Trusted Design

Macro documents with XOR Encoded Payloads

概要

When reversing malware samples, one of the things that we as analysts look for are places where the attackers slip up. This can be anywhere from using the same strings, to weak obfuscation routines, or re-using the same snippet of code. When we talk about the attackers, there is this misconception that they are these super villains who can only do evil, but keep in mind they are humans too. This pulse contain IOC's related to phishing campaigns using the technique described above.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 25.96
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1565.003 - Runtime Data Manipulation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1217 - Browser Information Discovery
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Moonstone Sleet

Score: 28.70
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1217 - Browser Information Discovery
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
MITREへのリンク →

FIN8

Score: 11.12
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Ke3chang

Score: 18.87
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
MITREへのリンク →

FIN7

Score: 37.57
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
MITREへのリンク →

HAFNIUM

Score: 12.52
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1593.003 - Code Repositories
  • T1584.005 - Botnet
  • T1583.006 - Web Services
MITREへのリンク →

Winter Vivern

Score: 15.94
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1041 - Exfiltration Over C2 Channel
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT19

Score: 14.43
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT32

Score: 38.75
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1550.003 - Pass the Ticket
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT39

Score: 25.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT37

Score: 20.80
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1027 - Obfuscated Files or Information
  • T1036.001 - Invalid Code Signature
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Lazarus Group

Score: 49.61
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1010 - Application Window Discovery
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tropic Trooper

Score: 24.07
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1221 - Template Injection
  • T1518 - Software Discovery
MITREへのリンク →

Threat Group-3390

Score: 27.72
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 24.78
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Magic Hound

Score: 35.08
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

ZIRCONIUM

Score: 22.67
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

Chimera

Score: 17.75
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1574.001 - DLL
  • T1217 - Browser Information Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Patchwork

Score: 18.57
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Stealth Falcon

Score: 3.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Volt Typhoon

Score: 31.69
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1036.008 - Masquerade File Type
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1217 - Browser Information Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1518 - Software Discovery
MITREへのリンク →

LuminousMoth

Score: 15.93
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
MITREへのリンク →

Aquatic Panda

Score: 12.20
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Gamaredon Group

Score: 67.49
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
  • T1027.015 - Compression
MITREへのリンク →

GALLIUM

Score: 9.88
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Wizard Spider

Score: 15.55
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT41

Score: 29.89
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1568.002 - Domain Generation Algorithms
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1480.001 - Environmental Keying
MITREへのリンク →

OilRig

Score: 25.55
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

HEXANE

Score: 19.65
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Windshift

Score: 19.69
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1036.001 - Invalid Code Signature
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

MuddyWater

Score: 31.34
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Dragonfly

Score: 22.80
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
MITREへのリンク →

Medusa Group

Score: 18.15
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Sandworm Team

Score: 45.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Storm-1811

Score: 20.12
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Sidewinder

Score: 22.09
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

APT3

Score: 10.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1041 - Exfiltration Over C2 Channel
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Turla

Score: 27.18
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Ember Bear

Score: 20.01
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustang Panda

Score: 59.39
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.008 - Masquerade File Type
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1070 - Indicator Removal
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tonto Team

Score: 7.48
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackByte

Score: 35.05
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1480 - Execution Guardrails
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT28

Score: 51.94
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1001.001 - Junk Data
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-0501

Score: 12.11
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Axiom

Score: 14.23
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Leviathan

Score: 32.43
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1027.015 - Compression
MITREへのリンク →

Contagious Interview

Score: 47.14
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1204.005 - Malicious Library
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

Inception

Score: 11.50
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 4.15
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 7.96
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 21.40
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497 - Virtualization/Sandbox Evasion
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 7.96
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Saint Bear

Score: 14.41
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT33

Score: 7.05
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BITTER

Score: 11.19
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 15.25
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Higaisa

Score: 13.18
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Fox Kitten

Score: 15.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1217 - Browser Information Discovery
  • T1039 - Data from Network Shared Drive
  • T1027.010 - Command Obfuscation
  • T1213.005 - Messaging Applications
MITREへのリンク →

TA2541

Score: 19.51
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 12.87
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Blue Mockingbird

Score: 5.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.002 - Tool
MITREへのリンク →

Mofang

Score: 7.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

Whitefly

Score: 4.97
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1588.002 - Tool
MITREへのリンク →

menuPass

Score: 14.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 6.01
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 11.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

TA551

Score: 12.88
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Mustard Tempest

Score: 14.26
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Kimsuky

Score: 58.56
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1593.002 - Search Engines
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1027.010 - Command Obfuscation
MITREへのリンク →

FIN13

Score: 16.96
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1565 - Data Manipulation
MITREへのリンク →

Indrik Spider

Score: 4.71
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
MITREへのリンク →

UNC3886

Score: 16.19
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1212 - Exploitation for Credential Access
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 23.03
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
MITREへのリンク →

Play

Score: 10.70
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Aoqin Dragon

Score: 7.41
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 14.66
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 4.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

WIRTE

Score: 4.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
MITREへのリンク →

RTM

Score: 5.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 4.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

CURIUM

Score: 7.86
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1041 - Exfiltration Over C2 Channel
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

DarkHydrus

Score: 5.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1221 - Template Injection
MITREへのリンク →

PLATINUM

Score: 12.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

Ferocious Kitten

Score: 5.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
MITREへのリンク →

LazyScripter

Score: 13.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Star Blizzard

Score: 10.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

FIN4

Score: 7.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Cobalt Group

Score: 14.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

EXOTIC LILY

Score: 6.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN6

Score: 4.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 3.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
MITREへのリンク →

