Trusted Design

BANGAT (FAMILY)

概要

The BANGAT malware family shares a large amount of functionality with the AURIGA backdoor. The malware family contains functionality for keylogging, creating and killing processes, performing filesystem and registry modifications, spawning interactive command shells, performing process injection, logging off the current user or shutting down the local machine. In addition, the malware also implements a custom VNC like protocol which sends screenshots of the desktop to the C2 server and accepts keyboard and mouse input. The malware communicates to its C2 servers using SSL, with self signed SSL certificates. The malware family will create a copy of cmd.exe to perform its C2 activity, and replace the "Microsoft corp" strings in the cmd.exe binary with different values. The malware family typically maintains persistence through installing itself as a service.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT3

Score: 23.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1032 - Standard Cryptographic Protocol
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
MITREへのリンク →

Cobalt Group

Score: 23.42
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Silence

Score: 23.90
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Chimera

Score: 27.18
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1032 - Standard Cryptographic Protocol
  • T1155 - AppleScript
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 17.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Daggerfly

Score: 12.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1497.002 - User Activity Based Checks
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
MITREへのリンク →

FIN7

Score: 46.00
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1555 - Credentials from Password Stores
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA2541

Score: 19.48
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

GALLIUM

Score: 9.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Sandworm Team

Score: 24.47
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1032 - Standard Cryptographic Protocol
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

BlackByte

Score: 25.96
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 6.04
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

Mustang Panda

Score: 59.58
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1003 - OS Credential Dumping
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1588.006 - Vulnerabilities
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.001 - Local Account
  • T1593.002 - Search Engines
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

Magic Hound

Score: 27.11
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 19.20
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1155 - AppleScript
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ToddyCat

Score: 14.78
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1032 - Standard Cryptographic Protocol
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 23.93
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

Molerats

Score: 12.75
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1546.017 - Udev Rules
MITREへのリンク →

Storm-0501

Score: 13.72
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1155 - AppleScript
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT29

Score: 38.90
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1546.018 - Python Startup Hooks
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 35.98
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1570 - Lateral Tool Transfer
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN8

Score: 13.37
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1556 - Modify Authentication Process
MITREへのリンク →

Wizard Spider

Score: 37.65
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1003.001 - LSASS Memory
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1587 - Develop Capabilities
  • T1556 - Modify Authentication Process
MITREへのリンク →

Higaisa

Score: 15.80
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1546.017 - Udev Rules
MITREへのリンク →

APT41

Score: 50.07
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1177 - LSASS Driver
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1686.002 - Network Device Firewall
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

Rancor

Score: 5.46
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1685.002 - Disable or Modify Cloud Log
  • T1591.004 - Identify Roles
MITREへのリンク →

Earth Lusca

Score: 18.49
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1546.016 - Installer Packages
MITREへのリンク →

Ember Bear

Score: 12.12
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Machete

Score: 6.60
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1685.002 - Disable or Modify Cloud Log
  • T1591.004 - Identify Roles
MITREへのリンク →

APT42

Score: 16.51
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1110.002 - Password Cracking
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
MITREへのリンク →

FIN10

Score: 10.73
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Naikon

Score: 3.57
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1679 - Selective Exclusion
MITREへのリンク →

RedCurl

Score: 26.16
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1608.004 - Drive-by Target
  • T1558.005 - Ccache Files
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Moonstone Sleet

Score: 11.01
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 50.27
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1608.004 - Drive-by Target
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1592.004 - Client Configurations
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Fox Kitten

Score: 20.93
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1032 - Standard Cryptographic Protocol
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT33

Score: 8.32
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
MITREへのリンク →

OilRig

Score: 36.60
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT38

Score: 53.88
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1059.005 - Visual Basic
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

menuPass

Score: 24.64
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1588.006 - Vulnerabilities
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN6

Score: 22.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

LuminousMoth

Score: 13.83
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
MITREへのリンク →

Lazarus Group

Score: 65.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1590.003 - Network Trust Dependencies
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1032 - Standard Cryptographic Protocol
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1587 - Develop Capabilities
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

BRONZE BUTLER

Score: 24.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1592.004 - Client Configurations
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 9.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
MITREへのリンク →

Dragonfly

Score: 23.42
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MuddyWater

Score: 33.30
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1591.004 - Identify Roles
MITREへのリンク →

