Trusted Design

WEBC2-CLOVER (FAMILY)

概要

A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The family of malware provides the attacker with an interactive command shell, the ability to upload and download files, execute commands on the system, list processes and DLLs, kill processes, and ping hosts on the local network. Responses to these commands are encrypted and compressed before being POSTed to the server. Some variants copy cmd.exe to Updatasched.exe in a temporary directory, and then may launch that in a process if an interactive shell is called. On initial invocation, the malware also attempts to delete previous copies of the Updatasched.exe file.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 15.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 30.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1588.006 - Vulnerabilities
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1542.004 - ROMMONkit
  • T1001 - Data Obfuscation
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Wizard Spider

Score: 39.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1116 - Code Signing
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1587 - Develop Capabilities
  • T1204.001 - Malicious Link
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 10.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 21.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1542.004 - ROMMONkit
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

CopyKittens

Score: 7.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1016.001 - Internet Connection Discovery
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Volt Typhoon

Score: 30.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1584.002 - DNS Server
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 5.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1591.004 - Identify Roles
MITREへのリンク →

Mustang Panda

Score: 64.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1016.001 - Internet Connection Discovery
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1588.006 - Vulnerabilities
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1593.002 - Search Engines
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1169 - Sudo
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 13.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 27.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1542.004 - ROMMONkit
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1665 - Hide Infrastructure
MITREへのリンク →

Gallmaker

Score: 5.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
MITREへのリンク →

Sea Turtle

Score: 12.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1555.003 - Credentials from Web Browsers
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1556.005 - Reversible Encryption
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 34.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

RedCurl

Score: 24.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1558.005 - Ccache Files
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

APT5

Score: 13.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Agrius

Score: 13.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 15.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 42.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1177 - LSASS Driver
  • T1059.008 - Network Device CLI
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 47.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1547.012 - Print Processors
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 41.55
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1552.005 - Cloud Instance Metadata API
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1205.001 - Port Knocking
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Turla

Score: 38.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sowbug

Score: 6.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1542.004 - ROMMONkit
  • T1591.004 - Identify Roles
MITREへのリンク →

BRONZE BUTLER

Score: 29.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 18.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1016.001 - Internet Connection Discovery
  • T1116 - Code Signing
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Kimsuky

Score: 69.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1016.001 - Internet Connection Discovery
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1496.004 - Cloud Service Hijacking
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 26.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1116 - Code Signing
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1177 - LSASS Driver
  • T1059.008 - Network Device CLI
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 18.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1027.017 - SVG Smuggling
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 21.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1059.011 - Lua
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lotus Blossom

Score: 12.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1116 - Code Signing
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1209 - Time Providers
MITREへのリンク →

FIN13

Score: 18.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Earth Lusca

Score: 26.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 30.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1547.002 - Authentication Package
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 17.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 11.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Akira

Score: 5.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
MITREへのリンク →

ToddyCat

Score: 8.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

Gamaredon Group

Score: 59.07
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 45.43
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555 - Credentials from Password Stores
  • T1205 - Traffic Signaling
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT19

Score: 21.70
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Carbanak

Score: 7.41
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1547.002 - Authentication Package
MITREへのリンク →

TA551

Score: 15.63
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 18.27
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

APT32

Score: 47.27
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Lazarus Group

Score: 76.97
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1132.001 - Standard Encoding
  • T1016.001 - Internet Connection Discovery
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1205 - Traffic Signaling
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1587 - Develop Capabilities
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 25.53
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Sandworm Team

Score: 31.52
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1204.001 - Malicious Link
MITREへのリンク →

APT38

Score: 49.21
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Daggerfly

Score: 11.49
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1089 - Disabling Security Tools
  • T1497.002 - User Activity Based Checks
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 12.64
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 10.28
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1204.001 - Malicious Link
MITREへのリンク →

TA577

Score: 4.80
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1591.004 - Identify Roles
MITREへのリンク →

