Trusted Design

Neutralizing Remote Access Trojan Efficacy

概要

Continuously incorporating known remote access trojan (RAT) controller locations into operational defense workflow and detection technologies is useful, and automating correlation with internal telemetry will identify potential infections, but the deeper value to the business, that reduces risk, is to understand the adversary behind each RAT instance. Adversary attribution is difficult, but worthwhile, since motivation informs methodology. Exploring an attacker’s capabilities and infrastructure becomes an ancillary benefit. One of the best ways to achieve consistent attribution results is to develop original attribution methodologies. An example of one such methodology – proactive Internet services enumeration – and the applied results for Trojans like njRAT and Dark Comet are detailed in this report.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 7.16
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 36.61
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

menuPass

Score: 24.80
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1487 - Disk Structure Wipe
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

INC Ransom

Score: 18.46
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gamaredon Group

Score: 39.90
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1562.001 - Disable or Modify Tools
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 42.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1134.002 - Create Process with Token
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 49.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1677 - Poisoned Pipeline Execution
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MuddyWater

Score: 27.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 23.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Leviathan

Score: 38.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Velvet Ant

Score: 23.15
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583.005 - Botnet
  • T1055.004 - Asynchronous Procedure Call
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 46.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

GALLIUM

Score: 14.46
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 84.19
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1148 - HISTCONTROL
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1164 - Re-opened Applications
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1488 - Disk Content Wipe
  • T1566.004 - Spearphishing Voice
  • T1584.002 - DNS Server
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Blue Mockingbird

Score: 9.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Naikon

Score: 4.98
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lazarus Group

Score: 54.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1547.011 - Plist Modification
  • T1134.002 - Create Process with Token
  • T1677 - Poisoned Pipeline Execution
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

Lotus Blossom

Score: 11.34
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

Sandworm Team

Score: 88.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1111 - Multi-Factor Authentication Interception
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Earth Lusca

Score: 32.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
MITREへのリンク →

Indrik Spider

Score: 23.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1552.008 - Chat Messages
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

TA2541

Score: 19.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Stealth Falcon

Score: 5.50
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Aquatic Panda

Score: 17.06
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT29

Score: 30.96
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 33.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 18.85
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 20.30
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1487 - Disk Structure Wipe
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

ToddyCat

Score: 10.71
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Deep Panda

Score: 3.08
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 30.93
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1487 - Disk Structure Wipe
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 25.87
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1128 - Netsh Helper DLL
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ember Bear

Score: 42.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1487 - Disk Structure Wipe
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1519 - Emond
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Chimera

Score: 39.42
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1059.003 - Windows Command Shell
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

BlackByte

Score: 29.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1606.001 - Web Cookies
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN13

Score: 33.62
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Magic Hound

Score: 66.58
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1021.008 - Direct Cloud VM Connections
  • T1562.004 - Disable or Modify System Firewall
  • T1134.002 - Create Process with Token
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 45.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

FIN8

Score: 21.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Kimsuky

Score: 84.66
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1152 - Launchctl
  • T1134.002 - Create Process with Token
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 15.16
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT38

Score: 22.46
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Moonstone Sleet

Score: 32.21
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ke3chang

Score: 29.01
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1606.002 - SAML Tokens
  • T1487 - Disk Structure Wipe
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HAFNIUM

Score: 45.18
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1487 - Disk Structure Wipe
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Winter Vivern

Score: 23.10
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 6.58
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN10

Score: 6.30
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
MITREへのリンク →

APT39

Score: 24.80
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

APT37

Score: 10.39
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 17.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 27.84
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1578.001 - Create Snapshot
MITREへのリンク →

Patchwork

Score: 20.58
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

LuminousMoth

Score: 15.39
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 28.95
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Dragonfly

Score: 37.51
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-1811

Score: 27.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sidewinder

Score: 23.18
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT3

Score: 14.16
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1120 - Peripheral Device Discovery
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 14.30
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1487 - Disk Structure Wipe
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1566.004 - Spearphishing Voice
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 58.77
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1586.003 - Cloud Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Star Blizzard

Score: 15.22
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

LAPSUS$

Score: 49.73
Matched TTPs:
  • T1216.001 - PubPrn
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

Akira

Score: 9.00
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1552.003 - Shell History
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

APT28

Score: 90.21
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1585 - Establish Accounts
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1564.004 - NTFS File Attributes
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Andariel

Score: 15.92
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 46.66
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1131 - Authentication Package
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Mustard Tempest

Score: 14.74
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silent Librarian

Score: 9.12
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 24.15
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1612 - Build Image on Host
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

UNC3886

Score: 27.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1606 - Forge Web Credentials
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1578.001 - Create Snapshot
MITREへのリンク →

Salt Typhoon

Score: 15.14
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 12.36
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 8.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 16.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1542.004 - ROMMONkit
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Moses Staff

Score: 6.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 24.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1506 - Web Session Cookie
  • T1519 - Emond
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 5.26
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 9.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1487 - Disk Structure Wipe
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 7.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT1

Score: 12.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

APT33

Score: 11.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 14.98
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

TA505

Score: 8.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 13.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 42.07
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

CURIUM

Score: 17.20
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN5

Score: 7.32
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT5

Score: 12.32
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
  • T1055.004 - Asynchronous Procedure Call
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 23.98
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

admin@338

Score: 6.96
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

DarkVishnya

Score: 10.82
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

Windigo

Score: 5.72
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Darkhotel

Score: 9.73
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Rocke

Score: 16.29
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1562.001 - Disable or Modify Tools
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Inception

