Trusted Design

Evasive Maneuvers by Wekby with Rop-packing, DNS Covert Channels

概要

ThreatStream Labs recently became aware of a campaign beginning on 30 June 2015 by the omniprescent Wekby threat actors (a/k/a TG-0416, APT-18, Dynamite Panda). The Wekby actors have recently been observed compromising organizations in the Manufacturing, Technology and Utilities verticals, but have had a long standing interest in the HealthCare industry. This campaign uses obfuscated variants of the HTTPBrowser tool that use DNS as a control channel. This recent campaign exhibits many of the groups key characteristics to deliver a more technically advanced version of their toolkit than has previously been found. The Wekby group is keen on using phishes that purport to be from the IT helpdesk, often with links or attachments claiming to be vpn or citrix upgrades. This specific instance used a “cisco” vpnclient theme.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 46.62
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1219.001 - IDE Tunneling
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1219.002 - Remote Desktop Software
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 62.05
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1219.002 - Remote Desktop Software
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 27.41
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 22.21
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1071.004 - DNS
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Indrik Spider

Score: 11.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1590 - Gather Victim Network Information
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 6.48
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Contagious Interview

Score: 45.47
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1593.001 - Social Media
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 70.13
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1590.001 - Domain Properties
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 16.74
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
MITREへのリンク →

LAPSUS$

Score: 37.62
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1591.004 - Identify Roles
  • T1213.005 - Messaging Applications
MITREへのリンク →

Andariel

Score: 10.95
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Magic Hound

Score: 39.74
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1591.001 - Determine Physical Locations
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HAFNIUM

Score: 29.86
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1590 - Gather Victim Network Information
  • T1199 - Trusted Relationship
  • T1071.001 - Web Protocols
MITREへのリンク →

APT41

Score: 40.03
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1071.004 - DNS
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1596.005 - Scan Databases
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA551

Score: 5.32
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1071.001 - Web Protocols
MITREへのリンク →

HEXANE

Score: 26.47
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1534 - Internal Spearphishing
  • T1069.001 - Local Groups
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
MITREへのリンク →

APT29

Score: 38.80
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1550.003 - Pass the Ticket
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1027.002 - Software Packing
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gamaredon Group

Score: 35.92
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1001 - Data Obfuscation
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

TA2541

Score: 13.96
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

Lotus Blossom

Score: 9.27
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 13.80
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
MITREへのリンク →

Turla

Score: 37.39
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1090 - Proxy
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1069.001 - Local Groups
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

Volt Typhoon

Score: 56.70
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1590 - Gather Victim Network Information
  • T1069.001 - Local Groups
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1591.004 - Identify Roles
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN8

Score: 10.11
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 45.41
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1557.004 - Evil Twin
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

ZIRCONIUM

Score: 25.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1090.003 - Multi-hop Proxy
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 34.86
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 8.11
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1588.002 - Tool
MITREへのリンク →

EXOTIC LILY

Score: 19.97
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Axiom

Score: 20.02
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

Chimera

Score: 15.75
Matched TTPs:
  • T1071.004 - DNS
  • T1041 - Exfiltration Over C2 Channel
  • T1069.001 - Local Groups
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

LazyScripter

Score: 13.58
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 14.60
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

OilRig

Score: 30.22
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1069.001 - Local Groups
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ke3chang

Score: 20.00
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

APT39

Score: 27.00
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Tropic Trooper

Score: 8.17
Matched TTPs:
  • T1071.004 - DNS
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

APT18

Score: 3.93
Matched TTPs:
  • T1071.004 - DNS
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN7

Score: 46.45
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
MITREへのリンク →

Moonstone Sleet

Score: 20.37
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1591 - Gather Victim Org Information
  • T1195.002 - Compromise Software Supply Chain
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lazarus Group

Score: 38.34
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

UNC3886

Score: 15.66
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1203 - Exploitation for Client Execution
  • T1008 - Fallback Channels
MITREへのリンク →

