Trusted Design

Blurring of Commodity and Targeted Attack Malware

概要

As malware and its authors continue to evolve, deciphering the purpose of specific malware-driven attacks has become more challenging. While some malware still has a feature-specific design such as DDoS tools or spam bots, it is becoming increasingly common for malware to have multiple uses for different missions. Recent banking trojans for example are likely to support remote access, which is not typically required to deliver web injects and steal credentials.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 68.97
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1562.006 - Indicator Blocking
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 92.03
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1109 - Component Firmware
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1602.002 - Network Device Configuration Dump
  • T1557.003 - DHCP Spoofing
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sea Turtle

Score: 25.40
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1556.005 - Reversible Encryption
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ember Bear

Score: 39.60
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1589 - Gather Victim Identity Information
  • T1027.016 - Junk Code Insertion
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 20.47
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 14.94
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.016 - Junk Code Insertion
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 60.42
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1586.003 - Cloud Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1565.002 - Transmitted Data Manipulation
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 71.61
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1109 - Component Firmware
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1075 - Pass the Hash
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 20.60
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1109 - Component Firmware
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1168 - Local Job Scheduling
MITREへのリンク →

Lazarus Group

Score: 64.19
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
MITREへのリンク →

Moonstone Sleet

Score: 33.85
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT39

Score: 35.44
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1543.003 - Windows Service
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Poseidon Group

Score: 5.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Tonto Team

Score: 10.35
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 34.22
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackByte

Score: 38.40
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 71.98
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
  • T1564.004 - NTFS File Attributes
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-0501

Score: 11.41
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Axiom

Score: 19.82
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
MITREへのリンク →

Leviathan

Score: 39.30
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT37

Score: 16.90
Matched TTPs:
  • T1485.001 - Lifecycle-Triggered Deletion
  • T1684 - Social Engineering
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LuminousMoth

Score: 16.86
Matched TTPs:
  • T1109 - Component Firmware
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 43.39
Matched TTPs:
  • T1109 - Component Firmware
  • T1566.002 - Spearphishing Link
  • T1144 - Gatekeeper Bypass
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1498 - Network Denial of Service
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

Evilnum

Score: 8.19
Matched TTPs:
  • T1109 - Component Firmware
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 6.81
Matched TTPs:
  • T1109 - Component Firmware
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

APT42

Score: 22.90
Matched TTPs:
  • T1109 - Component Firmware
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT41

Score: 41.08
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 8.28
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 44.49
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1166 - Setuid and Setgid
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

ZIRCONIUM

Score: 26.63
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustard Tempest

Score: 16.82
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 25.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

OilRig

Score: 41.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 32.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1606 - Forge Web Credentials
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Salt Typhoon

Score: 8.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

APT29

Score: 34.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Play

Score: 15.99
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 16.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 46.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ke3chang

Score: 20.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TeamTNT

Score: 19.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1612 - Build Image on Host
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 47.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackTech

Score: 8.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

MuddyWater

Score: 33.40
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 6.92
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 14.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 7.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN8

Score: 14.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
MITREへのリンク →

APT3

Score: 12.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT1

Score: 8.93
Matched TTPs:
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

APT33

Score: 12.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.016 - Junk Code Insertion
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

EXOTIC LILY

Score: 9.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 44.22
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1166 - Setuid and Setgid
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 16.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 17.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN4

Score: 8.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA2541

Score: 13.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 33.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Storm-1811

Score: 20.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 29.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1684 - Social Engineering
  • T1589 - Gather Victim Identity Information
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 15.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 12.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 13.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silent Librarian

Score: 7.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027.016 - Junk Code Insertion
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 21.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1557.003 - DHCP Spoofing
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 25.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Gamaredon Group

Score: 53.83
Matched TTPs:
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1562.001 - Disable or Modify Tools
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 31.30
Matched TTPs:
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HAFNIUM

Score: 33.36
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 19.46
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1677 - Poisoned Pipeline Execution
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 28.50
Matched TTPs:
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 24.01
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

Aquatic Panda

Score: 20.13
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1589 - Gather Victim Identity Information
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Chimera

Score: 33.98
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1027.016 - Junk Code Insertion
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1592.003 - Firmware
  • T1166 - Setuid and Setgid
  • T1059.003 - Windows Command Shell
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

WIRTE

Score: 6.78
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 6.82
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 12.90
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Darkhotel

Score: 14.23
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Winter Vivern

Score: 19.64
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 18.45
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Cinnamon Tempest

Score: 13.24
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 21.02
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1562.001 - Disable or Modify Tools
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Tropic Trooper

Score: 15.96
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Malteiro

Score: 5.99
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

APT19

Score: 5.37
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Higaisa

Score: 13.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

SideCopy

Score: 7.39
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 9.90
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 16.76
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.016 - Junk Code Insertion
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

BackdoorDiplomacy

Score: 7.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 10.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Fox Kitten

Score: 19.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

ToddyCat

Score: 8.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 8.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

GALLIUM

Score: 12.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volatile Cedar

Score: 6.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 16.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

DarkVishnya

Score: 10.38
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

Carbanak

Score: 7.26
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Akira

Score: 12.32
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1622 - Debugger Evasion
MITREへのリンク →

