Trusted Design

Evasive Maneuvers by Wekby with Rop-packing, DNS Covert Channels

概要

ThreatStream Labs recently became aware of a campaign beginning on 30 June 2015 by the omniprescent Wekby threat actors (a/k/a TG-0416, APT-18, Dynamite Panda). The Wekby actors have recently been observed compromising organizations in the Manufacturing, Technology and Utilities verticals, but have had a long standing interest in the HealthCare industry. This campaign uses obfuscated variants of the HTTPBrowser tool that use DNS as a control channel. This recent campaign exhibits many of the groups key characteristics to deliver a more technically advanced version of their toolkit than has previously been found. The Wekby group is keen on using phishes that purport to be from the IT helpdesk, often with links or attachments claiming to be vpn or citrix upgrades. This specific instance used a “cisco” vpnclient theme.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 46.62
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1562.006 - Indicator Blocking
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 62.05
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1565.002 - Transmitted Data Manipulation
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 27.41
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ember Bear

Score: 22.21
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
MITREへのリンク →

Indrik Spider

Score: 11.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 6.48
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
MITREへのリンク →

Contagious Interview

Score: 45.47
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1565.002 - Transmitted Data Manipulation
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 70.13
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 16.74
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

LAPSUS$

Score: 37.62
Matched TTPs:
  • T1216.001 - PubPrn
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1619 - Cloud Storage Object Discovery
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1065 - Uncommonly Used Port
  • T1588.005 - Exploits
MITREへのリンク →

Andariel

Score: 10.95
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 39.74
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 29.86
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1122 - Component Object Model Hijacking
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT41

Score: 40.03
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1001.003 - Protocol or Service Impersonation
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 5.32
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1556.005 - Reversible Encryption
MITREへのリンク →

HEXANE

Score: 26.47
Matched TTPs:
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1055.014 - VDSO Hijacking
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
MITREへのリンク →

APT29

Score: 38.80
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1537 - Transfer Data to Cloud Account
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 35.92
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1061 - Graphical User Interface
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 13.96
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lotus Blossom

Score: 9.27
Matched TTPs:
  • T1099 - Timestomp
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 13.80
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 37.39
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

Volt Typhoon

Score: 56.70
Matched TTPs:
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1212 - Exploitation for Credential Access
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1065 - Uncommonly Used Port
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 10.11
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 45.41
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1139 - Bash History
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 25.72
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 34.86
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1056.002 - GUI Input Capture
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 8.11
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 19.97
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Axiom

Score: 20.02
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Chimera

Score: 15.75
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1087.004 - Cloud Account
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LazyScripter

Score: 13.58
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 14.60
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1543.003 - Windows Service
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 30.22
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1212 - Exploitation for Credential Access
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ke3chang

Score: 20.00
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT39

Score: 27.00
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1001.003 - Protocol or Service Impersonation
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Tropic Trooper

Score: 8.17
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

APT18

Score: 3.93
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN7

Score: 46.45
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
MITREへのリンク →

Moonstone Sleet

Score: 20.37
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 38.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

UNC3886

Score: 15.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
  • T1055.015 - ListPlanting
MITREへのリンク →

LuminousMoth

Score: 13.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 7.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 6.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 6.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 11.36
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1122 - Component Object Model Hijacking
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 13.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BlackTech

Score: 10.06
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 25.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 9.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 14.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 8.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 4.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 9.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 10.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 5.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 29.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1592.004 - Client Configurations
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT3

Score: 11.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 13.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 11.03
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN4

Score: 6.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1056.002 - GUI Input Capture
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 23.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 13.80
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 19.53
Matched TTPs:
  • T1543.003 - Windows Service
  • T1567.001 - Exfiltration to Code Repository
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1001.003 - Protocol or Service Impersonation
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 18.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 10.39
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 9.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Scattered Spider

Score: 26.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

CURIUM

Score: 16.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 28.56
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Threat Group-3390

Score: 27.90
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Velvet Ant

Score: 8.36
Matched TTPs:
  • T1583.005 - Botnet
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 11.01
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

SideCopy

Score: 8.34
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

BlackByte

Score: 11.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1087.004 - Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 7.02
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Saint Bear

Score: 8.89
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Rocke

Score: 10.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1008 - Fallback Channels
MITREへのリンク →

GOLD SOUTHFIELD

Score: 13.02
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 26.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1598 - Phishing for Information
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-0501

Score: 8.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1565.002 - Transmitted Data Manipulation
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Fox Kitten

Score: 12.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1588.005 - Exploits
MITREへのリンク →

Cinnamon Tempest

Score: 7.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

menuPass

Score: 12.08
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 7.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

