Score: 4.02
Matched TTPs:
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 5.21
Matched TTPs:
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

RedEcho

Score: 6.33
Matched TTPs:
  • T1571 - Non-Standard Port
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 5.98
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 5.48
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1598.003 - Spearphishing Link
  • T1589.001 - Credentials
  • T1669 - Wi-Fi Networks
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
  • T1189 - Drive-by Compromise
  • T1090.002 - External Proxy
  • T1036 - Masquerading
  • T1213 - Data from Information Repositories
  • T1596 - Search Open Technical Databases
  • T1040 - Network Sniffing
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
  • T1498 - Network Denial of Service
  • T1584.008 - Network Devices
  • T1211 - Exploitation for Defense Evasion
  • T1591 - Gather Victim Org Information
  • T1213.002 - Sharepoint
  • T1557.004 - Evil Twin
  • T1598 - Phishing for Information
  • T1001.001 - Junk Data
  • T1595.002 - Vulnerability Scanning
  • T1210 - Exploitation of Remote Services
  • T1119 - Automated Collection
  • T1039 - Data from Network Shared Drive
  • T1567 - Exfiltration Over Web Service
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
MITREへのリンク →

Sandworm Team

Score: 0.81
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1598.003 - Spearphishing Link
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1590.001 - Domain Properties
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
  • T1591.002 - Business Relationships
  • T1036 - Masquerading
  • T1195 - Supply Chain Compromise
  • T1594 - Search Victim-Owned Websites
  • T1195.002 - Compromise Software Supply Chain
  • T1584.004 - Server
  • T1593 - Search Open Websites/Domains
  • T1592.002 - Software
  • T1040 - Network Sniffing
  • T1589.002 - Email Addresses
  • T1105 - Ingress Tool Transfer
  • T1491.002 - External Defacement
  • T1102.002 - Bidirectional Communication
  • T1499 - Endpoint Denial of Service
  • T1571 - Non-Standard Port
  • T1586.001 - Social Media Accounts
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1595.002 - Vulnerability Scanning
  • T1570 - Lateral Tool Transfer
  • T1082 - System Information Discovery
  • T1047 - Windows Management Instrumentation
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1033 - System Owner/User Discovery
  • T1203 - Exploitation for Client Execution
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Volt Typhoon

Score: 0.78
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1124 - System Time Discovery
  • T1049 - System Network Connections Discovery
  • T1090.001 - Internal Proxy
  • T1584.005 - Botnet
  • T1003.003 - NTDS
  • T1594 - Search Victim-Owned Websites
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1593 - Search Open Websites/Domains
  • T1587.004 - Exploits
  • T1591.004 - Identify Roles
  • T1590 - Gather Victim Network Information
  • T1614 - System Location Discovery
  • T1596.005 - Scan Databases
  • T1589.002 - Email Addresses
  • T1105 - Ingress Tool Transfer
  • T1584.008 - Network Devices
  • T1518 - Software Discovery
  • T1016.001 - Internet Connection Discovery
  • T1591 - Gather Victim Org Information
  • T1590.006 - Network Security Appliances
  • T1570 - Lateral Tool Transfer
  • T1592 - Gather Victim Host Information
  • T1047 - Windows Management Instrumentation
  • T1588.002 - Tool
  • T1033 - System Owner/User Discovery
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1007 - System Service Discovery
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1598.003 - Spearphishing Link
  • T1071.001 - Web Protocols
  • T1594 - Search Victim-Owned Websites
  • T1021.001 - Remote Desktop Protocol
  • T1596 - Search Open Technical Databases
  • T1593 - Search Open Websites/Domains
  • T1518.001 - Security Software Discovery
  • T1656 - Impersonation
  • T1566 - Phishing
  • T1040 - Network Sniffing
  • T1589.002 - Email Addresses
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
  • T1102.001 - Dead Drop Resolver
  • T1591 - Gather Victim Org Information
  • T1587 - Develop Capabilities
  • T1557 - Adversary-in-the-Middle
  • T1598 - Phishing for Information
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1593.001 - Social Media
  • T1588.005 - Exploits
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1534 - Internal Spearphishing
  • T1657 - Financial Theft
  • T1007 - System Service Discovery
  • T1583.006 - Web Services
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1598.003 - Spearphishing Link
  • T1049 - System Network Connections Discovery
  • T1589.001 - Credentials
  • T1071.001 - Web Protocols
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1592.002 - Software
  • T1589.002 - Email Addresses
  • T1105 - Ingress Tool Transfer
  • T1102.002 - Bidirectional Communication
  • T1562 - Impair Defenses
  • T1590.005 - IP Addresses
  • T1016.002 - Wi-Fi Discovery
  • T1016.001 - Internet Connection Discovery
  • T1571 - Non-Standard Port
  • T1566.003 - Spearphishing via Service
  • T1595.002 - Vulnerability Scanning
  • T1570 - Lateral Tool Transfer
  • T1082 - System Information Discovery
  • T1567 - Exfiltration Over Web Service
  • T1047 - Windows Management Instrumentation
  • T1591.001 - Determine Physical Locations
  • T1588.002 - Tool
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
MITREへのリンク →

Contagious Interview

Score: 0.56
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1036 - Masquerading
  • T1593 - Search Open Websites/Domains
  • T1656 - Impersonation
  • T1571 - Non-Standard Port
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1566.003 - Spearphishing via Service
  • T1588.007 - Artificial Intelligence
  • T1082 - System Information Discovery
  • T1593.003 - Code Repositories
  • T1567 - Exfiltration Over Web Service
  • T1593.001 - Social Media
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1657 - Financial Theft
  • T1681 - Search Threat Vendor Data
  • T1583.006 - Web Services
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る