PLATINUM

Score: 7.19
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

Silence

Score: 14.70
Matched TTPs:
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 16.98
Matched TTPs:
  • T1684 - Social Engineering
  • T1562.001 - Disable or Modify Tools
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Leafminer

Score: 5.36
Matched TTPs:
  • T1027.016 - Junk Code Insertion
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

LAPSUS$

Score: 25.14
Matched TTPs:
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1592.003 - Firmware
  • T1588.005 - Exploits
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 5.27
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 10.34
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Inception

Score: 8.80
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 11.37
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

SilverTerrier

Score: 3.71
Matched TTPs:
  • T1552.003 - Shell History
  • T1556.005 - Reversible Encryption
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT-C-36

Score: 6.31
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1562.001 - Disable or Modify Tools
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN10

Score: 6.59
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT18

Score: 3.39
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedEcho

Score: 3.59
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Daggerfly

Score: 9.49
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 5.98
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

Naikon

Score: 4.19
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

Stealth Falcon

Score: 4.81
Matched TTPs:
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
MITREへのリンク →

RTM

Score: 7.98
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 5.48
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.79
Matched TTPs:
  • T1008 - Fallback Channels
  • T1547.002 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1126 - Network Share Connection Removal
  • T1526 - Cloud Service Discovery
  • T1199 - Trusted Relationship
  • T1102.003 - One-Way Communication
  • T1606.002 - SAML Tokens
  • T1003.003 - NTDS
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
  • T1003.007 - Proc Filesystem
  • T1552.003 - Shell History
  • T1055.014 - VDSO Hijacking
  • T1490 - Inhibit System Recovery
  • T1109 - Component Firmware
  • T1213.006 - Databases
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.010 - AutoHotKey & AutoIT
  • T1037 - Boot or Logon Initialization Scripts
  • T1557.003 - DHCP Spoofing
  • T1506 - Web Session Cookie
  • T1683.001 - Written Content
  • T1033 - System Owner/User Discovery
  • T1547.013 - XDG Autostart Entries
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1197 - BITS Jobs
  • T1602.002 - Network Device Configuration Dump
  • T1140 - Deobfuscate/Decode Files or Information
  • T1556.005 - Reversible Encryption
  • T1684 - Social Engineering
  • T1622 - Debugger Evasion
  • T1608.005 - Link Target
MITREへのリンク →

APT28

Score: 0.66
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1564.004 - NTFS File Attributes
  • T1059.001 - PowerShell
  • T1146 - Clear Command History
  • T1218.010 - Regsvr32
  • T1542.004 - ROMMONkit
  • T1685.001 - Disable or Modify Windows Event Log
  • T1592.003 - Firmware
  • T1059.010 - AutoHotKey & AutoIT
  • T1597.002 - Purchase Technical Data
  • T1547.011 - Plist Modification
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
  • T1059.012 - Hypervisor CLI
  • T1027.016 - Junk Code Insertion
  • T1566.003 - Spearphishing via Service
  • T1586.003 - Cloud Accounts
  • T1547.013 - XDG Autostart Entries
  • T1197 - BITS Jobs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1556.005 - Reversible Encryption
  • T1608.005 - Link Target
MITREへのリンク →

Sandworm Team

Score: 0.66
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1075 - Pass the Hash
  • T1547.002 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1166 - Setuid and Setgid
  • T1005 - Data from Local System
  • T1562.001 - Disable or Modify Tools
  • T1199 - Trusted Relationship
  • T1102.003 - One-Way Communication
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1586.002 - Email Accounts
  • T1109 - Component Firmware
  • T1573 - Encrypted Channel
  • T1059.010 - AutoHotKey & AutoIT
  • T1557.003 - DHCP Spoofing
  • T1033 - System Owner/User Discovery
  • T1187 - Forced Authentication
  • T1045 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1564.008 - Email Hiding Rules
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1546.016 - Installer Packages
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1569.001 - Launchctl
  • T1526 - Cloud Service Discovery
  • T1199 - Trusted Relationship
  • T1102.003 - One-Way Communication
  • T1606.002 - SAML Tokens
  • T1612 - Build Image on Host
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
  • T1218.010 - Regsvr32
  • T1136.001 - Local Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1597.002 - Purchase Technical Data
  • T1037 - Boot or Logon Initialization Scripts
  • T1055.005 - Thread Local Storage
  • T1169 - Sudo
  • T1562.006 - Indicator Blocking
  • T1677 - Poisoned Pipeline Execution
  • T1547.013 - XDG Autostart Entries
  • T1159 - Launch Agent
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1556.005 - Reversible Encryption
  • T1608.005 - Link Target
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
  • T1562.001 - Disable or Modify Tools
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1132.001 - Standard Encoding
  • T1547.011 - Plist Modification
  • T1059.012 - Hypervisor CLI
  • T1027.016 - Junk Code Insertion
  • T1569.002 - Service Execution
  • T1608.005 - Link Target
  • T1677 - Poisoned Pipeline Execution
  • T1547.013 - XDG Autostart Entries
  • T1050 - New Service
  • T1546.016 - Installer Packages
  • T1606.001 - Web Cookies
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1210 - Exploitation of Remote Services
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る