Trusted Design

Macro documents with XOR Encoded Payloads

概要

When reversing malware samples, one of the things that we as analysts look for are places where the attackers slip up. This can be anywhere from using the same strings, to weak obfuscation routines, or re-using the same snippet of code. When we talk about the attackers, there is this misconception that they are these super villains who can only do evil, but keep in mind they are humans too. This pulse contain IOC's related to phishing campaigns using the technique described above.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 25.96
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1675 - ESXi Administration Command
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1491 - Defacement
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 28.70
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
MITREへのリンク →

FIN8

Score: 11.12
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Ke3chang

Score: 18.87
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

FIN7

Score: 37.57
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1205 - Traffic Signaling
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
MITREへのリンク →

HAFNIUM

Score: 12.52
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
MITREへのリンク →

Winter Vivern

Score: 15.94
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548 - Abuse Elevation Control Mechanism
  • T1087.004 - Cloud Account
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT19

Score: 14.43
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT32

Score: 38.75
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT39

Score: 25.50
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
MITREへのリンク →

APT37

Score: 20.80
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.011 - Lua
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Lazarus Group

Score: 49.61
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1205 - Traffic Signaling
  • T1070.006 - Timestomp
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Tropic Trooper

Score: 24.07
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Threat Group-3390

Score: 27.72
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 24.78
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 35.08
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

ZIRCONIUM

Score: 22.67
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

Chimera

Score: 17.75
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1089 - Disabling Security Tools
  • T1491 - Defacement
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1601.001 - Patch System Image
MITREへのリンク →

Patchwork

Score: 18.57
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Stealth Falcon

Score: 3.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.004 - Cloud Account
MITREへのリンク →

Volt Typhoon

Score: 31.69
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1013 - Port Monitors
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1491 - Defacement
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

LuminousMoth

Score: 15.93
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Aquatic Panda

Score: 12.20
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Gamaredon Group

Score: 67.49
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1200 - Hardware Additions
  • T1546.017 - Udev Rules
MITREへのリンク →

GALLIUM

Score: 9.88
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

Wizard Spider

Score: 15.55
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

APT41

Score: 29.89
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

OilRig

Score: 25.55
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 19.65
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Windshift

Score: 19.69
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1078 - Valid Accounts
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

MuddyWater

Score: 31.34
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Dragonfly

Score: 22.80
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
MITREへのリンク →

Medusa Group

Score: 18.15
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Sandworm Team

Score: 45.66
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
MITREへのリンク →

Storm-1811

Score: 20.12
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Sidewinder

Score: 22.09
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT3

Score: 10.50
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
MITREへのリンク →

Turla

Score: 27.18
Matched TTPs:
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ember Bear

Score: 20.01
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustang Panda

Score: 59.39
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1013 - Port Monitors
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Tonto Team

Score: 7.48
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackByte

Score: 35.05
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1013 - Port Monitors
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1562.010 - Downgrade Attack
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

APT28

Score: 51.94
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1564.004 - NTFS File Attributes
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-0501

Score: 12.11
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

Axiom

Score: 14.23
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Leviathan

Score: 32.43
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 47.14
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1016 - System Network Configuration Discovery
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
MITREへのリンク →

Inception

Score: 11.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 4.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 7.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 21.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 7.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Saint Bear

Score: 14.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 7.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 11.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 15.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 13.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Fox Kitten

Score: 15.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1491 - Defacement
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1588.005 - Exploits
MITREへのリンク →

TA2541

Score: 19.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 12.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

Blue Mockingbird

Score: 5.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

Mofang

Score: 7.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Whitefly

Score: 4.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
MITREへのリンク →

menuPass

Score: 14.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
MITREへのリンク →

Moses Staff

Score: 6.01
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 11.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1506 - Web Session Cookie
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

TA551

Score: 12.88
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustard Tempest

Score: 14.26
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
MITREへのリンク →

Kimsuky

Score: 58.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN13

Score: 16.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1053.006 - Systemd Timers
MITREへのリンク →

Indrik Spider

Score: 4.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
MITREへのリンク →

UNC3886

Score: 16.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1606 - Forge Web Credentials
  • T1218.010 - Regsvr32
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 23.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
MITREへのリンク →

Play

Score: 10.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Aoqin Dragon

Score: 7.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 14.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 4.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

WIRTE

Score: 4.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
MITREへのリンク →

RTM

Score: 5.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 4.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

CURIUM

Score: 7.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

DarkHydrus

Score: 5.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 12.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Ferocious Kitten

Score: 5.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
MITREへのリンク →

LazyScripter

Score: 13.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

Star Blizzard

Score: 10.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN4

Score: 7.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Cobalt Group

Score: 14.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

EXOTIC LILY

Score: 6.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 4.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 3.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Gorgon Group

