Trusted Design

Blurring of Commodity and Targeted Attack Malware

概要

As malware and its authors continue to evolve, deciphering the purpose of specific malware-driven attacks has become more challenging. While some malware still has a feature-specific design such as DDoS tools or spam bots, it is becoming increasingly common for malware to have multiple uses for different missions. Recent banking trojans for example are likely to support remote access, which is not typically required to deliver web injects and steal credentials.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 68.97
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1219.001 - IDE Tunneling
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1219.002 - Remote Desktop Software
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Kimsuky

Score: 92.03
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1539 - Steal Web Session Cookie
  • T1587.001 - Malware
  • T1176.001 - Browser Extensions
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1185 - Browser Session Hijacking
  • T1583.004 - Server
  • T1593.002 - Search Engines
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1587 - Develop Capabilities
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

Sea Turtle

Score: 25.40
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1071.001 - Web Protocols
  • T1078.003 - Local Accounts
MITREへのリンク →

Ember Bear

Score: 39.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021 - Remote Services
  • T1110.003 - Password Spraying
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 20.47
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1136 - Create Account
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 14.94
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1110.003 - Password Spraying
  • T1078.002 - Domain Accounts
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Contagious Interview

Score: 60.42
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1567 - Exfiltration Over Web Service
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1204.005 - Malicious Library
  • T1583.003 - Virtual Private Server
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1543.001 - Launch Agent
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 71.61
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1539 - Steal Web Session Cookie
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1583.004 - Server
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1571 - Non-Standard Port
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1499 - Endpoint Denial of Service
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 20.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1550.004 - Web Session Cookie
MITREへのリンク →

Lazarus Group

Score: 64.19
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1098 - Account Manipulation
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1571 - Non-Standard Port
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Moonstone Sleet

Score: 33.85
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT39

Score: 35.44
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Poseidon Group

Score: 5.12
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
MITREへのリンク →

Tonto Team

Score: 10.35
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 34.22
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1078 - Valid Accounts
MITREへのリンク →

BlackByte

Score: 38.40
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 71.98
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1036 - Masquerading
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1550.001 - Application Access Token
  • T1001.001 - Junk Data
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-0501

Score: 11.41
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Axiom

Score: 19.82
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Leviathan

Score: 39.30
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT37

Score: 16.90
Matched TTPs:
  • T1123 - Audio Capture
  • T1055 - Process Injection
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LuminousMoth

Score: 16.86
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 43.39
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1087 - Account Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1098 - Account Manipulation
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1136 - Create Account
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

Evilnum

Score: 8.19
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1566.002 - Spearphishing Link
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lotus Blossom

Score: 6.81
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT42

Score: 22.90
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1070 - Indicator Removal
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
MITREへのリンク →

APT41

Score: 41.08
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1596.005 - Scan Databases
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA551

Score: 8.28
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1036 - Masquerading
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 44.49
Matched TTPs:
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1078.002 - Domain Accounts
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1596.005 - Scan Databases
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

ZIRCONIUM

Score: 26.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1124 - System Time Discovery
MITREへのリンク →

Mustard Tempest

Score: 16.82
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 25.62
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1087 - Account Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

OilRig

Score: 41.73
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 32.72
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Salt Typhoon

Score: 8.26
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

APT29

Score: 34.54
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

Play

Score: 15.99
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 16.71
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1071.001 - Web Protocols
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 46.57
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

Ke3chang

Score: 20.42
Matched TTPs:
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

TeamTNT

Score: 19.32
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1102 - Web Service
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 47.69
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1571 - Non-Standard Port
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

BlackTech

Score: 8.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

MuddyWater

Score: 33.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 6.92
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sidewinder

Score: 14.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 7.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN8

Score: 14.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT3

Score: 12.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1090.002 - External Proxy
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT1

Score: 8.93
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT33

Score: 12.32
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

EXOTIC LILY

Score: 9.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Molerats

Score: 3.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 44.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1078.002 - Domain Accounts
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windshift

Score: 16.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 17.28
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN4

Score: 8.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
MITREへのリンク →

TA2541

Score: 13.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 33.18
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Storm-1811

Score: 20.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Wizard Spider

Score: 29.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1055 - Process Injection
  • T1021 - Remote Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 15.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA505

Score: 12.55
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1078.002 - Domain Accounts
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 13.38
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silent Librarian

Score: 7.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 21.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.004 - Server
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 25.95
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Gamaredon Group

Score: 53.83
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1571 - Non-Standard Port
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 31.30
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 33.36
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1110.003 - Password Spraying
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1098 - Account Manipulation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

APT5

Score: 19.46
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1070 - Indicator Removal
  • T1554 - Compromise Host Software Binary
  • T1078.002 - Domain Accounts
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Threat Group-3390

Score: 28.50
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

BRONZE BUTLER

Score: 24.01
Matched TTPs:
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Aquatic Panda

Score: 20.13
Matched TTPs:
  • T1007 - System Service Discovery
  • T1021 - Remote Services
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Chimera

Score: 33.98
Matched TTPs:
  • T1007 - System Service Discovery
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1589.001 - Credentials
  • T1078.002 - Domain Accounts
  • T1556.001 - Domain Controller Authentication
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

WIRTE

Score: 6.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 6.82
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 12.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Darkhotel

Score: 14.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Winter Vivern

Score: 19.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 18.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cinnamon Tempest

Score: 13.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 21.02
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1571 - Non-Standard Port
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Tropic Trooper

Score: 15.96
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Malteiro

Score: 5.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT19

Score: 5.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Higaisa

Score: 13.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

SideCopy

Score: 7.39
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 9.90
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 16.76
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1110.003 - Password Spraying
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BackdoorDiplomacy

