Trusted Design

Naughty List

概要

Compilation of IP addresses from which malicious traffic persists in the form of searching for known vulnerabilities to exploit, scanning domains for vulnerable software installations, scanning hosts for stack vulnerabilities and general probing of paths to identify installed software, plus any other threat actors that make it to the naughty list for irresponsible behaviour.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 56.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1152 - Launchctl
  • T1683.001 - Written Content
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1053.002 - At
MITREへのリンク →

Sea Turtle

Score: 13.17
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ember Bear

Score: 32.84
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 15.27
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1552.008 - Chat Messages
  • T1570 - Lateral Tool Transfer
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 11.44
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Contagious Interview

Score: 31.79
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 58.10
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1686.003 - Windows Host Firewall
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

Star Blizzard

Score: 10.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 65.43
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1164 - Re-opened Applications
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1488 - Disk Content Wipe
  • T1570 - Lateral Tool Transfer
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1665 - Hide Infrastructure
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 4.83
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1134 - Access Token Manipulation
MITREへのリンク →

HAFNIUM

Score: 30.30
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1552.008 - Chat Messages
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

LAPSUS$

Score: 10.38
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1584.003 - Virtual Private Server
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Chimera

Score: 23.76
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT28

Score: 48.63
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1146 - Clear Command History
  • T1556.005 - Reversible Encryption
  • T1564.004 - NTFS File Attributes
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ke3chang

Score: 18.90
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

Andariel

Score: 14.82
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 43.09
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1053.002 - At
MITREへのリンク →

APT41

Score: 42.50
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 7.51
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1556.005 - Reversible Encryption
MITREへのリンク →

HEXANE

Score: 16.98
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

APT29

Score: 31.02
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1036.002 - Right-to-Left Override
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Gamaredon Group

Score: 40.68
Matched TTPs:
  • T1099 - Timestomp
  • T1547.012 - Print Processors
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1036.002 - Right-to-Left Override
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA2541

Score: 19.93
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1036.002 - Right-to-Left Override
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Lotus Blossom

Score: 16.57
Matched TTPs:
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 28.87
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 33.61
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 10.97
Matched TTPs:
  • T1099 - Timestomp
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 11.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1573 - Encrypted Channel
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lazarus Group

Score: 32.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1569.002 - Service Execution
MITREへのリンク →

OilRig

Score: 29.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

UNC3886

Score: 19.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 11.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 10.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 13.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Moses Staff

Score: 5.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 40.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1562.006 - Indicator Blocking
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 29.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1506 - Web Session Cookie
  • T1519 - Emond
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN7

Score: 17.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
MITREへのリンク →

Storm-0501

Score: 7.21
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

MuddyWater

Score: 29.51
Matched TTPs:
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

Medusa Group

Score: 26.74
Matched TTPs:
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 21.59
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

Aquatic Panda

Score: 15.61
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1562.004 - Disable or Modify System Firewall
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Earth Lusca

Score: 23.22
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

admin@338

Score: 8.52
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 15.28
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

Velvet Ant

Score: 18.33
Matched TTPs:
  • T1583.005 - Botnet
  • T1684 - Social Engineering
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1128 - Netsh Helper DLL
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT33

Score: 6.56
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

DarkVishnya

Score: 5.65
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

APT39

Score: 19.87
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

Axiom

Score: 8.03
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

ToddyCat

Score: 12.23
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
  • T1665 - Hide Infrastructure
MITREへのリンク →

Windigo

Score: 7.83
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1159 - Launch Agent
MITREへのリンク →

Fox Kitten

Score: 17.88
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 11.26
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN6

Score: 8.35
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

APT37

Score: 8.98
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Dragonfly

Score: 21.59
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1134 - Access Token Manipulation
MITREへのリンク →

Inception

Score: 9.02
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

Patchwork

Score: 13.11
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 11.73
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 28.49
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Stealth Falcon

Score: 6.34
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1590.006 - Network Security Appliances
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT38

Score: 12.39
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
MITREへのリンク →

menuPass

Score: 23.81
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Wizard Spider

Score: 18.14
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

Dark Caracal

Score: 3.93
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BlackByte

Score: 20.13
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Mustard Tempest

Score: 9.80
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
  • T1053.002 - At
MITREへのリンク →

