Trusted Design

Bookworm Trojan: A Model of Modular Architecture

概要

Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have dubbed Bookworm and track in Autofocus using the tag Bookworm. Bookworm’s functional code is radically different from PlugX and has a rather unique modular architecture that warranted additional analysis by Unit 42. Bookworm has little malicious functionality built-in, with its only core ability involving stealing keystrokes and clipboard contents. However, Bookworm expands on its capabilities through its ability to load additional modules directly from its command and control (C2) server. This blog will provide an analysis of the Bookworm Trojan and known indicators of compromise. A later blog will explore the associated attack campaigns and attributions surrounding Bookworm.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 65.43
Matched TTPs:
  • T1218.011 - Rundll32
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1083 - File and Directory Discovery
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

FIN7

Score: 44.29
Matched TTPs:
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

APT19

Score: 17.42
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Kimsuky

Score: 63.06
Matched TTPs:
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1176.001 - Browser Extensions
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1027.016 - Junk Code Insertion
  • T1083 - File and Directory Discovery
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1587 - Develop Capabilities
MITREへのリンク →

UNC3886

Score: 32.34
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1124 - System Time Discovery
MITREへのリンク →

APT3

Score: 23.19
Matched TTPs:
  • T1218.011 - Rundll32
  • T1069 - Permission Groups Discovery
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 36.62
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA551

Score: 14.43
Matched TTPs:
  • T1218.011 - Rundll32
  • T1568.002 - Domain Generation Algorithms
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 11.23
Matched TTPs:
  • T1218.011 - Rundll32
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

Wizard Spider

Score: 25.50
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1569.002 - Service Execution
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT32

Score: 44.17
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1550.003 - Pass the Ticket
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Lazarus Group

Score: 72.32
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1124 - System Time Discovery
  • T1055.001 - Dynamic-link Library Injection
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA505

Score: 24.34
Matched TTPs:
  • T1218.011 - Rundll32
  • T1069 - Permission Groups Discovery
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT41

Score: 49.69
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1568.002 - Domain Generation Algorithms
  • T1069 - Permission Groups Discovery
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1574.006 - Dynamic Linker Hijacking
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Sandworm Team

Score: 49.08
Matched TTPs:
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 52.40
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1105 - Ingress Tool Transfer
  • T1001.001 - Junk Data
MITREへのリンク →

HAFNIUM

Score: 15.84
Matched TTPs:
  • T1218.011 - Rundll32
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 51.94
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1115 - Clipboard Data
  • T1565.003 - Runtime Data Manipulation
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1036.006 - Space after Filename
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Daggerfly

Score: 15.26
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RedCurl

Score: 26.93
Matched TTPs:
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1573.002 - Asymmetric Cryptography
  • T1059.006 - Python
  • T1070.004 - File Deletion
MITREへのリンク →

LazyScripter

Score: 13.99
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aquatic Panda

Score: 24.34
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1574.006 - Dynamic Linker Hijacking
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 17.32
Matched TTPs:
  • T1218.011 - Rundll32
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

MuddyWater

Score: 36.30
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 25.03
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 52.23
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1055.001 - Dynamic-link Library Injection
  • T1090.001 - Internal Proxy
MITREへのリンク →

Mustang Panda

Score: 57.10
Matched TTPs:
  • T1129 - Shared Modules
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winnti Group

Score: 6.88
Matched TTPs:
  • T1014 - Rootkit
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 29.92
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1574.006 - Dynamic Linker Hijacking
  • T1055.002 - Portable Executable Injection
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 22.30
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 18.73
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1556.009 - Conditional Access Policies
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 38.28
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 21.41
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

OilRig

Score: 47.71
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1115 - Clipboard Data
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 12.64
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 46.55
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1204.005 - Malicious Library
  • T1083 - File and Directory Discovery
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1543.001 - Launch Agent
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LuminousMoth

Score: 14.46
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 36.98
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1550.003 - Pass the Ticket
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1027.006 - HTML Smuggling
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Play

Score: 14.95
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 8.71
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 6.96
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 24.19
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Malteiro

Score: 10.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Machete

Score: 4.89
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 4.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 4.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dragonfly