Score: 10.01
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

Higaisa

Score: 13.25
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Malteiro

Score: 5.63
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Daggerfly

Score: 10.70
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 7.10
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

SideCopy

Score: 16.35
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT18

Score: 3.17
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sowbug

Score: 4.24
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1542.004 - ROMMONkit
MITREへのリンク →

BITTER

Score: 6.28
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 11.04
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BackdoorDiplomacy

Score: 7.29
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Fox Kitten

Score: 19.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

Volatile Cedar

Score: 8.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 17.82
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1189 - Drive-by Compromise
  • T1622 - Debugger Evasion
MITREへのリンク →

TA551

Score: 6.67
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PLATINUM

Score: 9.27
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

SilverTerrier

Score: 7.00
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Tonto Team

Score: 7.76
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 12.36
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Metador

Score: 5.27
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Leafminer

Score: 4.16
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT-C-36

Score: 4.02
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 5.21
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

RedEcho

Score: 6.33
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 5.98
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 5.48
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.82
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1197 - BITS Jobs
  • T1586.003 - Cloud Accounts
  • T1057 - Process Discovery
  • T1487 - Disk Structure Wipe
  • T1548.006 - TCC Manipulation
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1139 - Bash History
  • T1152 - Launchctl
  • T1556.005 - Reversible Encryption
  • T1059.012 - Hypervisor CLI
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1685.001 - Disable or Modify Windows Event Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.007 - Netsh Helper DLL
  • T1583.005 - Botnet
  • T1566.002 - Spearphishing Link
  • T1592.003 - Firmware
  • T1547.011 - Plist Modification
  • T1542.004 - ROMMONkit
  • T1564.004 - NTFS File Attributes
  • T1562.004 - Disable or Modify System Firewall
  • T1566.003 - Spearphishing via Service
  • T1131 - Authentication Package
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1585 - Establish Accounts
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Sandworm Team

Score: 0.81
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1033 - System Owner/User Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1193 - Spearphishing Attachment
  • T1548.006 - TCC Manipulation
  • T1134 - Access Token Manipulation
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1047 - Windows Management Instrumentation
  • T1005 - Data from Local System
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1102.003 - One-Way Communication
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.005 - Botnet
  • T1566.002 - Spearphishing Link
  • T1546.016 - Installer Packages
  • T1557 - Adversary-in-the-Middle
  • T1091 - Replication Through Removable Media
  • T1564.008 - Email Hiding Rules
  • T1543.003 - Windows Service
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1111 - Multi-Factor Authentication Interception
  • T1484.002 - Trust Modification
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1547.013 - XDG Autostart Entries
  • T1134.002 - Create Process with Token
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Volt Typhoon

Score: 0.78
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1055.004 - Asynchronous Procedure Call
  • T1057 - Process Discovery
  • T1148 - HISTCONTROL
  • T1548.006 - TCC Manipulation
  • T1159 - Launch Agent
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
  • T1114 - Email Collection
  • T1047 - Windows Management Instrumentation
  • T1003.007 - Proc Filesystem
  • T1102.003 - One-Way Communication
  • T1488 - Disk Content Wipe
  • T1164 - Re-opened Applications
  • T1199 - Trusted Relationship
  • T1685.001 - Disable or Modify Windows Event Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
  • T1065 - Uncommonly Used Port
  • T1553.002 - Code Signing
  • T1622 - Debugger Evasion
  • T1552.008 - Chat Messages
  • T1584.002 - DNS Server
  • T1099 - Timestomp
  • T1049 - System Network Connections Discovery
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1134.002 - Create Process with Token
  • T1557 - Adversary-in-the-Middle
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1197 - BITS Jobs
  • T1690 - Prevent Command History Logging
  • T1033 - System Owner/User Discovery
  • T1003.003 - NTDS
  • T1057 - Process Discovery
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1114 - Email Collection
  • T1008 - Fallback Channels
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1126 - Network Share Connection Removal
  • T1152 - Launchctl
  • T1556.005 - Reversible Encryption
  • T1506 - Web Session Cookie
  • T1102.003 - One-Way Communication
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1140 - Deobfuscate/Decode Files or Information
  • T1030 - Data Transfer Size Limits
  • T1583.005 - Botnet
  • T1566.002 - Spearphishing Link
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1091 - Replication Through Removable Media
  • T1622 - Debugger Evasion
  • T1055.014 - VDSO Hijacking
  • T1037 - Boot or Logon Initialization Scripts
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1134.002 - Create Process with Token
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1586.003 - Cloud Accounts
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1134 - Access Token Manipulation
  • T1047 - Windows Management Instrumentation
  • T1187 - Forced Authentication
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1556.005 - Reversible Encryption
  • T1059.012 - Hypervisor CLI
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.002 - Spearphishing Link
  • T1592.003 - Firmware
  • T1547.008 - LSASS Driver
  • T1070.003 - Clear Command History
  • T1098.002 - Additional Email Delegate Permissions
  • T1622 - Debugger Evasion
  • T1021.008 - Direct Cloud VM Connections
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1562.004 - Disable or Modify System Firewall
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1134.002 - Create Process with Token
  • T1557 - Adversary-in-the-Middle
MITREへのリンク →

Contagious Interview

Score: 0.56
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1586.003 - Cloud Accounts
  • T1690 - Prevent Command History Logging
  • T1033 - System Owner/User Discovery
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1218.008 - Odbcconf
  • T1021.006 - Windows Remote Management
  • T1102.003 - One-Way Communication
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1044 - File System Permissions Weakness
  • T1030 - Data Transfer Size Limits
  • T1091 - Replication Through Removable Media
  • T1547.008 - LSASS Driver
  • T1131 - Authentication Package
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る