Trusted Design

Bookworm Trojan: A Model of Modular Architecture

概要

Recently, while researching attacks on targets in Thailand, Unit 42 discovered a tool that initially appeared to be a variant of the well-known PlugX RAT based on similar observed behavior such as the usage of DLL side-loading and a shellcode file. After closer inspection, it appears to be a completely distinct Trojan, which we have dubbed Bookworm and track in Autofocus using the tag Bookworm. Bookworm’s functional code is radically different from PlugX and has a rather unique modular architecture that warranted additional analysis by Unit 42. Bookworm has little malicious functionality built-in, with its only core ability involving stealing keystrokes and clipboard contents. However, Bookworm expands on its capabilities through its ability to load additional modules directly from its command and control (C2) server. This blog will provide an analysis of the Bookworm Trojan and known indicators of compromise. A later blog will explore the associated attack campaigns and attributions surrounding Bookworm.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 65.43
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1562.010 - Downgrade Attack
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 44.29
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1205 - Traffic Signaling
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT19

Score: 17.42
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Kimsuky

Score: 63.06
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1092 - Communication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1126 - Network Share Connection Removal
MITREへのリンク →

UNC3886

Score: 32.34
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT3

Score: 23.19
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1560.003 - Archive via Custom Method
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 36.62
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 14.43
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1539 - Steal Web Session Cookie
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 11.23
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Wizard Spider

Score: 25.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.007 - Dynamic API Resolution
  • T1587 - Develop Capabilities
MITREへのリンク →

APT32

Score: 44.17
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1092 - Communication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lazarus Group

Score: 72.32
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1558.005 - Ccache Files
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1205 - Traffic Signaling
  • T1050 - New Service
  • T1070.006 - Timestomp
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1587 - Develop Capabilities
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

TA505

Score: 24.34
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1560.003 - Archive via Custom Method
  • T1087.002 - Domain Account
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

APT41

Score: 49.69
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1539 - Steal Web Session Cookie
  • T1560.003 - Archive via Custom Method
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1552.004 - Private Keys
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sandworm Team

Score: 49.08
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 52.40
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1205.001 - Port Knocking
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1564.004 - NTFS File Attributes
MITREへのリンク →

HAFNIUM

Score: 15.84
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 51.94
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1566.001 - Spearphishing Attachment
  • T1675 - ESXi Administration Command
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Daggerfly

Score: 15.26
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedCurl

Score: 26.93
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1558.005 - Ccache Files
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
MITREへのリンク →

LazyScripter

Score: 13.99
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 24.34
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1552.004 - Private Keys
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 17.32
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
  • T1090.004 - Domain Fronting
MITREへのリンク →

MuddyWater

Score: 36.30
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1547.012 - Print Processors
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 25.03
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 52.23
Matched TTPs:
  • T1056.001 - Keylogging
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 57.10
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Winnti Group

Score: 6.88
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 29.92
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.004 - Private Keys
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 22.30
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 18.73
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1090.004 - Domain Fronting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 38.28
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 21.41
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

OilRig

Score: 47.71
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.001 - Spearphishing Attachment
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 12.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Contagious Interview

Score: 46.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

LuminousMoth

Score: 14.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 36.98
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 14.95
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 8.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Moses Staff

Score: 6.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 24.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Malteiro

Score: 10.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
  • T1587 - Develop Capabilities
MITREへのリンク →

Machete

Score: 4.89
Matched TTPs:
  • T1087.002 - Domain Account
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 4.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 4.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dragonfly

Score: 25.31
Matched TTPs:
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 6.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 4.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 14.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1555.003 - Credentials from Web Browsers
  • T1205.001 - Port Knocking
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gallmaker

Score: 3.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.011 - Lua
MITREへのリンク →

Tropic Trooper

Score: 28.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Dark Caracal

Score: 11.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

PLATINUM

Score: 12.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

menuPass

Score: 24.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 14.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 19.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1027.017 - SVG Smuggling
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Threat Group-3390

Score: 32.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 9.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 19.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 40.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.001 - Spearphishing Attachment
  • T1499.002 - Service Exhaustion Flood
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Higaisa

Score: 18.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
  • T1546.017 - Udev Rules
MITREへのリンク →

Cobalt Group

Score: 19.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 14.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1205.001 - Port Knocking
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 12.89
Matched TTPs:
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 4.09
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 12.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 18.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 17.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Whitefly

Score: 6.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Nomadic Octopus

Score: 3.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 17.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 20.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 27.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

SideCopy

Score: 12.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Leviathan

Score: 24.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1555.003 - Credentials from Web Browsers
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 11.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 14.09
Matched TTPs:
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 37.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Naikon

Score: 4.42
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1506 - Web Session Cookie
MITREへのリンク →

Molerats

Score: 7.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 6.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 21.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

The White Company

Score: 8.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 3.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 20.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sidewinder

Score: 16.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Confucius

Score: 6.37
Matched TTPs:
  • T1087.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 11.77
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Windshift

Score: 16.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cinnamon Tempest

Score: 12.18
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 38.41
Matched TTPs:
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Chimera

Score: 22.26
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

Velvet Ant

Score: 15.36
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 16.36
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 3.89
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BackdoorDiplomacy

Score: 14.27
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Poseidon Group

Score: 4.04
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

APT1

Score: 8.80
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

ToddyCat

Score: 12.44
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

LAPSUS$

Score: 8.89
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Axiom

Score: 17.62
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Fox Kitten

Score: 17.28
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 10.23
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
MITREへのリンク →

Ember Bear

Score: 19.67
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Stealth Falcon

Score: 5.31
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
MITREへのリンク →

ZIRCONIUM

Score: 11.48
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Winter Vivern

Score: 11.41
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 30.91
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1562.010 - Downgrade Attack
  • T1597 - Search Closed Sources
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustard Tempest

