Trusted Design

HEUR:Trojan-Downloader.Script.Generic

概要

Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up. Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page). This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 54.83
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1496.004 - Cloud Service Hijacking
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
MITREへのリンク →

Mustang Panda

Score: 43.40
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 11.86
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 10.71
Matched TTPs:
  • T1110.002 - Password Cracking
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN13

Score: 11.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moonstone Sleet

Score: 16.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Indrik Spider

Score: 3.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 42.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 22.05
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 30.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

UNC3886

Score: 11.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
MITREへのリンク →

LuminousMoth

Score: 15.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 29.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 26.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 7.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 12.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1058 - Service Registry Permissions Weakness
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 12.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 3.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 16.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 9.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 18.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN7

Score: 32.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1506 - Web Session Cookie
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 11.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 10.56
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 7.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 16.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 7.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 5.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 7.67
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

Tropic Trooper

Score: 21.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

Dark Caracal

Score: 8.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

menuPass

Score: 13.44
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 9.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 7.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 9.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Threat Group-3390

Score: 24.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 8.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 13.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

LazyScripter

Score: 14.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PROMETHIUM

Score: 6.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA505

Score: 21.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 26.14
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 4.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Higaisa

Score: 11.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
MITREへのリンク →

Rancor

Score: 5.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 13.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 17.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN4

Score: 4.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 18.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 12.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 11.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

EXOTIC LILY

Score: 7.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 8.54
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 5.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

Patchwork

Score: 19.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

Whitefly

Score: 4.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 4.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 20.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gorgon Group

Score: 8.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 12.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 16.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 22.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 17.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1584.002 - DNS Server
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 4.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 16.44
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tonto Team

Score: 8.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 12.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 18.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 42.89
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1491 - Defacement
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1216 - System Script Proxy Execution
MITREへのリンク →

MuddyWater

Score: 23.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Naikon

Score: 7.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1588.001 - Malware
  • T1506 - Web Session Cookie
MITREへのリンク →

Molerats

Score: 10.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 26.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 16.33
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 29.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

The White Company

Score: 8.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

IndigoZebra

Score: 3.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 7.59
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 8.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 15.46
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 11.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackTech

Score: 8.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 16.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Medusa Group

Score: 21.19
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Aquatic Panda

Score: 13.13
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 21.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 5.53
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

BlackByte

Score: 9.53
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Carbanak

Score: 4.88
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

APT3

Score: 18.09
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Agrius

Score: 5.69
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Cinnamon Tempest

Score: 9.20
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 6.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 5.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

ZIRCONIUM

Score: 17.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 10.63
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Chimera

Score: 10.86
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1491 - Defacement
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

GALLIUM

Score: 10.99
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 11.85
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BackdoorDiplomacy

Score: 10.20
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 23.76
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1491 - Defacement
  • T1199 - Trusted Relationship
  • T1584.002 - DNS Server
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

Rocke

Score: 15.93
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ember Bear

Score: 15.50
Matched TTPs:
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1003.003 - NTDS
MITREへのリンク →

Fox Kitten

Score: 6.16
Matched TTPs:
  • T1491 - Defacement
  • T1588.001 - Malware
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 11.50
Matched TTPs:
  • T1491 - Defacement
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LAPSUS$

Score: 7.44
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

Storm-0501

Score: 8.79
Matched TTPs:
  • T1588.001 - Malware
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Sea Turtle

Score: 5.96
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

INC Ransom

Score: 3.01
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 12.33
Matched TTPs:
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

ToddyCat

Score: 4.73
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.76
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1608 - Stage Capabilities
  • T1496.004 - Cloud Service Hijacking
  • T1059.011 - Lua
  • T1218.012 - Verclsid
  • T1213.006 - Databases
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1606.002 - SAML Tokens
  • T1537 - Transfer Data to Cloud Account
  • T1003.003 - NTDS
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1588.001 - Malware
  • T1665 - Hide Infrastructure
  • T1547.013 - XDG Autostart Entries
  • T1598.003 - Spearphishing Link
  • T1053.007 - Container Orchestration Job
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
MITREへのリンク →

APT38

Score: 0.64
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1218.012 - Verclsid
  • T1491 - Defacement
  • T1537 - Transfer Data to Cloud Account
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1138 - Application Shimming
  • T1174 - Password Filter DLL
  • T1059.005 - Visual Basic
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1048 - Exfiltration Over Alternative Protocol
  • T1216 - System Script Proxy Execution
  • T1547.013 - XDG Autostart Entries
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1608 - Stage Capabilities
  • T1059.011 - Lua
  • T1218.012 - Verclsid
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
  • T1199 - Trusted Relationship
  • T1055.005 - Thread Local Storage
  • T1136.001 - Local Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1159 - Launch Agent
  • T1598.003 - Spearphishing Link
  • T1053.007 - Container Orchestration Job
MITREへのリンク →

Lazarus Group

Score: 0.60
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1218.012 - Verclsid
  • T1543.003 - Windows Service
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1055.005 - Thread Local Storage
  • T1174 - Password Filter DLL
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1588.001 - Malware
  • T1216 - System Script Proxy Execution
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
  • T1547.013 - XDG Autostart Entries
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る