Trusted Design

TABMSGSQL (FAMILY)

概要

This malware family is a full-featured backdoor capable of file uploading and downloading, arbitrary execution of programs, and providing a remote interactive command shell. All communications with the C2 server are sent over HTTP to a static URL, appending various URL parameters to the request. Some variants use a slightly different URL. The C2 server appears to act as just a database, allowing the clients to craft and execute SQL statements of their choosing. The malware also implements a special mode that provides full administrative access to the C2 server. This includes displaying the status of clients who have checked in with the C2 server, queuing commands to any client, and uploading or downloading files to the C2 server.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Magic Hound

Score: 11.51
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1505.003 - Web Shell
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

HEXANE

Score: 8.76
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT29

Score: 17.83
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1651 - Cloud Administration Command
MITREへのリンク →

Gamaredon Group

Score: 22.71
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1102.003 - One-Way Communication
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 7.87
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1608.001 - Upload Malware
  • T1027.015 - Compression
MITREへのリンク →

FIN13

Score: 11.26
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

HAFNIUM

Score: 8.04
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
MITREへのリンク →

Turla

Score: 12.19
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102 - Web Service
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Volt Typhoon

Score: 10.07
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

FIN8

Score: 15.39
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 12.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT39

Score: 13.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

WIRTE

Score: 5.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

Kimsuky

Score: 16.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Moonstone Sleet

Score: 7.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 19.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Agrius

Score: 4.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Ke3chang

Score: 7.49
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

APT38

Score: 12.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

Molerats

Score: 4.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.015 - Compression
MITREへのリンク →

Darkhotel

Score: 4.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Earth Lusca

Score: 5.31
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

ZIRCONIUM

Score: 3.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

MuddyWater

Score: 13.53
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

OilRig

Score: 23.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TA505

Score: 4.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
MITREへのリンク →

Threat Group-3390

Score: 12.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1027.015 - Compression
MITREへのリンク →

APT28

Score: 22.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
  • T1669 - Wi-Fi Networks
MITREへのリンク →

FIN7

Score: 13.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 7.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1071.001 - Web Protocols
MITREへのリンク →

Winter Vivern

Score: 4.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

menuPass

Score: 11.34
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090.002 - External Proxy
  • T1039 - Data from Network Shared Drive
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Lazarus Group

Score: 23.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090.002 - External Proxy
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

BlackByte

Score: 10.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Leviathan

Score: 18.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1027.015 - Compression
MITREへのリンク →

Rocke

Score: 8.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102 - Web Service
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Tropic Trooper

Score: 6.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Sandworm Team

Score: 12.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
MITREへのリンク →

APT19

Score: 7.27
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Higaisa

Score: 7.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1027.015 - Compression
MITREへのリンク →

LuminousMoth

Score: 3.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 4.50
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
MITREへのリンク →

BITTER

Score: 4.65
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

APT32

Score: 18.60
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1102 - Web Service
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Saint Bear

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Contagious Interview

Score: 4.72
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

EXOTIC LILY

Score: 5.99
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT42

Score: 5.68
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1071.001 - Web Protocols
MITREへのリンク →

Cobalt Group

Score: 15.75
Matched TTPs:
  • T1218.003 - CMSTP
  • T1218.008 - Odbcconf
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

CURIUM

Score: 3.53
Matched TTPs:
  • T1505.003 - Web Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dragonfly

Score: 9.01
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Deep Panda

Score: 4.51
Matched TTPs:
  • T1505.003 - Web Shell
  • T1218.010 - Regsvr32
MITREへのリンク →

GALLIUM

Score: 4.51
Matched TTPs:
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
MITREへのリンク →

Ember Bear

Score: 3.26
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Fox Kitten

Score: 11.31
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102 - Web Service
  • T1039 - Data from Network Shared Drive
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Tonto Team

Score: 6.01
Matched TTPs:
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT5

Score: 3.41
Matched TTPs:
  • T1505.003 - Web Shell
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Medusa Group

Score: 13.88
Matched TTPs:
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

Sea Turtle

Score: 4.45
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

APT3

Score: 5.89
Matched TTPs:
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Silence

Score: 10.23
Matched TTPs:
  • T1090.002 - External Proxy
  • T1218.001 - Compiled HTML File
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 6.74
Matched TTPs:
  • T1102 - Web Service
  • T1039 - Data from Network Shared Drive
  • T1071.001 - Web Protocols
MITREへのリンク →

Inception

Score: 7.95
Matched TTPs:
  • T1102 - Web Service
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN6

Score: 11.66
Matched TTPs:
  • T1102 - Web Service
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Dark Caracal

Score: 6.39
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

APT41

Score: 19.23
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Chimera

Score: 10.61
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

TA551

Score: 3.93
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

Blue Mockingbird

Score: 6.79
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT37

Score: 6.84
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Andariel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Patchwork

Score: 8.19
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Axiom

Score: 9.44
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

UNC3886

Score: 4.93
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1008 - Fallback Channels
MITREへのリンク →

Transparent Tribe

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT33

Score: 5.43
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Wizard Spider

Score: 10.32
Matched TTPs:
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

INC Ransom

Score: 4.05
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 3.99
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.77
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1608.001 - Upload Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1137.004 - Outlook Home Page
  • T1008 - Fallback Channels
  • T1218.001 - Compiled HTML File
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
MITREへのリンク →

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1090.002 - External Proxy
  • T1102.002 - Bidirectional Communication
  • T1027.007 - Dynamic API Resolution
  • T1189 - Drive-by Compromise
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1008 - Fallback Channels
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT28

Score: 0.75
Matched TTPs:
  • T1090.002 - External Proxy
  • T1102.002 - Bidirectional Communication
  • T1039 - Data from Network Shared Drive
  • T1189 - Drive-by Compromise
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.003 - NTDS
  • T1669 - Wi-Fi Networks
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
MITREへのリンク →

Gamaredon Group

Score: 0.74
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
  • T1039 - Data from Network Shared Drive
  • T1102 - Web Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.001 - Web Protocols
  • T1102.003 - One-Way Communication
  • T1027.015 - Compression
MITREへのリンク →

APT41

Score: 0.66
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1218.001 - Compiled HTML File
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 0.64
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1102 - Web Service
  • T1218.010 - Regsvr32
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1569.002 - Service Execution
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1027.007 - Dynamic API Resolution
  • T1102 - Web Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1003.003 - NTDS
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
MITREへのリンク →

Leviathan

Score: 0.62
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1189 - Drive-by Compromise
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.015 - Compression
  • T1102.003 - One-Way Communication
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
MITREへのリンク →

APT29

Score: 0.60
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1651 - Cloud Administration Command
  • T1090.002 - External Proxy
  • T1090.004 - Domain Fronting
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
MITREへのリンク →

Kimsuky

Score: 0.56
Matched TTPs:
  • T1021.001 - Remote Desktop Protocol
  • T1608.001 - Upload Malware
  • T1102.001 - Dead Drop Resolver
  • T1102.002 - Bidirectional Communication
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.001 - Web Protocols
  • T1505.003 - Web Shell
MITREへのリンク →

FIN8

Score: 0.56
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1102 - Web Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1055.004 - Asynchronous Procedure Call
  • T1071.001 - Web Protocols
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る