LazyScripter

Score: 8.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
MITREへのリンク →

SideCopy

Score: 11.37
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1053.002 - At
MITREへのリンク →

TA505

Score: 7.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BITTER

Score: 13.93
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT32

Score: 21.71
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Saint Bear

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 4.98
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 11.64
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Rocke

Score: 14.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 8.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

BlackTech

Score: 5.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

Cinnamon Tempest

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Winter Vivern

Score: 10.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1219.001 - IDE Tunneling
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Leviathan

Score: 10.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 5.82
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

APT5

Score: 6.96
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Storm-1811

Score: 4.55
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
MITREへのリンク →

Scattered Spider

Score: 15.32
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

Transparent Tribe

Score: 9.58
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
  • T1053.002 - At
MITREへのリンク →

ZIRCONIUM

Score: 13.94
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1608.006 - SEO Poisoning
MITREへのリンク →

RedEcho

Score: 8.74
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Windshift

Score: 8.02
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

PLATINUM

Score: 4.65
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
MITREへのリンク →

Silence

Score: 7.60
Matched TTPs:
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cobalt Group

Score: 15.33
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

FIN5

Score: 5.14
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tonto Team

Score: 6.99
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 3.51
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Tropic Trooper

Score: 22.80
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

Naikon

Score: 6.68
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Sidewinder

Score: 10.10
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

Darkhotel

Score: 6.16
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Higaisa

Score: 9.91
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
  • T1569.002 - Service Execution
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

POLONIUM

Score: 5.59
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 4.50
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

Confucius

Score: 6.81
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Leafminer

Score: 5.46
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Daggerfly

Score: 6.35
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.80
Matched TTPs:
  • T1569.002 - Service Execution
  • T1164 - Re-opened Applications
  • T1665 - Hide Infrastructure
  • T1045 - Software Packing
  • T1686.003 - Windows Host Firewall
  • T1199 - Trusted Relationship
  • T1552.008 - Chat Messages
  • T1553.002 - Code Signing
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1159 - Launch Agent
  • T1584.003 - Virtual Private Server
  • T1102.003 - One-Way Communication
  • T1148 - HISTCONTROL
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
  • T1488 - Disk Content Wipe
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Sandworm Team

Score: 0.72
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1075 - Pass the Hash
  • T1562.004 - Disable or Modify System Firewall
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1686.003 - Windows Host Firewall
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1584.003 - Virtual Private Server
  • T1583.005 - Botnet
  • T1102.003 - One-Way Communication
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
  • T1556.005 - Reversible Encryption
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Kimsuky

Score: 0.68
Matched TTPs:
  • T1008 - Fallback Channels
  • T1665 - Hide Infrastructure
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1584.003 - Virtual Private Server
  • T1152 - Launchctl
  • T1583.005 - Botnet
  • T1683.001 - Written Content
  • T1102.003 - One-Way Communication
  • T1506 - Web Session Cookie
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1053.002 - At
  • T1556.005 - Reversible Encryption
  • T1003.003 - NTDS
  • T1570 - Lateral Tool Transfer
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
MITREへのリンク →

APT28

Score: 0.62
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1566.003 - Spearphishing via Service
  • T1562.004 - Disable or Modify System Firewall
  • T1199 - Trusted Relationship
  • T1547.011 - Plist Modification
  • T1547.002 - Authentication Package
  • T1564.004 - NTFS File Attributes
  • T1584.003 - Virtual Private Server
  • T1152 - Launchctl
  • T1583.005 - Botnet
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1146 - Clear Command History
  • T1542.004 - ROMMONkit
  • T1098.007 - Additional Local or Domain Groups
  • T1556.005 - Reversible Encryption
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
MITREへのリンク →

APT41

Score: 0.57
Matched TTPs:
  • T1008 - Fallback Channels
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1055.004 - Asynchronous Procedure Call
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1556.005 - Reversible Encryption
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1002 - Data Compressed
  • T1539 - Steal Web Session Cookie
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1219.001 - IDE Tunneling
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Magic Hound

Score: 0.55
Matched TTPs:
  • T1683 - Generate Content
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1099 - Timestomp
  • T1055.004 - Asynchronous Procedure Call
  • T1070.003 - Clear Command History
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1053.002 - At
  • T1556.005 - Reversible Encryption
  • T1187 - Forced Authentication
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1140 - Deobfuscate/Decode Files or Information
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る