Gamaredon Group

Score: 50.74
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1546.017 - Udev Rules
MITREへのリンク →

Kimsuky

Score: 52.73
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1496.004 - Cloud Service Hijacking
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1570 - Lateral Tool Transfer
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Stealth Falcon

Score: 8.12
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BITTER

Score: 7.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 7.06
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 17.10
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT28

Score: 44.36
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1588.003 - Code Signing Certificates
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

MoustachedBouncer

Score: 5.14
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1497.002 - User Activity Based Checks
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.68
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Volt Typhoon

Score: 30.40
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1686.002 - Network Device Firewall
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Group5

Score: 3.67
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1070.009 - Clear Persistence
MITREへのリンク →

Dark Caracal

Score: 12.46
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1679 - Selective Exclusion
  • T1048 - Exfiltration Over Alternative Protocol
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT19

Score: 17.61
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
MITREへのリンク →

UNC3886

Score: 24.68
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1218 - System Binary Proxy Execution
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Carbanak

Score: 8.45
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
MITREへのリンク →

TA551

Score: 7.98
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
MITREへのリンク →

TA505

Score: 26.59
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
  • T1587 - Develop Capabilities
MITREへのリンク →

CopyKittens

Score: 5.98
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

HAFNIUM

Score: 14.35
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

LazyScripter

Score: 9.70
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
MITREへのリンク →

Aquatic Panda

Score: 21.49
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
MITREへのリンク →

Rocke

Score: 27.82
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 25.15
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Turla

Score: 41.94
Matched TTPs:
  • T1014 - Rootkit
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1546.016 - Installer Packages
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Storm-1811

Score: 14.82
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1591.004 - Identify Roles
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 19.18
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1622 - Debugger Evasion
MITREへのリンク →

WIRTE

Score: 7.10
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

admin@338

Score: 3.58
Matched TTPs:
  • T1218.013 - Mavinject
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

BackdoorDiplomacy

Score: 7.37
Matched TTPs:
  • T1218.013 - Mavinject
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1587 - Develop Capabilities
MITREへのリンク →

Akira

Score: 7.97
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1622 - Debugger Evasion
MITREへのリンク →

Ke3chang

Score: 20.28
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tropic Trooper

Score: 29.57
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

PROMETHIUM

Score: 6.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1679 - Selective Exclusion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

INC Ransom

Score: 12.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Whitefly

Score: 4.33
Matched TTPs:
  • T1218.013 - Mavinject
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
MITREへのリンク →

Darkhotel

Score: 10.91
Matched TTPs:
  • T1218.013 - Mavinject
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

APT1

Score: 8.56
Matched TTPs:
  • T1218.013 - Mavinject
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1622 - Debugger Evasion
MITREへのリンク →

Sidewinder

Score: 8.49
Matched TTPs:
  • T1218.013 - Mavinject
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

Sowbug

Score: 5.13
Matched TTPs:
  • T1218.013 - Mavinject
  • T1542.004 - ROMMONkit
  • T1591.004 - Identify Roles
MITREへのリンク →

Velvet Ant

Score: 15.22
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 9.90
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Poseidon Group

Score: 3.45
Matched TTPs:
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

SideCopy

Score: 5.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1218.012 - Verclsid
MITREへのリンク →

Contagious Interview

Score: 30.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1059.006 - Python
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1651 - Cloud Administration Command
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Salt Typhoon

Score: 9.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 14.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1032 - Standard Cryptographic Protocol
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 9.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Moses Staff

Score: 4.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1032 - Standard Cryptographic Protocol
  • T1199 - Trusted Relationship
MITREへのリンク →

Medusa Group

Score: 38.78
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1586.002 - Email Accounts
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

DarkVishnya

Score: 6.18
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 22.90
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Agrius

Score: 7.90
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1622 - Debugger Evasion
MITREへのリンク →

Cinnamon Tempest

Score: 8.04
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

ZIRCONIUM

Score: 11.30
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Gorgon Group

Score: 17.82
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
MITREへのリンク →

BlackTech

Score: 4.63
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Leviathan

Score: 18.37
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1622 - Debugger Evasion
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 4.50
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1587 - Develop Capabilities
MITREへのリンク →

