Trusted Design

BANGAT (FAMILY)

概要

The BANGAT malware family shares a large amount of functionality with the AURIGA backdoor. The malware family contains functionality for keylogging, creating and killing processes, performing filesystem and registry modifications, spawning interactive command shells, performing process injection, logging off the current user or shutting down the local machine. In addition, the malware also implements a custom VNC like protocol which sends screenshots of the desktop to the C2 server and accepts keyboard and mouse input. The malware communicates to its C2 servers using SSL, with self signed SSL certificates. The malware family will create a copy of cmd.exe to perform its C2 activity, and replace the "Microsoft corp" strings in the cmd.exe binary with different values. The malware family typically maintains persistence through installing itself as a service.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT3

Score: 23.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1021.002 - SMB/Windows Admin Shares
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cobalt Group

Score: 23.42
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Silence

Score: 23.90
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Chimera

Score: 27.18
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 17.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Daggerfly

Score: 12.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1059.001 - PowerShell
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1584.004 - Server
MITREへのリンク →

FIN7

Score: 46.00
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1546.011 - Application Shimming
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

TA2541

Score: 19.48
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

GALLIUM

Score: 9.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
MITREへのリンク →

Sandworm Team

Score: 24.47
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1003.003 - NTDS
MITREへのリンク →

BlackByte

Score: 25.96
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

HEXANE

Score: 6.04
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Mustang Panda

Score: 59.58
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1129 - Shared Modules
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1218.004 - InstallUtil
  • T1106 - Native API
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1176.002 - IDE Extensions
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Magic Hound

Score: 27.11
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 19.20
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

ToddyCat

Score: 14.78
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 23.93
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Molerats

Score: 12.75
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027.015 - Compression
MITREへのリンク →

Storm-0501

Score: 13.72
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1027.002 - Software Packing
MITREへのリンク →

APT29

Score: 38.90
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1546.008 - Accessibility Features
  • T1550.003 - Pass the Ticket
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1562.008 - Disable or Modify Cloud Logs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

APT39

Score: 35.98
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1012 - Query Registry
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 13.37
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Wizard Spider

Score: 37.65
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1547.004 - Winlogon Helper DLL
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1055.001 - Dynamic-link Library Injection
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Higaisa

Score: 15.80
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1027.015 - Compression
MITREへのリンク →

APT41

Score: 50.07
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1059.004 - Unix Shell
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Rancor

Score: 5.46
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.007 - Msiexec
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Earth Lusca

Score: 18.49
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1584.004 - Server
MITREへのリンク →

Ember Bear

Score: 12.12
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Machete

Score: 6.60
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.007 - Msiexec
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT42

Score: 16.51
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547 - Boot or Logon Autostart Execution
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1056 - Input Capture
MITREへのリンク →

FIN10

Score: 10.73
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Naikon

Score: 3.57
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547.001 - Registry Run Keys / Startup Folder
MITREへのリンク →

RedCurl

Score: 26.16
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1552.002 - Credentials in Registry
  • T1202 - Indirect Command Execution
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Moonstone Sleet

Score: 11.01
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 50.27
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1552.002 - Credentials in Registry
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1550.003 - Pass the Ticket
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Fox Kitten

Score: 20.93
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.002 - SMB/Windows Admin Shares
  • T1546.008 - Accessibility Features
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

APT33

Score: 8.32
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

OilRig

Score: 36.60
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT38

Score: 53.88
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1036.006 - Space after Filename
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

menuPass

Score: 24.64
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.004 - InstallUtil
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

FIN6

Score: 22.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LuminousMoth

Score: 13.83
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
MITREへのリンク →

Lazarus Group

Score: 65.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1021.002 - SMB/Windows Admin Shares
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1055.001 - Dynamic-link Library Injection
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

BRONZE BUTLER

Score: 24.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550.003 - Pass the Ticket
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Winter Vivern

Score: 9.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Dragonfly

Score: 23.42
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

MuddyWater

Score: 33.30
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Gamaredon Group

Score: 50.74
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.015 - Compression
MITREへのリンク →

Kimsuky

Score: 52.73
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1546.001 - Change Default File Association
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

Stealth Falcon

Score: 8.12
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1012 - Query Registry
MITREへのリンク →

BITTER

Score: 7.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 7.06
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 17.10
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1106 - Native API
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT28

Score: 44.36
Matched TTPs:
  • T1113 - Screen Capture
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1137.002 - Office Test
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
MITREへのリンク →

MoustachedBouncer

Score: 5.14
Matched TTPs:
  • T1113 - Screen Capture
  • T1059.001 - PowerShell
  • T1027.002 - Software Packing
MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.68
Matched TTPs:
  • T1113 - Screen Capture
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
MITREへのリンク →

Volt Typhoon

Score: 30.40
Matched TTPs:
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.004 - Unix Shell
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Group5