LuminousMoth

Score: 13.92
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 7.45
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 6.94
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Aoqin Dragon

Score: 6.49
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

RedCurl

Score: 11.36
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1199 - Trusted Relationship
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 13.94
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

BlackTech

Score: 10.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 25.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 9.47
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Sidewinder

Score: 14.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 8.12
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

Machete

Score: 4.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 9.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 10.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 5.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
MITREへのリンク →

APT32

Score: 29.84
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1550.003 - Pass the Ticket
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

APT3

Score: 11.07
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 3.81
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1588.002 - Tool
MITREへのリンク →

APT33

Score: 13.50
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1552.006 - Group Policy Preferences
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 11.03
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN4

Score: 6.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1090.003 - Multi-hop Proxy
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 23.94
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 13.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1566.004 - Spearphishing Voice
  • T1219.002 - Remote Desktop Software
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Wizard Spider

Score: 19.53
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1552.006 - Group Policy Preferences
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1197 - BITS Jobs
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 18.15
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA505

Score: 10.39
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

APT42

Score: 9.50
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
MITREへのリンク →

Scattered Spider

Score: 26.70
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1213.005 - Messaging Applications
MITREへのリンク →

CURIUM

Score: 16.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 28.56
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Threat Group-3390

Score: 27.90
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Velvet Ant

Score: 8.36
Matched TTPs:
  • T1040 - Network Sniffing
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

DarkVishnya

Score: 11.01
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

SideCopy

Score: 8.34
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

BlackByte

Score: 11.59
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

BITTER

Score: 7.02
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Saint Bear

Score: 8.89
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

Rocke

Score: 10.52
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

GOLD SOUTHFIELD

Score: 13.02
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1199 - Trusted Relationship
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Medusa Group

Score: 26.50
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1650 - Acquire Access
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-0501

Score: 8.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1219.002 - Remote Desktop Software
  • T1027.002 - Software Packing
MITREへのリンク →

Fox Kitten

Score: 12.92
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1213.005 - Messaging Applications
MITREへのリンク →

Cinnamon Tempest

Score: 7.18
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

menuPass

Score: 12.08
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 7.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 9.09
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027.002 - Software Packing
MITREへのリンク →

Winter Vivern

Score: 17.43
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1056.003 - Web Portal Capture
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 13.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1569.002 - Service Execution
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Akira

Score: 5.12
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
MITREへのリンク →

IndigoZebra

Score: 4.38
Matched TTPs:
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

APT38

Score: 11.13
Matched TTPs:
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Ferocious Kitten

Score: 5.81
Matched TTPs:
  • T1583.001 - Domains
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
MITREへのリンク →

MoustachedBouncer

Score: 8.93
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1027.002 - Software Packing
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
MITREへのリンク →

Tonto Team

Score: 10.14
Matched TTPs:
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1069.001 - Local Groups
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Silence

Score: 5.99
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 10.35
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

BRONZE BUTLER

Score: 18.61
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1550.003 - Pass the Ticket
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Inception

Score: 11.55
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

FIN6

Score: 8.29
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

SilverTerrier

Score: 3.71
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.001 - Web Protocols
MITREへのリンク →

Higaisa

Score: 11.43
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
MITREへのリンク →

Stealth Falcon

Score: 3.16
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
  • T1071.001 - Web Protocols
MITREへのリンク →

admin@338

Score: 4.65
Matched TTPs:
  • T1069.001 - Local Groups
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

APT19

Score: 3.80
Matched TTPs:
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Daggerfly

Score: 10.08
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 6.84
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