PLATINUM

Score: 7.00
Matched TTPs:
  • T1684 - Social Engineering
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Sea Turtle

Score: 15.60
Matched TTPs:
  • T1218 - System Binary Proxy Execution
  • T1199 - Trusted Relationship
  • T1686.002 - Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Deep Panda

Score: 12.68
Matched TTPs:
  • T1032 - Standard Cryptographic Protocol
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Saint Bear

Score: 11.27
Matched TTPs:
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Leafminer

Score: 5.39
Matched TTPs:
  • T1101 - Security Support Provider
  • T1199 - Trusted Relationship
MITREへのリンク →

Axiom

Score: 10.96
Matched TTPs:
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

FIN5

Score: 4.57
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

LAPSUS$

Score: 5.65
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Metador

Score: 5.64
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Andariel

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

Scattered Spider

Score: 16.57
Matched TTPs:
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1498 - Network Denial of Service
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Inception

Score: 10.95
Matched TTPs:
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 5.25
Matched TTPs:
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Thrip

Score: 4.40
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

DarkHydrus

Score: 4.05
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

CURIUM

Score: 3.32
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1547.008 - LSASS Driver
MITREへのリンク →

Nomadic Octopus

Score: 4.15
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1553.004 - Install Root Certificate
  • T1591.004 - Identify Roles
MITREへのリンク →

RTM

Score: 4.49
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1008 - Fallback Channels
MITREへのリンク →

Putter Panda

Score: 5.93
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
MITREへのリンク →

APT18

Score: 3.54
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

The White Company

Score: 4.93
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1590.003 - Network Trust Dependencies
  • T1606.002 - SAML Tokens
  • T1053.005 - Scheduled Task
  • T1597 - Search Closed Sources
  • T1032 - Standard Cryptographic Protocol
  • T1587 - Develop Capabilities
  • T1218.012 - Verclsid
  • T1216 - System Script Proxy Execution
  • T1546.016 - Installer Packages
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1558.005 - Ccache Files
  • T1176.001 - Browser Extensions
  • T1622 - Debugger Evasion
  • T1069.001 - Local Groups
  • T1570 - Lateral Tool Transfer
  • T1547.008 - LSASS Driver
  • T1174 - Password Filter DLL
  • T1497.002 - User Activity Based Checks
  • T1070.008 - Clear Mailbox Data
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1218.013 - Mavinject
  • T1556 - Modify Authentication Process
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Mustang Panda

Score: 0.70
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1590.003 - Network Trust Dependencies
  • T1588.006 - Vulnerabilities
  • T1058 - Service Registry Permissions Weakness
  • T1593.002 - Search Engines
  • T1548.006 - TCC Manipulation
  • T1606.002 - SAML Tokens
  • T1608 - Stage Capabilities
  • T1053.005 - Scheduled Task
  • T1218.012 - Verclsid
  • T1169 - Sudo
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1497.002 - User Activity Based Checks
  • T1583.006 - Web Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1003 - OS Credential Dumping
  • T1218.013 - Mavinject
  • T1556 - Modify Authentication Process
  • T1136.001 - Local Account
  • T1199 - Trusted Relationship
  • T1055.013 - Process Doppelgänging
  • T1591.004 - Identify Roles
MITREへのリンク →

APT38

Score: 0.66
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1027.007 - Dynamic API Resolution
  • T1053.005 - Scheduled Task
  • T1597 - Search Closed Sources
  • T1059.005 - Visual Basic
  • T1218.012 - Verclsid
  • T1216 - System Script Proxy Execution
  • T1059.009 - Cloud API
  • T1176.001 - Browser Extensions
  • T1138 - Application Shimming
  • T1174 - Password Filter DLL
  • T1497.002 - User Activity Based Checks
  • T1685.002 - Disable or Modify Cloud Log
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1537 - Transfer Data to Cloud Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1503 - Credentials from Web Browsers
  • T1048 - Exfiltration Over Alternative Protocol
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1684 - Social Engineering
  • T1606.002 - SAML Tokens
  • T1496.004 - Cloud Service Hijacking
  • T1027.014 - Polymorphic Code
  • T1608 - Stage Capabilities
  • T1053.005 - Scheduled Task
  • T1597 - Search Closed Sources
  • T1218.012 - Verclsid
  • T1059.009 - Cloud API
  • T1156 - Malicious Shell Modification
  • T1490 - Inhibit System Recovery
  • T1176.001 - Browser Extensions
  • T1622 - Debugger Evasion
  • T1570 - Lateral Tool Transfer
  • T1497.002 - User Activity Based Checks
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1537 - Transfer Data to Cloud Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1553.004 - Install Root Certificate
  • T1008 - Fallback Channels
  • T1218.013 - Mavinject
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