Gorgon Group

Score: 5.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
MITREへのリンク →

SideCopy

Score: 13.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Andariel

Score: 14.26
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 27.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.002 - Right-to-Left Override
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Naikon

Score: 5.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Molerats

Score: 7.83
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 5.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

IndigoZebra

Score: 4.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

Silence

Score: 8.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Confucius

Score: 11.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

BlackTech

Score: 12.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Evilnum

Score: 6.62
Matched TTPs:
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
MITREへのリンク →

APT1

Score: 5.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

APT42

Score: 15.46
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Scattered Spider

Score: 24.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1217 - Browser Information Discovery
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1598 - Phishing for Information
  • T1213.005 - Messaging Applications
MITREへのリンク →

Silent Librarian

Score: 3.31
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
MITREへのリンク →

Cinnamon Tempest

Score: 8.14
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Daggerfly

Score: 6.43
Matched TTPs:
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
MITREへのリンク →

BackdoorDiplomacy

Score: 8.80
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Agrius

Score: 7.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Rocke

Score: 10.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Sea Turtle

Score: 10.72
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

ToddyCat

Score: 3.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 8.13
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
MITREへのリンク →

APT5

Score: 7.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1070 - Indicator Removal
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

LAPSUS$

Score: 18.57
Matched TTPs:
  • T1598.004 - Spearphishing Voice
  • T1593.003 - Code Repositories
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1213.005 - Messaging Applications
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Leafminer

Score: 4.48
Matched TTPs:
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Gamaredon Group

Score: 0.80
Matched TTPs:
  • T1620 - Reflective Code Loading
  • T1039 - Data from Network Shared Drive
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.004 - Compile After Delivery
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1027.016 - Junk Code Insertion
  • T1041 - Exfiltration Over C2 Channel
  • T1140 - Deobfuscate/Decode Files or Information
  • T1534 - Internal Spearphishing
  • T1491.001 - Internal Defacement
  • T1102.002 - Bidirectional Communication
  • T1033 - System Owner/User Discovery
  • T1027.015 - Compression
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1112 - Modify Registry
  • T1001 - Data Obfuscation
  • T1608.001 - Upload Malware
  • T1221 - Template Injection
  • T1480 - Execution Guardrails
  • T1055 - Process Injection
MITREへのリンク →

Mustang Panda

Score: 0.71
Matched TTPs:
  • T1588.002 - Tool
  • T1070 - Indicator Removal
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1036.008 - Masquerade File Type
  • T1027 - Obfuscated Files or Information
  • T1176.002 - IDE Extensions
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1027.016 - Junk Code Insertion
  • T1041 - Exfiltration Over C2 Channel
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003 - OS Credential Dumping
  • T1574.001 - DLL
  • T1027.007 - Dynamic API Resolution
  • T1622 - Debugger Evasion
  • T1204.002 - Malicious File
  • T1678 - Delay Execution
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1587.001 - Malware
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1620 - Reflective Code Loading
  • T1566 - Phishing
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1518.001 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1027.016 - Junk Code Insertion
  • T1593.002 - Search Engines
  • T1041 - Exfiltration Over C2 Channel
  • T1598 - Phishing for Information
  • T1140 - Deobfuscate/Decode Files or Information
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1587.001 - Malware
MITREへのリンク →

APT28

Score: 0.64
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1211 - Exploitation for Defense Evasion
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1001.001 - Junk Data
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1546.015 - Component Object Model Hijacking
  • T1598 - Phishing for Information
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003 - OS Credential Dumping
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1204.002 - Malicious File
  • T1221 - Template Injection
  • T1203 - Exploitation for Client Execution
  • T1036 - Masquerading
MITREへのリンク →

Lazarus Group

Score: 0.62
Matched TTPs:
  • T1620 - Reflective Code Loading
  • T1027.013 - Encrypted/Encoded File
  • T1010 - Application Window Discovery
  • T1588.002 - Tool
  • T1070 - Indicator Removal
  • T1566.001 - Spearphishing Attachment
  • T1027.009 - Embedded Payloads
  • T1574.013 - KernelCallbackTable
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.001 - DLL
  • T1491.001 - Internal Defacement
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1587.001 - Malware
MITREへのリンク →

Sandworm Team

Score: 0.59
Matched TTPs:
  • T1584.005 - Botnet
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1027.010 - Command Obfuscation
  • T1041 - Exfiltration Over C2 Channel
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
  • T1195 - Supply Chain Compromise
  • T1033 - System Owner/User Discovery
  • T1491.002 - External Defacement
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1036 - Masquerading
  • T1587.001 - Malware
MITREへのリンク →

Contagious Interview

Score: 0.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.013 - Encrypted/Encoded File
  • T1204.005 - Malicious Library
  • T1497 - Virtualization/Sandbox Evasion
  • T1041 - Exfiltration Over C2 Channel
  • T1588.007 - Artificial Intelligence
  • T1657 - Financial Theft
  • T1204.004 - Malicious Copy and Paste
  • T1588.002 - Tool
  • T1583.006 - Web Services
  • T1681 - Search Threat Vendor Data
  • T1608.001 - Upload Malware
  • T1027.010 - Command Obfuscation
  • T1593.003 - Code Repositories
  • T1480 - Execution Guardrails
  • T1036 - Masquerading
  • T1587.001 - Malware
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る