RTM

Score: 7.98
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 7.53
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1195.002 - Compromise Software Supply Chain
  • T1584.005 - Botnet
  • T1598.003 - Spearphishing Link
  • T1591.002 - Business Relationships
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1041 - Exfiltration Over C2 Channel
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1594 - Search Victim-Owned Websites
  • T1190 - Exploit Public-Facing Application
  • T1040 - Network Sniffing
  • T1593 - Search Open Websites/Domains
  • T1583 - Acquire Infrastructure
  • T1592.002 - Software
  • T1071.001 - Web Protocols
  • T1590.001 - Domain Properties
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1199 - Trusted Relationship
  • T1195 - Supply Chain Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 0.77
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1041 - Exfiltration Over C2 Channel
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1594 - Search Victim-Owned Websites
  • T1591 - Gather Victim Org Information
  • T1593.001 - Social Media
  • T1190 - Exploit Public-Facing Application
  • T1040 - Network Sniffing
  • T1593 - Search Open Websites/Domains
  • T1657 - Financial Theft
  • T1583 - Acquire Infrastructure
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1583.001 - Domains
  • T1557 - Adversary-in-the-Middle
  • T1566 - Phishing
  • T1534 - Internal Spearphishing
  • T1219.002 - Remote Desktop Software
  • T1102.001 - Dead Drop Resolver
  • T1204.001 - Malicious Link
MITREへのリンク →

Volt Typhoon

Score: 0.71
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1591.004 - Identify Roles
  • T1090.001 - Internal Proxy
  • T1584.004 - Server
  • T1596.005 - Scan Databases
  • T1588.002 - Tool
  • T1594 - Search Victim-Owned Websites
  • T1518 - Software Discovery
  • T1591 - Gather Victim Org Information
  • T1190 - Exploit Public-Facing Application
  • T1593 - Search Open Websites/Domains
  • T1016.001 - Internet Connection Discovery
  • T1090.003 - Multi-hop Proxy
  • T1027.002 - Software Packing
  • T1584.008 - Network Devices
  • T1590 - Gather Victim Network Information
  • T1069.001 - Local Groups
  • T1090 - Proxy
MITREへのリンク →

FIN7

Score: 0.62
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1587.001 - Malware
  • T1195.002 - Compromise Software Supply Chain
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1591.004 - Identify Roles
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1583.006 - Web Services
  • T1219 - Remote Access Tools
  • T1608.004 - Drive-by Target
  • T1588.002 - Tool
  • T1591 - Gather Victim Org Information
  • T1190 - Exploit Public-Facing Application
  • T1674 - Input Injection
  • T1210 - Exploitation of Remote Services
  • T1583.001 - Domains
  • T1071.004 - DNS
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustang Panda

Score: 0.59
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1566.002 - Spearphishing Link
  • T1041 - Exfiltration Over C2 Channel
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1219.001 - IDE Tunneling
  • T1518 - Software Discovery
  • T1608 - Stage Capabilities
  • T1593 - Search Open Websites/Domains
  • T1001.003 - Protocol or Service Impersonation
  • T1071.001 - Web Protocols
  • T1583.001 - Domains
  • T1557 - Adversary-in-the-Middle
  • T1102 - Web Service
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 0.58
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1589.001 - Credentials
  • T1090.002 - External Proxy
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1102.002 - Bidirectional Communication
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1591 - Gather Victim Org Information
  • T1190 - Exploit Public-Facing Application
  • T1040 - Network Sniffing
  • T1557.004 - Evil Twin
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1584.008 - Network Devices
  • T1071.001 - Web Protocols
  • T1583.001 - Domains
  • T1199 - Trusted Relationship
  • T1204.001 - Malicious Link
MITREへのリンク →

Contagious Interview

Score: 0.57
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1593.001 - Social Media
  • T1587.001 - Malware
  • T1583.001 - Domains
  • T1657 - Financial Theft
  • T1593 - Search Open Websites/Domains
  • T1583 - Acquire Infrastructure
  • T1090 - Proxy
  • T1204.004 - Malicious Copy and Paste
  • T1041 - Exfiltration Over C2 Channel
  • T1583.006 - Web Services
  • T1588.007 - Artificial Intelligence
  • T1681 - Search Threat Vendor Data
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る