Score: 3.67
Matched TTPs:
  • T1113 - Screen Capture
  • T1070.004 - File Deletion
MITREへのリンク →

Dark Caracal

Score: 12.46
Matched TTPs:
  • T1113 - Screen Capture
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT19

Score: 17.61
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
MITREへのリンク →

UNC3886

Score: 24.68
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1564.011 - Ignore Process Interrupts
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Carbanak

Score: 8.45
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

TA551

Score: 7.98
Matched TTPs:
  • T1218.011 - Rundll32
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
MITREへのリンク →

TA505

Score: 26.59
Matched TTPs:
  • T1218.011 - Rundll32
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

CopyKittens

Score: 5.98
Matched TTPs:
  • T1218.011 - Rundll32
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

HAFNIUM

Score: 14.35
Matched TTPs:
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

LazyScripter

Score: 9.70
Matched TTPs:
  • T1218.011 - Rundll32
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Aquatic Panda

Score: 21.49
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
MITREへのリンク →

Rocke

Score: 27.82
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TeamTNT

Score: 25.15
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Turla

Score: 41.94
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1584.004 - Server
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

Storm-1811

Score: 14.82
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1059.003 - Windows Command Shell
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 19.18
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1136 - Create Account
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

WIRTE

Score: 7.10
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

admin@338

Score: 3.58
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BackdoorDiplomacy

Score: 7.37
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Akira

Score: 7.97
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Ke3chang

Score: 20.28
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Tropic Trooper

Score: 29.57
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1106 - Native API
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

PROMETHIUM

Score: 6.94
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1078.003 - Local Accounts
MITREへのリンク →

INC Ransom

Score: 12.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Whitefly

Score: 4.33
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
MITREへのリンク →

Darkhotel

Score: 10.91
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT1

Score: 8.56
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Sidewinder

Score: 8.49
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sowbug

Score: 5.13
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1039 - Data from Network Shared Drive
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Velvet Ant

Score: 15.22
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

APT5

Score: 9.90
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Poseidon Group

Score: 3.45
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

SideCopy

Score: 5.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1218.005 - Mshta
MITREへのリンク →

Contagious Interview

Score: 30.00
Matched TTPs:
  • T1587.001 - Malware
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1543.001 - Launch Agent
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1547.013 - XDG Autostart Entries
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Salt Typhoon

Score: 9.54
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1136 - Create Account
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 14.00
Matched TTPs:
  • T1587.001 - Malware
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 9.53
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Moses Staff

Score: 4.88
Matched TTPs:
  • T1587.001 - Malware
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
MITREへのリンク →

Medusa Group

Score: 38.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

DarkVishnya

Score: 6.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

Threat Group-3390

Score: 22.90
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

Agrius

Score: 7.90
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cinnamon Tempest

Score: 8.04
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

ZIRCONIUM

Score: 11.30
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
MITREへのリンク →

Gorgon Group

Score: 17.82
Matched TTPs:
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BlackTech

Score: 4.63
Matched TTPs:
  • T1106 - Native API
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Leviathan

Score: 18.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 4.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

PLATINUM

Score: 7.00
Matched TTPs:
  • T1055 - Process Injection
  • T1056.004 - Credential API Hooking
MITREへのリンク →

Sea Turtle

Score: 15.60
Matched TTPs:
  • T1564.011 - Ignore Process Interrupts
  • T1588.002 - Tool
  • T1059.004 - Unix Shell
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1078.003 - Local Accounts
MITREへのリンク →

Deep Panda

Score: 12.68
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
MITREへのリンク →

Saint Bear

Score: 11.27
Matched TTPs:
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
MITREへのリンク →

Leafminer

Score: 5.39
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1588.002 - Tool
MITREへのリンク →

Axiom

Score: 10.96
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

FIN5

Score: 4.57
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1070.004 - File Deletion
MITREへのリンク →

LAPSUS$

Score: 5.65
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1003.003 - NTDS
MITREへのリンク →

Metador

Score: 5.64
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Andariel

Score: 5.47
Matched TTPs:
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Scattered Spider

Score: 16.57
Matched TTPs:
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1136 - Create Account
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Inception

Score: 10.95
Matched TTPs:
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 5.25
Matched TTPs:
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Thrip

Score: 4.40
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

DarkHydrus

Score: 4.05
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

CURIUM

Score: 3.32
Matched TTPs:
  • T1059.001 - PowerShell
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Nomadic Octopus

Score: 4.15
Matched TTPs:
  • T1059.001 - PowerShell
  • T1564.003 - Hidden Window
  • T1059.003 - Windows Command Shell
MITREへのリンク →

RTM

Score: 4.49
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Putter Panda

Score: 5.93
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT18

Score: 3.54
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1056.002 - GUI Input Capture
MITREへのリンク →