Moonstone Sleet

Score: 16.03
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1679 - Selective Exclusion
  • T1059.011 - Lua
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN6

Score: 23.53
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1087.002 - Domain Account
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

OilRig

Score: 37.56
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Storm-1811

Score: 14.71
Matched TTPs:
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1205.001 - Port Knocking
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 35.26
Matched TTPs:
  • T1116 - Code Signing
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 16.75
Matched TTPs:
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN5

Score: 5.62
Matched TTPs:
  • T1116 - Code Signing
  • T1055.013 - Process Doppelgänging
  • T1070.009 - Clear Persistence
MITREへのリンク →

Patchwork

Score: 26.90
Matched TTPs:
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 22.73
Matched TTPs:
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

Indrik Spider

Score: 9.98
Matched TTPs:
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 28.05
Matched TTPs:
  • T1116 - Code Signing
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

BackdoorDiplomacy

Score: 14.29
Matched TTPs:
  • T1116 - Code Signing
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1059.011 - Lua
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

Dragonfly

Score: 21.68
Matched TTPs:
  • T1116 - Code Signing
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TA2541

Score: 19.58
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 6.93
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Mustard Tempest

Score: 5.65
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 9.00
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 5.18
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

admin@338

Score: 4.37
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

APT29

Score: 41.06
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1070.009 - Clear Persistence
  • T1555.004 - Windows Credential Manager
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Naikon

Score: 6.63
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1679 - Selective Exclusion
  • T1209 - Time Providers
MITREへのリンク →

Tropic Trooper

Score: 38.14
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

PROMETHIUM

Score: 9.50
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1679 - Selective Exclusion
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

LuminousMoth

Score: 9.84
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Whitefly

Score: 6.78
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1055.013 - Process Doppelgänging
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 10.27
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 15.34
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ember Bear

Score: 11.97
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1209 - Time Providers
MITREへのリンク →

Velvet Ant

Score: 12.19
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Poseidon Group

Score: 3.45
Matched TTPs:
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Silence

Score: 19.03
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1048 - Exfiltration Over Alternative Protocol
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

SideCopy

Score: 12.88
Matched TTPs:
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1584.002 - DNS Server
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 28.00
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Malteiro

Score: 5.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1587 - Develop Capabilities
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 4.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Contagious Interview

Score: 24.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1556 - Modify Authentication Process
MITREへのリンク →

RTM

Score: 8.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1679 - Selective Exclusion
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 3.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 8.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1555.003 - Credentials from Web Browsers
  • T1205.001 - Port Knocking
  • T1497.002 - User Activity Based Checks
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dark Caracal

Score: 9.34
Matched TTPs:
  • T1087.002 - Domain Account
  • T1679 - Selective Exclusion
  • T1048 - Exfiltration Over Alternative Protocol
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

PLATINUM

Score: 10.33
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 10.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 9.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 28.17
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Higaisa

Score: 16.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
  • T1546.017 - Udev Rules
MITREへのリンク →

Rancor

Score: 6.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 28.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 12.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

EXOTIC LILY

Score: 4.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 11.98
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

TA459

Score: 3.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 3.32
Matched TTPs:
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 17.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 9.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 9.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 13.09
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

The White Company

Score: 3.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Confucius

Score: 11.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackTech

Score: 5.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

Windshift

Score: 9.53
Matched TTPs:
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 41.74
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1547.012 - Print Processors
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

DarkVishnya

Score: 4.50
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1497.002 - User Activity Based Checks
  • T1209 - Time Providers
MITREへのリンク →

BlackByte

Score: 30.23
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

Cinnamon Tempest

Score: 10.11
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 3.89
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 12.53
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 9.39
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Deep Panda

Score: 10.11
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Leafminer

Score: 9.93
Matched TTPs:
  • T1101 - Security Support Provider
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

Axiom

Score: 15.62
Matched TTPs:
  • T1177 - LSASS Driver
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Stealth Falcon

Score: 5.85
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Scattered Spider

