Trusted Design

GOGGLES (FAMILY)

概要

A family of downloader malware, that retrieves an encoded payload from a fixed location, usually in the form of a file with the .jpg extension. Some variants have just an .exe that acts as a downloader, others have an .exe launcher that runs as a service and then loads an associated .dll of the same name that acts as the downloader. This IOC is targeted at the downloaders only. After downloading the file, the malware decodes the downloaded payload into an .exe file and launches it. The malware usually stages the files it uses in the %TEMP% directory or the %WINDIR%\Temp directory.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 8.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

menuPass

Score: 23.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1588.006 - Vulnerabilities
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1001 - Data Obfuscation
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Wizard Spider

Score: 32.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1001.003 - Protocol or Service Impersonation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1587 - Develop Capabilities
MITREへのリンク →

APT33

Score: 5.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Fox Kitten

Score: 11.23
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1177 - LSASS Driver
  • T1588.001 - Malware
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

CopyKittens

Score: 3.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
MITREへのリンク →

Volt Typhoon

Score: 26.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1013 - Port Monitors
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1059.009 - Cloud API
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1584.002 - DNS Server
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT1

Score: 7.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
MITREへのリンク →

Mustang Panda

Score: 54.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1053.007 - Container Orchestration Job
  • T1218.013 - Mavinject
  • T1013 - Port Monitors
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1588.006 - Vulnerabilities
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Play

Score: 11.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Chimera

Score: 11.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gallmaker

Score: 5.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

Sea Turtle

Score: 6.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 21.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1001.003 - Protocol or Service Impersonation
  • T1564.007 - VBA Stomping
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

RedCurl

Score: 18.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1558.005 - Ccache Files
  • T1059.011 - Lua
MITREへのリンク →

APT5

Score: 4.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
MITREへのリンク →

Agrius

Score: 9.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
MITREへのリンク →

GALLIUM

Score: 9.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 42.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1177 - LSASS Driver
  • T1588.001 - Malware
  • T1059.008 - Network Device CLI
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1001.003 - Protocol or Service Impersonation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 35.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.012 - Print Processors
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 28.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Turla

Score: 27.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

BRONZE BUTLER

Score: 28.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 14.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 52.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1053.007 - Container Orchestration Job
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1496.004 - Cloud Service Hijacking
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 20.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1177 - LSASS Driver
  • T1059.008 - Network Device CLI
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 5.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 21.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1685.005 - Clear Windows Event Logs
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lotus Blossom

Score: 5.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
MITREへのリンク →

FIN13

Score: 15.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Earth Lusca

Score: 25.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 17.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 17.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 11.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Akira

Score: 4.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1597 - Search Closed Sources
MITREへのリンク →

ToddyCat

Score: 6.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 43.61
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1547.012 - Print Processors
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 24.47
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT19

Score: 15.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Carbanak

Score: 7.10
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
MITREへのリンク →

TA551

Score: 14.68
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 11.98
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT32

Score: 35.83
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1484 - Domain or Tenant Policy Modification
MITREへのリンク →

Lazarus Group

Score: 52.46
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1132.001 - Standard Encoding
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1587 - Develop Capabilities
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA505

Score: 24.06
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Sandworm Team

Score: 19.46
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT38

Score: 37.92
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Daggerfly

Score: 9.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1089 - Disabling Security Tools
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 13.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 8.29
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 19.13
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

TeamTNT

Score: 14.99
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 18.45
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 4.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
MITREへのリンク →

Storm-1811

Score: 10.71
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 8.42
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 5.65
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 7.89
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 20.28
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Transparent Tribe

Score: 6.06
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

admin@338

Score: 4.29
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

BackdoorDiplomacy

Score: 13.42
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Ferocious Kitten

Score: 6.24
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

APT29

Score: 23.70
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1177 - LSASS Driver
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Naikon

Score: 6.63
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1588.001 - Malware
MITREへのリンク →

Tropic Trooper

Score: 24.67
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

PROMETHIUM

Score: 7.72
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LuminousMoth

Score: 18.48
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1574.009 - Path Interception by Unquoted Path
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Whitefly

Score: 4.44
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 28.68
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Machete

Score: 7.85
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 16.39
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 10.66
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ember Bear

Score: 10.90
Matched TTPs:
  • T1218.013 - Mavinject
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

Velvet Ant

Score: 7.07
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Silence

Score: 11.24
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1048 - Exfiltration Over Alternative Protocol
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

