Trusted Design

GOGGLES (FAMILY)

概要

A family of downloader malware, that retrieves an encoded payload from a fixed location, usually in the form of a file with the .jpg extension. Some variants have just an .exe that acts as a downloader, others have an .exe launcher that runs as a service and then loads an associated .dll of the same name that acts as the downloader. This IOC is targeted at the downloaders only. After downloading the file, the malware decodes the downloaded payload into an .exe file and launches it. The malware usually stages the files it uses in the %TEMP% directory or the %WINDIR%\Temp directory.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 8.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

menuPass

Score: 23.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.004 - InstallUtil
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1055.012 - Process Hollowing
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Wizard Spider

Score: 32.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1036.004 - Masquerade Task or Service
  • T1074 - Data Staged
  • T1562.001 - Disable or Modify Tools
  • T1197 - BITS Jobs
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT33

Score: 5.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Fox Kitten

Score: 11.23
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1546.008 - Accessibility Features
  • T1036.004 - Masquerade Task or Service
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

CopyKittens

Score: 3.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
MITREへのリンク →

Volt Typhoon

Score: 26.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1112 - Modify Registry
  • T1074 - Data Staged
  • T1057 - Process Discovery
  • T1614 - System Location Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

APT1

Score: 7.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 54.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1129 - Shared Modules
  • T1036.007 - Double File Extension
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1036.008 - Masquerade File Type
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1218.004 - InstallUtil
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
MITREへのリンク →

Play

Score: 11.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1030 - Data Transfer Size Limits
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Chimera

Score: 11.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Gallmaker

Score: 5.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sea Turtle

Score: 6.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 21.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1197 - BITS Jobs
  • T1546.010 - AppInit DLLs
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 18.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1202 - Indirect Command Execution
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT5

Score: 4.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
MITREへのリンク →

Agrius

Score: 9.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

GALLIUM

Score: 9.68
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1574.001 - DLL
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 42.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
  • T1036.004 - Masquerade Task or Service
  • T1104 - Multi-Stage Channels
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 35.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 28.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1546.015 - Component Object Model Hijacking
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Turla

Score: 27.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1564.012 - File/Path Exclusions
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

BRONZE BUTLER

Score: 28.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.002 - Right-to-Left Override
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 14.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 52.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.007 - Double File Extension
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1546.001 - Change Default File Association
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT3

Score: 20.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1546.008 - Accessibility Features
  • T1104 - Multi-Stage Channels
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 5.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 21.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.002 - Right-to-Left Override
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Lotus Blossom

Score: 5.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
MITREへのリンク →

FIN13

Score: 15.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.004 - Masquerade Task or Service
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Earth Lusca

Score: 25.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Magic Hound

Score: 17.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 17.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 11.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1074 - Data Staged
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 4.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

ToddyCat

Score: 6.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gamaredon Group

Score: 43.61
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

FIN7

Score: 24.47
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 15.18
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 7.10
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

TA551

Score: 14.68
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 11.98
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

APT32

Score: 35.83
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1564.004 - NTFS File Attributes
MITREへのリンク →

Lazarus Group

Score: 52.46
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.009 - Embedded Payloads
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1055.001 - Dynamic-link Library Injection
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA505

Score: 24.06
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Sandworm Team

Score: 19.46
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

APT38

Score: 37.92
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1036.006 - Space after Filename
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Daggerfly

Score: 9.50
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 13.33
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 8.29
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 19.13
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TeamTNT

Score: 14.99
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA2541

Score: 18.45
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 4.94
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
MITREへのリンク →

Storm-1811

Score: 10.71
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 8.42
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 5.65
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 7.89
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 20.28
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Transparent Tribe

Score: 6.06
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

admin@338

Score: 4.29
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BackdoorDiplomacy

Score: 13.42
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Ferocious Kitten

Score: 6.24
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

APT29

Score: 23.70
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Naikon

Score: 6.63
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

Tropic Trooper

Score: 24.67
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

PROMETHIUM

Score: 7.72
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
  • T1189 - Drive-by Compromise
MITREへのリンク →

LuminousMoth

Score: 18.48
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1030 - Data Transfer Size Limits
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Whitefly

Score: 4.44
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 28.68
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Machete

Score: 7.85
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 16.39
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sidewinder