Score: 7.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 10.28
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Fox Kitten

Score: 19.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

ToddyCat

Score: 8.18
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 8.71
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 12.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volatile Cedar

Score: 6.38
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 16.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 10.38
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1200 - Hardware Additions
MITREへのリンク →

Carbanak

Score: 7.26
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Akira

Score: 12.32
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

PLATINUM

Score: 7.19
Matched TTPs:
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

Silence

Score: 14.70
Matched TTPs:
  • T1055 - Process Injection
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1571 - Non-Standard Port
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Velvet Ant

Score: 16.98
Matched TTPs:
  • T1055 - Process Injection
  • T1571 - Non-Standard Port
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Leafminer

Score: 5.36
Matched TTPs:
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

LAPSUS$

Score: 25.14
Matched TTPs:
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1213.005 - Messaging Applications
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 5.27
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 10.34
Matched TTPs:
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

Inception

Score: 8.80
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

FIN6

Score: 11.37
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

SilverTerrier

Score: 3.71
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.001 - Web Protocols
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT-C-36

Score: 6.31
Matched TTPs:
  • T1588.002 - Tool
  • T1571 - Non-Standard Port
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN10

Score: 6.59
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

APT18

Score: 3.39
Matched TTPs:
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RedEcho

Score: 3.59
Matched TTPs:
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
MITREへのリンク →

Daggerfly

Score: 9.49
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 5.98
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

Naikon

Score: 4.19
Matched TTPs:
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Stealth Falcon

Score: 4.81
Matched TTPs:
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
MITREへのリンク →

RTM

Score: 7.98
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 5.48
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1557 - Adversary-in-the-Middle
  • T1588.003 - Code Signing Certificates
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1007 - System Service Discovery
  • T1102.002 - Bidirectional Communication
  • T1185 - Browser Session Hijacking
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1583.006 - Web Services
  • T1176.001 - Browser Extensions
  • T1078.003 - Local Accounts
  • T1583 - Acquire Infrastructure
  • T1534 - Internal Spearphishing
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
  • T1593 - Search Open Websites/Domains
  • T1027 - Obfuscated Files or Information
  • T1219.002 - Remote Desktop Software
  • T1598.003 - Spearphishing Link
  • T1587 - Develop Capabilities
  • T1055 - Process Injection
  • T1566.002 - Spearphishing Link
  • T1593.002 - Search Engines
  • T1021.001 - Remote Desktop Protocol
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
  • T1587.001 - Malware
  • T1539 - Steal Web Session Cookie
  • T1657 - Financial Theft
  • T1598 - Phishing for Information
  • T1518.001 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT28

Score: 0.66
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
  • T1498 - Network Denial of Service
  • T1588.002 - Tool
  • T1211 - Exploitation for Defense Evasion
  • T1036 - Masquerading
  • T1102.002 - Bidirectional Communication
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1567 - Exfiltration Over Web Service
  • T1550.001 - Application Access Token
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1598.003 - Spearphishing Link
  • T1584.008 - Network Devices
  • T1110.003 - Password Spraying
  • T1078 - Valid Accounts
  • T1669 - Wi-Fi Networks
  • T1071.001 - Web Protocols
  • T1589.001 - Credentials
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1598 - Phishing for Information
  • T1090.002 - External Proxy
  • T1001.001 - Junk Data
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Sandworm Team

Score: 0.66
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1588.002 - Tool
  • T1584.005 - Botnet
  • T1036 - Masquerading
  • T1219 - Remote Access Tools
  • T1102.002 - Bidirectional Communication
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1584.004 - Server
  • T1195 - Supply Chain Compromise
  • T1583 - Acquire Infrastructure
  • T1078.002 - Domain Accounts
  • T1203 - Exploitation for Client Execution
  • T1593 - Search Open Websites/Domains
  • T1090 - Proxy
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1078 - Valid Accounts
  • T1608.001 - Upload Malware
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
  • T1587.001 - Malware
  • T1592.002 - Software
  • T1539 - Steal Web Session Cookie
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1557 - Adversary-in-the-Middle
  • T1003 - OS Credential Dumping
  • T1588.003 - Code Signing Certificates
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1102 - Web Service
  • T1001.003 - Protocol or Service Impersonation
  • T1678 - Delay Execution
  • T1583.006 - Web Services
  • T1027.007 - Dynamic API Resolution
  • T1608 - Stage Capabilities
  • T1203 - Exploitation for Client Execution
  • T1593 - Search Open Websites/Domains
  • T1027 - Obfuscated Files or Information
  • T1176.002 - IDE Extensions
  • T1219.002 - Remote Desktop Software
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1219.001 - IDE Tunneling
  • T1071.001 - Web Protocols
  • T1587.001 - Malware
  • T1518 - Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1001.003 - Protocol or Service Impersonation
  • T1102.002 - Bidirectional Communication
  • T1027.009 - Embedded Payloads
  • T1583.006 - Web Services
  • T1584.004 - Server
  • T1491.001 - Internal Defacement
  • T1566.003 - Spearphishing via Service
  • T1027.007 - Dynamic API Resolution
  • T1547.009 - Shortcut Modification
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1098 - Account Manipulation
  • T1566.002 - Spearphishing Link
  • T1110.003 - Password Spraying
  • T1021.001 - Remote Desktop Protocol
  • T1078 - Valid Accounts
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
  • T1587.001 - Malware
  • T1124 - System Time Discovery
  • T1090.002 - External Proxy
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る