GALLIUM

Score: 9.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Winter Vivern

Score: 17.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1548 - Abuse Elevation Control Mechanism
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 13.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Akira

Score: 5.12
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
MITREへのリンク →

IndigoZebra

Score: 4.38
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 11.13
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Ferocious Kitten

Score: 5.81
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
MITREへのリンク →

MoustachedBouncer

Score: 8.93
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

Tonto Team

Score: 10.14
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1212 - Exploitation for Credential Access
  • T1218.010 - Regsvr32
MITREへのリンク →

Silence

Score: 5.99
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 10.35
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

BRONZE BUTLER

Score: 18.61
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

Inception

Score: 11.55
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 8.29
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

SilverTerrier

Score: 3.71
Matched TTPs:
  • T1552.003 - Shell History
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Higaisa

Score: 11.43
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

Stealth Falcon

Score: 3.16
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

admin@338

Score: 4.65
Matched TTPs:
  • T1212 - Exploitation for Credential Access
  • T1218.010 - Regsvr32
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

APT19

Score: 3.80
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Daggerfly

Score: 10.08
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 6.84
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RTM

Score: 7.98
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 7.53
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1193 - Spearphishing Attachment
  • T1564.008 - Email Hiding Rules
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
  • T1045 - Software Packing
  • T1005 - Data from Local System
  • T1091 - Replication Through Removable Media
  • T1049 - System Network Connections Discovery
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1033 - System Owner/User Discovery
  • T1087.004 - Cloud Account
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1102.003 - One-Way Communication
  • T1546.016 - Installer Packages
  • T1583.005 - Botnet
  • T1573 - Encrypted Channel
  • T1111 - Multi-Factor Authentication Interception
  • T1114 - Email Collection
MITREへのリンク →

Kimsuky

Score: 0.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1091 - Replication Through Removable Media
  • T1037 - Boot or Logon Initialization Scripts
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1608.005 - Link Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1690 - Prevent Command History Logging
  • T1098.007 - Additional Local or Domain Groups
  • T1033 - System Owner/User Discovery
  • T1008 - Fallback Channels
  • T1057 - Process Discovery
  • T1087.004 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1606.002 - SAML Tokens
  • T1102.003 - One-Way Communication
  • T1537 - Transfer Data to Cloud Account
  • T1552.003 - Shell History
  • T1583.005 - Botnet
  • T1114 - Email Collection
MITREへのリンク →

Volt Typhoon

Score: 0.71
Matched TTPs:
  • T1045 - Software Packing
  • T1056.002 - GUI Input Capture
  • T1569.002 - Service Execution
  • T1049 - System Network Connections Discovery
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1685.001 - Disable or Modify Windows Event Log
  • T1199 - Trusted Relationship
  • T1176 - Software Extensions
  • T1065 - Uncommonly Used Port
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.008 - Chat Messages
  • T1057 - Process Discovery
  • T1099 - Timestomp
  • T1102.003 - One-Way Communication
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1212 - Exploitation for Credential Access
  • T1114 - Email Collection
MITREへのリンク →

FIN7

Score: 0.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1608.005 - Link Target
  • T1586.002 - Email Accounts
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.015 - ListPlanting
  • T1057 - Process Discovery
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1027.007 - Dynamic API Resolution
  • T1573 - Encrypted Channel
MITREへのリンク →

Mustang Panda

Score: 0.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1562.006 - Indicator Blocking
  • T1569.001 - Launchctl
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1037 - Boot or Logon Initialization Scripts
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1199 - Trusted Relationship
  • T1612 - Build Image on Host
  • T1567.002 - Exfiltration to Cloud Storage
  • T1608.005 - Link Target
  • T1098.007 - Additional Local or Domain Groups
  • T1087.004 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1102.003 - One-Way Communication
MITREへのリンク →

APT28

Score: 0.58
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
  • T1056.002 - GUI Input Capture
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1059.001 - PowerShell
  • T1685.001 - Disable or Modify Windows Event Log
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1608.005 - Link Target
  • T1547.011 - Plist Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1057 - Process Discovery
  • T1139 - Bash History
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1583.005 - Botnet
MITREへのリンク →

Contagious Interview

Score: 0.57
Matched TTPs:
  • T1547.008 - LSASS Driver
  • T1027.018 - Invisible Unicode
  • T1552.003 - Shell History
  • T1690 - Prevent Command History Logging
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1044 - File System Permissions Weakness
  • T1033 - System Owner/User Discovery
  • T1221 - Template Injection
  • T1045 - Software Packing
  • T1091 - Replication Through Removable Media
  • T1087.004 - Cloud Account
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1565.002 - Transmitted Data Manipulation
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る