Score: 13.13
Matched TTPs:
  • T1619 - Cloud Storage Object Discovery
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1204.001 - Malicious Link
MITREへのリンク →

LAPSUS$

Score: 6.47
Matched TTPs:
  • T1619 - Cloud Storage Object Discovery
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Thrip

Score: 3.55
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN10

Score: 7.01
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Putter Panda

Score: 5.93
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
MITREへのリンク →

APT18

Score: 5.51
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 4.30
Matched TTPs:
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77
Matched TTPs:
  • T1216 - System Script Proxy Execution
  • T1055.005 - Thread Local Storage
  • T1070.008 - Clear Mailbox Data
  • T1547.002 - Authentication Package
  • T1556 - Modify Authentication Process
  • T1556.005 - Reversible Encryption
  • T1070.009 - Clear Persistence
  • T1218.013 - Mavinject
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1069.001 - Local Groups
  • T1591.004 - Identify Roles
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
  • T1597 - Search Closed Sources
  • T1679 - Selective Exclusion
  • T1497.002 - User Activity Based Checks
  • T1174 - Password Filter DLL
  • T1116 - Code Signing
  • T1016.001 - Internet Connection Discovery
  • T1583.006 - Web Services
  • T1132.001 - Standard Encoding
  • T1205 - Traffic Signaling
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
  • T1218.010 - Regsvr32
  • T1558.005 - Ccache Files
  • T1665 - Hide Infrastructure
  • T1209 - Time Providers
  • T1059.008 - Network Device CLI
  • T1089 - Disabling Security Tools
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1001 - Data Obfuscation
  • T1555.003 - Credentials from Web Browsers
  • T1684 - Social Engineering
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1070.009 - Clear Persistence
  • T1218.013 - Mavinject
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1591.004 - Identify Roles
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1560.001 - Archive via Utility
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1679 - Selective Exclusion
  • T1496.004 - Cloud Service Hijacking
  • T1497.002 - User Activity Based Checks
  • T1116 - Code Signing
  • T1608 - Stage Capabilities
  • T1016.001 - Internet Connection Discovery
  • T1583.006 - Web Services
  • T1205 - Traffic Signaling
  • T1176.001 - Browser Extensions
  • T1490 - Inhibit System Recovery
  • T1027.004 - Compile After Delivery
  • T1059.011 - Lua
  • T1008 - Fallback Channels
  • T1665 - Hide Infrastructure
  • T1059.009 - Cloud API
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1169 - Sudo
  • T1055.005 - Thread Local Storage
  • T1555.003 - Credentials from Web Browsers
  • T1556 - Modify Authentication Process
  • T1556.005 - Reversible Encryption
  • T1070.009 - Clear Persistence
  • T1218.013 - Mavinject
  • T1087.002 - Domain Account
  • T1591.004 - Identify Roles
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1560.001 - Archive via Utility
  • T1091 - Replication Through Removable Media
  • T1679 - Selective Exclusion
  • T1497.002 - User Activity Based Checks
  • T1116 - Code Signing
  • T1608 - Stage Capabilities
  • T1016.001 - Internet Connection Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1588.006 - Vulnerabilities
  • T1055.013 - Process Doppelgänging
  • T1059.011 - Lua
  • T1593.002 - Search Engines
  • T1003 - OS Credential Dumping
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
  • T1089 - Disabling Security Tools
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1547.012 - Print Processors
  • T1684 - Social Engineering
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1070.009 - Clear Persistence
  • T1218.013 - Mavinject
  • T1059.013 - Container CLI/API
  • T1542.004 - ROMMONkit
  • T1583 - Acquire Infrastructure
  • T1087.002 - Domain Account
  • T1601.001 - Patch System Image
  • T1591.004 - Identify Roles
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1679 - Selective Exclusion
  • T1497.002 - User Activity Based Checks
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1205 - Traffic Signaling
  • T1546.017 - Udev Rules
  • T1554 - Compromise Host Software Binary
  • T1059.011 - Lua
  • T1059.009 - Cloud API
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る