SideCopy

Score: 13.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1584.002 - DNS Server
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 15.99
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

BlackByte

Score: 23.12
Matched TTPs:
  • T1013 - Port Monitors
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1562.010 - Downgrade Attack
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Contagious Interview

Score: 24.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.010 - Downgrade Attack
  • T1597 - Search Closed Sources
  • T1059.006 - Python
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aoqin Dragon

Score: 9.60
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1058 - Service Registry Permissions Weakness
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

Malteiro

Score: 6.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1587 - Develop Capabilities
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 5.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 9.87
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

RTM

Score: 8.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 6.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 5.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 8.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 5.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 28.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 8.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 12.54
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 3.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Higaisa

Score: 13.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Rancor

Score: 5.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 12.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 9.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 7.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 8.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 12.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 4.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 10.79
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Leviathan

Score: 22.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 5.67
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 12.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 11.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 6.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 8.33
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 12.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cinnamon Tempest

Score: 9.45
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 25.11
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1547.012 - Print Processors
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Winter Vivern

Score: 9.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 9.91
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Deep Panda

Score: 7.55
Matched TTPs:
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 6.54
Matched TTPs:
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

LAPSUS$

Score: 4.80
Matched TTPs:
  • T1136.002 - Domain Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Metador

Score: 3.24
Matched TTPs:
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 10.99
Matched TTPs:
  • T1136.002 - Domain Account
  • T1083 - File and Directory Discovery
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Putter Panda

Score: 4.73
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1583 - Acquire Infrastructure
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1132.001 - Standard Encoding
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1176.001 - Browser Extensions
  • T1055.005 - Thread Local Storage
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
  • T1174 - Password Filter DLL
  • T1606.002 - SAML Tokens
  • T1059.008 - Network Device CLI
  • T1218.013 - Mavinject
  • T1587 - Develop Capabilities
  • T1218.012 - Verclsid
  • T1089 - Disabling Security Tools
  • T1558.005 - Ccache Files
  • T1087.002 - Domain Account
  • T1070.008 - Clear Mailbox Data
  • T1583.006 - Web Services
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustang Panda

Score: 0.75
Matched TTPs:
  • T1588.006 - Vulnerabilities
  • T1136.001 - Local Account
  • T1003 - OS Credential Dumping
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1053.007 - Container Orchestration Job
  • T1013 - Port Monitors
  • T1598.003 - Spearphishing Link
  • T1548.006 - TCC Manipulation
  • T1560.001 - Archive via Utility
  • T1055.005 - Thread Local Storage
  • T1608 - Stage Capabilities
  • T1547.013 - XDG Autostart Entries
  • T1059.011 - Lua
  • T1606.002 - SAML Tokens
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1008 - Fallback Channels
  • T1059.010 - AutoHotKey & AutoIT
  • T1053.007 - Container Orchestration Job
  • T1588.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1176.001 - Browser Extensions
  • T1001 - Data Obfuscation
  • T1560.001 - Archive via Utility
  • T1608 - Stage Capabilities
  • T1547.013 - XDG Autostart Entries
  • T1059.011 - Lua
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1496.004 - Cloud Service Hijacking
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Gamaredon Group

Score: 0.66
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1059.010 - AutoHotKey & AutoIT
  • T1598.003 - Spearphishing Link
  • T1547.012 - Print Processors
  • T1597 - Search Closed Sources
  • T1608 - Stage Capabilities
  • T1547.013 - XDG Autostart Entries
  • T1059.011 - Lua
  • T1546.017 - Udev Rules
  • T1591.003 - Identify Business Tempo
  • T1059.009 - Cloud API
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1058 - Service Registry Permissions Weakness
  • T1562.010 - Downgrade Attack
  • T1059.013 - Container CLI/API
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1583 - Acquire Infrastructure
  • T1008 - Fallback Channels
  • T1588.001 - Malware
  • T1027.007 - Dynamic API Resolution
  • T1598.003 - Spearphishing Link
  • T1176.001 - Browser Extensions
  • T1548.006 - TCC Manipulation
  • T1177 - LSASS Driver
  • T1560.001 - Archive via Utility
  • T1547.013 - XDG Autostart Entries
  • T1059.011 - Lua
  • T1001.003 - Protocol or Service Impersonation
  • T1059.009 - Cloud API
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.008 - Network Device CLI
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る