Score: 10.66
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ember Bear

Score: 10.90
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Velvet Ant

Score: 7.07
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
MITREへのリンク →

Silence

Score: 11.24
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1218.001 - Compiled HTML File
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

SideCopy

Score: 13.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1614 - System Location Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 15.99
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

BlackByte

Score: 23.12
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1480 - Execution Guardrails
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Contagious Interview

Score: 24.28
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1480 - Execution Guardrails
  • T1562.001 - Disable or Modify Tools
  • T1543.001 - Launch Agent
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aoqin Dragon

Score: 9.60
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1091 - Replication Through Removable Media
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Malteiro

Score: 6.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 5.70
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 9.87
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

RTM

Score: 8.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 6.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.004 - Masquerade Task or Service
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 5.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dark Caracal

Score: 8.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

HEXANE

Score: 5.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 28.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 8.00
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 12.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 3.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
MITREへのリンク →

Higaisa

Score: 13.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 5.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 12.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 9.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 7.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 8.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN6

Score: 12.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 4.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 10.79
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

Leviathan

Score: 22.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 5.67
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 12.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Molerats

Score: 11.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 6.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 8.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 12.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cinnamon Tempest

Score: 9.45
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 25.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1559.001 - Component Object Model
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

Winter Vivern

Score: 9.27
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.004 - Masquerade Task or Service
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 9.91
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.004 - Masquerade Task or Service
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Deep Panda

Score: 7.55
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 6.54
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

LAPSUS$

Score: 4.80
Matched TTPs:
  • T1588.001 - Malware
  • T1003.003 - NTDS
MITREへのリンク →

Metador

Score: 3.24
Matched TTPs:
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 10.99
Matched TTPs:
  • T1588.001 - Malware
  • T1074 - Data Staged
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Putter Panda

Score: 4.73
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77
Matched TTPs:
  • T1566.003 - Spearphishing via Service
  • T1218.005 - Mshta
  • T1140 - Deobfuscate/Decode Files or Information
  • T1189 - Drive-by Compromise
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
  • T1218 - System Binary Proxy Execution
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.009 - Embedded Payloads
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1218.011 - Rundll32
  • T1027.007 - Dynamic API Resolution
  • T1105 - Ingress Tool Transfer
  • T1104 - Multi-Stage Channels
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1202 - Indirect Command Execution
  • T1543.003 - Windows Service
  • T1055.001 - Dynamic-link Library Injection
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Mustang Panda

Score: 0.75
Matched TTPs:
  • T1129 - Shared Modules
  • T1036.007 - Double File Extension
  • T1036.008 - Masquerade File Type
  • T1218.005 - Mshta
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1560.001 - Archive via Utility
  • T1091 - Replication Through Removable Media
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1218.004 - InstallUtil
  • T1027.012 - LNK Icon Smuggling
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1003.003 - NTDS
  • T1057 - Process Discovery
  • T1027.007 - Dynamic API Resolution
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1218.005 - Mshta
  • T1102.001 - Dead Drop Resolver
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1560.001 - Archive via Utility
  • T1027 - Obfuscated Files or Information
  • T1112 - Modify Registry
  • T1027.012 - LNK Icon Smuggling
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.010 - Regsvr32
  • T1204.002 - Malicious File
  • T1055.012 - Process Hollowing
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1218.011 - Rundll32
  • T1176.001 - Browser Extensions
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1543.003 - Windows Service
  • T1546.001 - Change Default File Association
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Gamaredon Group

Score: 0.66
Matched TTPs:
  • T1480 - Execution Guardrails
  • T1027.004 - Compile After Delivery
  • T1218.005 - Mshta
  • T1027.015 - Compression
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1091 - Replication Through Removable Media
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1027.012 - LNK Icon Smuggling
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1559.001 - Component Object Model
  • T1057 - Process Discovery
  • T1218.011 - Rundll32
  • T1105 - Ingress Tool Transfer
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1102.001 - Dead Drop Resolver
  • T1560.001 - Archive via Utility
  • T1546.008 - Accessibility Features
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1197 - BITS Jobs
  • T1569.002 - Service Execution
  • T1112 - Modify Registry
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
  • T1003.003 - NTDS
  • T1036.004 - Masquerade Task or Service
  • T1218.011 - Rundll32
  • T1105 - Ingress Tool Transfer
  • T1104 - Multi-Stage Channels
  • T1543.003 - Windows Service
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る