Score: 25.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 6.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 4.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 14.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gallmaker

Score: 3.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Tropic Trooper

Score: 28.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Dark Caracal

Score: 11.26
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 12.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

menuPass

Score: 24.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 14.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 19.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Threat Group-3390

Score: 32.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 9.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 19.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT39

Score: 40.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Higaisa

Score: 18.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Cobalt Group

Score: 19.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-1811

Score: 14.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 12.89
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 12.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN6

Score: 18.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 17.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Whitefly

Score: 6.49
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Nomadic Octopus

Score: 3.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 17.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA2541

Score: 20.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 27.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

SideCopy

Score: 12.20
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Leviathan

Score: 24.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 11.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 14.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 37.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1550.003 - Pass the Ticket
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Naikon

Score: 4.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Molerats

Score: 7.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 6.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 21.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

The White Company

Score: 8.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1124 - System Time Discovery
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 3.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 20.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Sidewinder

Score: 16.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Confucius

Score: 6.37
Matched TTPs:
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 11.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Windshift

Score: 16.49
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cinnamon Tempest

Score: 12.18
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 38.41
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

Chimera

Score: 22.26
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Velvet Ant

Score: 15.36
Matched TTPs:
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

GALLIUM

Score: 16.36
Matched TTPs:
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Evilnum

Score: 3.89
Matched TTPs:
  • T1574.001 - DLL
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BackdoorDiplomacy

Score: 14.27
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Poseidon Group

Score: 4.04
Matched TTPs:
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

APT1

Score: 8.80
Matched TTPs:
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

ToddyCat

Score: 12.44
Matched TTPs:
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LAPSUS$

Score: 8.89
Matched TTPs:
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
MITREへのリンク →

Axiom

Score: 17.62
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Fox Kitten

Score: 17.28
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 10.23
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Ember Bear

Score: 19.67
Matched TTPs:
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Stealth Falcon

Score: 5.31
Matched TTPs:
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
MITREへのリンク →

ZIRCONIUM

Score: 11.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Winter Vivern

Score: 11.41
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 30.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1480 - Execution Guardrails
  • T1562.001 - Disable or Modify Tools
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Mustard Tempest

Score: 9.05
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT42

Score: 9.30
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Sea Turtle

Score: 9.20
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 8.67
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT5

Score: 9.89
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

Lotus Blossom

Score: 6.91
Matched TTPs:
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

Deep Panda

Score: 9.31
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN5

Score: 7.32
Matched TTPs:
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1070.004 - File Deletion
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

APT18

Score: 3.46
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 5.78
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Putter Panda

Score: 4.73
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1588.002 - Tool
  • T1090.002 - External Proxy
  • T1584.004 - Server
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
  • T1202 - Indirect Command Execution
  • T1036.003 - Rename Legitimate Utilities
  • T1027.007 - Dynamic API Resolution
  • T1547.009 - Shortcut Modification
  • T1574.013 - KernelCallbackTable
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1055.001 - Dynamic-link Library Injection
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.011 - Rundll32
  • T1620 - Reflective Code Loading
  • T1105 - Ingress Tool Transfer
  • T1203 - Exploitation for Client Execution
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1010 - Application Window Discovery
  • T1583.006 - Web Services
  • T1204.002 - Malicious File
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.015 - Compression
  • T1112 - Modify Registry
  • T1025 - Data from Removable Media
  • T1518.001 - Security Software Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1218.011 - Rundll32
  • T1620 - Reflective Code Loading
  • T1039 - Data from Network Shared Drive
  • T1105 - Ingress Tool Transfer
  • T1027 - Obfuscated Files or Information
  • T1055 - Process Injection
  • T1080 - Taint Shared Content
  • T1562.001 - Disable or Modify Tools
  • T1480 - Execution Guardrails
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1559.001 - Component Object Model
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1588.003 - Code Signing Certificates
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1112 - Modify Registry
  • T1518.001 - Security Software Discovery
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1007 - System Service Discovery
  • T1218.011 - Rundll32
  • T1620 - Reflective Code Loading
  • T1105 - Ingress Tool Transfer
  • T1027 - Obfuscated Files or Information
  • T1055 - Process Injection
  • T1587.001 - Malware
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1059.006 - Python
  • T1587 - Develop Capabilities
MITREへのリンク →