APT41

Score: 0.63
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1684 - Social Engineering
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1053.005 - Scheduled Task
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1176.001 - Browser Extensions
  • T1622 - Debugger Evasion
  • T1177 - LSASS Driver
  • T1570 - Lateral Tool Transfer
  • T1497.002 - User Activity Based Checks
  • T1583 - Acquire Infrastructure
  • T1537 - Transfer Data to Cloud Account
  • T1499.001 - OS Exhaustion Flood
  • T1070.009 - Clear Persistence
  • T1008 - Fallback Channels
  • T1037.001 - Logon Script (Windows)
  • T1218.013 - Mavinject
  • T1048 - Exfiltration Over Alternative Protocol
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN7

Score: 0.62
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1058 - Service Registry Permissions Weakness
  • T1027.007 - Dynamic API Resolution
  • T1606.002 - SAML Tokens
  • T1053.005 - Scheduled Task
  • T1218.012 - Verclsid
  • T1156 - Malicious Shell Modification
  • T1490 - Inhibit System Recovery
  • T1176.001 - Browser Extensions
  • T1622 - Debugger Evasion
  • T1555 - Credentials from Password Stores
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1553.004 - Install Root Certificate
  • T1218.013 - Mavinject
  • T1199 - Trusted Relationship
  • T1055.013 - Process Doppelgänging
  • T1011.001 - Exfiltration Over Bluetooth
  • T1591.004 - Identify Roles
MITREへのリンク →

APT32

Score: 0.62
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1684 - Social Engineering
  • T1027.007 - Dynamic API Resolution
  • T1027.014 - Polymorphic Code
  • T1592.004 - Client Configurations
  • T1053.005 - Scheduled Task
  • T1032 - Standard Cryptographic Protocol
  • T1218.012 - Verclsid
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
  • T1176.001 - Browser Extensions
  • T1570 - Lateral Tool Transfer
  • T1608.004 - Drive-by Target
  • T1174 - Password Filter DLL
  • T1497.002 - User Activity Based Checks
  • T1583 - Acquire Infrastructure
  • T1070.009 - Clear Persistence
  • T1553.004 - Install Root Certificate
  • T1218.013 - Mavinject
  • T1556 - Modify Authentication Process
  • T1199 - Trusted Relationship
  • T1055.013 - Process Doppelgänging
  • T1591.004 - Identify Roles
MITREへのリンク →

Gamaredon Group

Score: 0.61
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1058 - Service Registry Permissions Weakness
  • T1608 - Stage Capabilities
  • T1053.005 - Scheduled Task
  • T1597 - Search Closed Sources
  • T1218.012 - Verclsid
  • T1059.009 - Cloud API
  • T1156 - Malicious Shell Modification
  • T1547.012 - Print Processors
  • T1570 - Lateral Tool Transfer
  • T1542.004 - ROMMONkit
  • T1497.002 - User Activity Based Checks
  • T1059.013 - Container CLI/API
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.009 - Clear Persistence
  • T1553.004 - Install Root Certificate
  • T1218.013 - Mavinject
  • T1199 - Trusted Relationship
  • T1546.017 - Udev Rules
  • T1591.004 - Identify Roles
MITREへのリンク →

Turla

Score: 0.56
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1032 - Standard Cryptographic Protocol
  • T1587 - Develop Capabilities
  • T1059.009 - Cloud API
  • T1546.016 - Installer Packages
  • T1490 - Inhibit System Recovery
  • T1136.002 - Domain Account
  • T1003.001 - LSASS Memory
  • T1570 - Lateral Tool Transfer
  • T1497.002 - User Activity Based Checks
  • T1583.006 - Web Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.013 - Mavinject
  • T1199 - Trusted Relationship
  • T1014 - Rootkit
  • T1591.004 - Identify Roles
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る