Score: 9.05
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 9.30
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 9.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 8.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT5

Score: 9.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
MITREへのリンク →

Lotus Blossom

Score: 6.91
Matched TTPs:
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Deep Panda

Score: 9.31
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

FIN5

Score: 7.32
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

APT18

Score: 3.46
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 5.78
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Putter Panda

Score: 4.73
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
  • T1608.005 - Link Target
  • T1069.001 - Local Groups
  • T1569.002 - Service Execution
  • T1558.005 - Ccache Files
  • T1547.011 - Plist Modification
  • T1578.001 - Create Snapshot
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1205 - Traffic Signaling
  • T1089 - Disabling Security Tools
  • T1070.006 - Timestomp
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
  • T1174 - Password Filter DLL
  • T1584.003 - Virtual Private Server
  • T1546.016 - Installer Packages
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.008 - LSASS Driver
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1583 - Acquire Infrastructure
  • T1590.003 - Network Trust Dependencies
  • T1050 - New Service
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1132.001 - Standard Encoding
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1608.005 - Link Target
  • T1608 - Stage Capabilities
  • T1546.017 - Udev Rules
  • T1091 - Replication Through Removable Media
  • T1092 - Communication Through Removable Media
  • T1205 - Traffic Signaling
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1059.013 - Container CLI/API
  • T1070.009 - Clear Persistence
  • T1584.003 - Virtual Private Server
  • T1591.003 - Identify Business Tempo
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.010 - Downgrade Attack
  • T1547.012 - Print Processors
  • T1547.013 - XDG Autostart Entries
  • T1583 - Acquire Infrastructure
  • T1590.003 - Network Trust Dependencies
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1608.005 - Link Target
  • T1608 - Stage Capabilities
  • T1027.014 - Polymorphic Code
  • T1555.003 - Credentials from Web Browsers
  • T1526 - Cloud Service Discovery
  • T1091 - Replication Through Removable Media
  • T1092 - Communication Through Removable Media
  • T1205 - Traffic Signaling
  • T1213.006 - Databases
  • T1684 - Social Engineering
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
  • T1584.003 - Virtual Private Server
  • T1027.004 - Compile After Delivery
  • T1126 - Network Share Connection Removal
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1583 - Acquire Infrastructure
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Mustang Panda

Score: 0.65
Matched TTPs:
  • T1608.005 - Link Target
  • T1055.013 - Process Doppelgänging
  • T1608 - Stage Capabilities
  • T1169 - Sudo
  • T1555.003 - Credentials from Web Browsers
  • T1526 - Cloud Service Discovery
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1092 - Communication Through Removable Media
  • T1055.005 - Thread Local Storage
  • T1089 - Disabling Security Tools
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1003 - OS Credential Dumping
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1590.003 - Network Trust Dependencies
  • T1219.001 - IDE Tunneling
  • T1136.001 - Local Account
MITREへのリンク →

Turla

Score: 0.65
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
  • T1601.001 - Patch System Image
  • T1608.005 - Link Target
  • T1569.002 - Service Execution
  • T1578.001 - Create Snapshot
  • T1684 - Social Engineering
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1136.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1546.016 - Installer Packages
  • T1027.004 - Compile After Delivery
  • T1552.005 - Cloud Instance Metadata API
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1590.003 - Network Trust Dependencies
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1056.001 - Keylogging
MITREへのリンク →

APT38

Score: 0.61
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1675 - ESXi Administration Command
  • T1503 - Credentials from Web Browsers
  • T1059.005 - Visual Basic
  • T1555.003 - Credentials from Web Browsers
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
  • T1547.013 - XDG Autostart Entries
  • T1583 - Acquire Infrastructure
  • T1590.003 - Network Trust Dependencies
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1174 - Password Filter DLL
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1608.005 - Link Target
  • T1205.001 - Port Knocking
  • T1555.003 - Credentials from Web Browsers
  • T1146 - Clear Command History
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
  • T1548.004 - Elevated Execution with Prompt
  • T1584.003 - Virtual Private Server
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1564.004 - NTFS File Attributes
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1583 - Acquire Infrastructure
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1499.001 - OS Exhaustion Flood
  • T1542.004 - ROMMONkit
MITREへのリンク →

APT41

Score: 0.60
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1218.010 - Regsvr32
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1070.009 - Clear Persistence
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1573 - Encrypted Channel
  • T1177 - LSASS Driver
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
  • T1547.013 - XDG Autostart Entries
  • T1002 - Data Compressed
  • T1583 - Acquire Infrastructure
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1552.004 - Private Keys
  • T1499.001 - OS Exhaustion Flood
  • T1560.003 - Archive via Custom Method
MITREへのリンク →

Sandworm Team

Score: 0.59
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1555.003 - Credentials from Web Browsers
  • T1187 - Forced Authentication
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1005 - Data from Local System
  • T1049 - System Network Connections Discovery
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1584.003 - Virtual Private Server
  • T1546.016 - Installer Packages
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.010 - AutoHotKey & AutoIT
  • T1573 - Encrypted Channel
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1583 - Acquire Infrastructure
  • T1590.003 - Network Trust Dependencies
  • T1219.001 - IDE Tunneling
MITREへのリンク →

FIN7

Score: 0.57
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1608.005 - Link Target
  • T1055.013 - Process Doppelgänging
  • T1564.002 - Hidden Users
  • T1091 - Replication Through Removable Media
  • T1578.001 - Create Snapshot
  • T1092 - Communication Through Removable Media
  • T1205 - Traffic Signaling
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1573 - Encrypted Channel
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1583 - Acquire Infrastructure
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る