Score: 5.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

SideCopy

Score: 13.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Andariel

Score: 14.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 27.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Naikon

Score: 5.30
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1506 - Web Session Cookie
MITREへのリンク →

Molerats

Score: 7.83
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 5.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

IndigoZebra

Score: 4.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Silence

Score: 8.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
MITREへのリンク →

Confucius

Score: 11.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

BlackTech

Score: 12.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Evilnum

Score: 6.62
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
MITREへのリンク →

APT1

Score: 5.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT42

Score: 15.46
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1506 - Web Session Cookie
MITREへのリンク →

Scattered Spider

Score: 24.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1491 - Defacement
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
  • T1588.005 - Exploits
MITREへのリンク →

Silent Librarian

Score: 3.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
MITREへのリンク →

Cinnamon Tempest

Score: 8.14
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Daggerfly

Score: 6.43
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BackdoorDiplomacy

Score: 8.80
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

Agrius

Score: 7.20
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.004 - Cloud Account
MITREへのリンク →

Rocke

Score: 10.84
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 10.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

ToddyCat

Score: 3.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 8.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

APT5

Score: 7.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

LAPSUS$

Score: 18.57
Matched TTPs:
  • T1019 - System Firmware
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1588.005 - Exploits
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Leafminer

Score: 4.48
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Gamaredon Group

Score: 0.80
Matched TTPs:
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1506 - Web Session Cookie
  • T1087.002 - Domain Account
  • T1059.013 - Container CLI/API
  • T1059.009 - Cloud API
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1061 - Graphical User Interface
  • T1205 - Traffic Signaling
  • T1546.017 - Udev Rules
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1055.014 - VDSO Hijacking
  • T1562.009 - Safe Mode Boot
  • T1684 - Social Engineering
  • T1059.010 - AutoHotKey & AutoIT
  • T1601.001 - Patch System Image
  • T1598.003 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1087.004 - Cloud Account
  • T1606.001 - Web Cookies
  • T1542.004 - ROMMONkit
MITREへのリンク →

Mustang Panda

Score: 0.71
Matched TTPs:
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1566.002 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1169 - Sudo
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1677 - Poisoned Pipeline Execution
  • T1071.001 - Web Protocols
  • T1013 - Port Monitors
  • T1159 - Launch Agent
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1597.002 - Purchase Technical Data
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.001 - Local Account
  • T1598.003 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1087.004 - Cloud Account
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1566.002 - Spearphishing Link
  • T1683.001 - Written Content
  • T1506 - Web Session Cookie
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1197 - BITS Jobs
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1606.002 - SAML Tokens
  • T1055.014 - VDSO Hijacking
  • T1684 - Social Engineering
  • T1059.010 - AutoHotKey & AutoIT
  • T1601.001 - Patch System Image
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1087.004 - Cloud Account
MITREへのリンク →

APT28

Score: 0.64
Matched TTPs:
  • T1608.005 - Link Target
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.002 - Domain Account
  • T1685.001 - Disable or Modify Windows Event Log
  • T1199 - Trusted Relationship
  • T1491.002 - External Defacement
  • T1566.003 - Spearphishing via Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1200 - Hardware Additions
  • T1548.004 - Elevated Execution with Prompt
  • T1197 - BITS Jobs
  • T1564.004 - NTFS File Attributes
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1598.003 - Spearphishing Link
  • T1542.004 - ROMMONkit
MITREへのリンク →

Lazarus Group

Score: 0.62
Matched TTPs:
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1543.003 - Windows Service
  • T1087.002 - Domain Account
  • T1205 - Traffic Signaling
  • T1557 - Adversary-in-the-Middle
  • T1069.001 - Local Groups
  • T1199 - Trusted Relationship
  • T1491.002 - External Defacement
  • T1677 - Poisoned Pipeline Execution
  • T1070.006 - Timestomp
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1598.003 - Spearphishing Link
  • T1132.001 - Standard Encoding
  • T1087.004 - Cloud Account
  • T1606.001 - Web Cookies
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Sandworm Team

Score: 0.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.008 - Email Hiding Rules
  • T1187 - Forced Authentication
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1049 - System Network Connections Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1601.001 - Patch System Image
  • T1598.003 - Spearphishing Link
  • T1573 - Encrypted Channel
  • T1087.004 - Cloud Account
  • T1005 - Data from Local System
MITREへのリンク →

Contagious Interview

Score: 0.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1601.001 - Patch System Image
  • T1021.006 - Windows Remote Management
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1221 - Template Injection
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1491.002 - External Defacement
  • T1016 - System Network Configuration Discovery
  • T1087.002 - Domain Account
  • T1218.008 - Odbcconf
  • T1044 - File System Permissions Weakness
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る