Mustang Panda

Score: 0.65
Matched TTPs:
  • T1588.003 - Code Signing Certificates
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
  • T1678 - Delay Execution
  • T1027.007 - Dynamic API Resolution
  • T1106 - Native API
  • T1129 - Shared Modules
  • T1083 - File and Directory Discovery
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1105 - Ingress Tool Transfer
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1587.001 - Malware
  • T1505.003 - Web Shell
  • T1518 - Software Discovery
  • T1027.016 - Junk Code Insertion
  • T1176.002 - IDE Extensions
  • T1583.006 - Web Services
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1059 - Command and Scripting Interpreter
MITREへのリンク →

Turla

Score: 0.65
Matched TTPs:
  • T1588.002 - Tool
  • T1564.012 - File/Path Exclusions
  • T1057 - Process Discovery
  • T1027.010 - Command Obfuscation
  • T1584.004 - Server
  • T1112 - Modify Registry
  • T1025 - Data from Removable Media
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1055.001 - Dynamic-link Library Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1007 - System Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1583.006 - Web Services
  • T1124 - System Time Discovery
  • T1059.006 - Python
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT38

Score: 0.61
Matched TTPs:
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
  • T1036.003 - Rename Legitimate Utilities
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1218.001 - Compiled HTML File
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.011 - Rundll32
  • T1105 - Ingress Tool Transfer
  • T1055 - Process Injection
  • T1115 - Clipboard Data
  • T1569.002 - Service Execution
  • T1565.003 - Runtime Data Manipulation
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1204.002 - Malicious File
  • T1036.006 - Space after Filename
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1498 - Network Denial of Service
  • T1588.002 - Tool
  • T1090.002 - External Proxy
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1025 - Data from Removable Media
  • T1189 - Drive-by Compromise
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.011 - Rundll32
  • T1036 - Masquerading
  • T1039 - Data from Network Shared Drive
  • T1014 - Rootkit
  • T1105 - Ingress Tool Transfer
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
  • T1001.001 - Junk Data
  • T1583.006 - Web Services
  • T1204.002 - Malicious File
  • T1546.015 - Component Object Model Hijacking
MITREへのリンク →

APT41

Score: 0.60
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1588.002 - Tool
  • T1595.003 - Wordlist Scanning
  • T1070.004 - File Deletion
  • T1568.002 - Domain Generation Algorithms
  • T1112 - Modify Registry
  • T1218.001 - Compiled HTML File
  • T1190 - Exploit Public-Facing Application
  • T1574.006 - Dynamic Linker Hijacking
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1195.002 - Compromise Software Supply Chain
  • T1574.001 - DLL
  • T1218.011 - Rundll32
  • T1105 - Ingress Tool Transfer
  • T1014 - Rootkit
  • T1027 - Obfuscated Files or Information
  • T1055 - Process Injection
  • T1203 - Exploitation for Client Execution
  • T1569.002 - Service Execution
  • T1546.008 - Accessibility Features
MITREへのリンク →

Sandworm Team

Score: 0.59
Matched TTPs:
  • T1592.002 - Software
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1070.004 - File Deletion
  • T1027.010 - Command Obfuscation
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1195.002 - Compromise Software Supply Chain
  • T1195 - Supply Chain Compromise
  • T1584.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.011 - Rundll32
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1587.001 - Malware
  • T1499 - Endpoint Denial of Service
  • T1505.003 - Web Shell
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
MITREへのリンク →

FIN7

Score: 0.57
Matched TTPs:
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1027.010 - Command Obfuscation
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1195.002 - Compromise Software Supply Chain
  • T1497.002 - User Activity Based Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.011 - Rundll32
  • T1620 - Reflective Code Loading
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1674 - Input Injection
  • T1569.002 - Service Execution
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1204.002 - Malicious File
  • T1124 - System Time Discovery
  • T1608.001 - Upload Malware
  • T1059 - Command and Scripting Interpreter
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る