The White Company

Score: 4.93
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1480.001 - Environmental Keying
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1218.005 - Mshta
  • T1587.001 - Malware
  • T1036.003 - Rename Legitimate Utilities
  • T1574.013 - KernelCallbackTable
  • T1059.003 - Windows Command Shell
  • T1562.001 - Disable or Modify Tools
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1202 - Indirect Command Execution
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1021.001 - Remote Desktop Protocol
  • T1070.004 - File Deletion
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027.007 - Dynamic API Resolution
  • T1055.001 - Dynamic-link Library Injection
  • T1218 - System Binary Proxy Execution
  • T1012 - Query Registry
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1584.004 - Server
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Mustang Panda

Score: 0.70
Matched TTPs:
  • T1218.005 - Mshta
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1003.003 - NTDS
  • T1059.003 - Windows Command Shell
  • T1588.002 - Tool
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1203 - Exploitation for Client Execution
  • T1059.001 - PowerShell
  • T1053.005 - Scheduled Task
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1678 - Delay Execution
  • T1070.004 - File Deletion
  • T1218.004 - InstallUtil
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027.007 - Dynamic API Resolution
  • T1027.012 - LNK Icon Smuggling
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1129 - Shared Modules
  • T1176.002 - IDE Extensions
MITREへのリンク →

APT38

Score: 0.66
Matched TTPs:
  • T1218.005 - Mshta
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1562.001 - Disable or Modify Tools
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.001 - Compiled HTML File
  • T1057 - Process Discovery
  • T1036.006 - Space after Filename
  • T1106 - Native API
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1480.002 - Mutual Exclusion
  • T1055 - Process Injection
  • T1218.007 - Msiexec
  • T1529 - System Shutdown/Reboot
  • T1569.002 - Service Execution
  • T1112 - Modify Registry
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1218.005 - Mshta
  • T1587.001 - Malware
  • T1059.003 - Windows Command Shell
  • T1562.001 - Disable or Modify Tools
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1053.005 - Scheduled Task
  • T1102.001 - Dead Drop Resolver
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1070.004 - File Deletion
  • T1546.001 - Change Default File Association
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027.002 - Software Packing
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1055 - Process Injection
  • T1027.012 - LNK Icon Smuggling
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1078.003 - Local Accounts
  • T1113 - Screen Capture
  • T1564.003 - Hidden Window
MITREへのリンク →

APT41

Score: 0.63
Matched TTPs:
  • T1003.003 - NTDS
  • T1059.003 - Windows Command Shell
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1059.004 - Unix Shell
  • T1203 - Exploitation for Client Execution
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1053.005 - Scheduled Task
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
  • T1218.011 - Rundll32
  • T1218.001 - Compiled HTML File
  • T1021.001 - Remote Desktop Protocol
  • T1070.004 - File Deletion
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1014 - Rootkit
  • T1027.002 - Software Packing
  • T1012 - Query Registry
  • T1055 - Process Injection
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1569.002 - Service Execution
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
MITREへのリンク →

FIN7

Score: 0.62
Matched TTPs:
  • T1218.005 - Mshta
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1059.003 - Windows Command Shell
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1546.011 - Application Shimming
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
  • T1113 - Screen Capture
  • T1564.003 - Hidden Window
  • T1674 - Input Injection
MITREへのリンク →

APT32

Score: 0.62
Matched TTPs:
  • T1218.005 - Mshta
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1059 - Command and Scripting Interpreter
  • T1203 - Exploitation for Client Execution
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1550.003 - Pass the Ticket
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1552.002 - Credentials in Registry
  • T1070.004 - File Deletion
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1055 - Process Injection
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1569.002 - Service Execution
  • T1112 - Modify Registry
  • T1078.003 - Local Accounts
  • T1564.003 - Hidden Window
MITREへのリンク →

Gamaredon Group

Score: 0.61
Matched TTPs:
  • T1218.005 - Mshta
  • T1091 - Replication Through Removable Media
  • T1059.003 - Windows Command Shell
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1588.002 - Tool
  • T1027.015 - Compression
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.004 - Compile After Delivery
  • T1059.001 - PowerShell
  • T1053.005 - Scheduled Task
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1070.004 - File Deletion
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1559.001 - Component Object Model
  • T1012 - Query Registry
  • T1055 - Process Injection
  • T1027.012 - LNK Icon Smuggling
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1113 - Screen Capture
  • T1564.003 - Hidden Window
MITREへのリンク →

Turla

Score: 0.56
Matched TTPs:
  • T1587.001 - Malware
  • T1059.003 - Windows Command Shell
  • T1562.001 - Disable or Modify Tools
  • T1546.013 - PowerShell Profile
  • T1588.002 - Tool
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1059.001 - PowerShell
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1588.001 - Malware
  • T1547.004 - Winlogon Helper DLL
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1055.001 - Dynamic-link Library Injection
  • T1012 - Query Registry
  • T1055 - Process Injection
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1078.003 - Local Accounts
  • T1584.004 - Server
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る