Trusted Design

WEBC2-CLOVER (FAMILY)

概要

A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The family of malware provides the attacker with an interactive command shell, the ability to upload and download files, execute commands on the system, list processes and DLLs, kill processes, and ping hosts on the local network. Responses to these commands are encrypted and compressed before being POSTed to the server. Some variants copy cmd.exe to Updatasched.exe in a temporary directory, and then may launch that in a process if an interactive shell is called. On initial invocation, the malware also attempts to delete previous copies of the Updatasched.exe file.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 15.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1078.003 - Local Accounts
MITREへのリンク →

menuPass

Score: 30.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.004 - InstallUtil
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1055.012 - Process Hollowing
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Wizard Spider

Score: 39.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1055.001 - Dynamic-link Library Injection
  • T1490 - Inhibit System Recovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 10.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Fox Kitten

Score: 21.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

CopyKittens

Score: 7.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1560.003 - Archive via Custom Method
  • T1059.001 - PowerShell
MITREへのリンク →

Volt Typhoon

Score: 30.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1614 - System Location Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1680 - Local Storage Discovery
MITREへのリンク →

APT1

Score: 5.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Mustang Panda

Score: 64.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1129 - Shared Modules
  • T1560.003 - Archive via Custom Method
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.004 - InstallUtil
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1678 - Delay Execution
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 13.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Chimera

Score: 27.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1680 - Local Storage Discovery
MITREへのリンク →

Gallmaker

Score: 5.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sea Turtle

Score: 12.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1071.001 - Web Protocols
  • T1078.003 - Local Accounts
MITREへのリンク →

APT39

Score: 34.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1102.002 - Bidirectional Communication
  • T1059.006 - Python
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 24.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1202 - Indirect Command Execution
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
MITREへのリンク →

APT5

Score: 13.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Agrius

Score: 13.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1046 - Network Service Discovery
MITREへのリンク →

GALLIUM

Score: 15.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 42.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
  • T1104 - Multi-Stage Channels
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 47.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 41.55
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1025 - Data from Removable Media
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1669 - Wi-Fi Networks
MITREへのリンク →

Turla

Score: 38.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

Sowbug

Score: 6.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1039 - Data from Network Shared Drive
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BRONZE BUTLER

Score: 29.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 18.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1560.003 - Archive via Custom Method
  • T1074.001 - Local Data Staging
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Kimsuky

Score: 69.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1560.003 - Archive via Custom Method
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1546.001 - Change Default File Association
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

APT3

Score: 26.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1546.008 - Accessibility Features
  • T1104 - Multi-Stage Channels
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 18.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Ke3chang

Score: 21.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027 - Obfuscated Files or Information
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Lotus Blossom

Score: 12.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN13

Score: 18.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Earth Lusca

Score: 26.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
MITREへのリンク →

Magic Hound

Score: 30.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aquatic Panda

Score: 17.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 11.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 5.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

ToddyCat

Score: 8.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1680 - Local Storage Discovery
MITREへのリンク →

Gamaredon Group

Score: 59.07
Matched TTPs:
  • T1218.011 - Rundll32
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

FIN7

Score: 45.43
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1546.011 - Application Shimming
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

APT19

Score: 21.70
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Carbanak

Score: 7.41
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

TA551

Score: 15.63
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 18.27
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

APT32

Score: 47.27
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Lazarus Group

Score: 76.97
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.009 - Embedded Payloads
  • T1560.003 - Archive via Custom Method
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1620 - Reflective Code Loading
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1680 - Local Storage Discovery
  • T1055.001 - Dynamic-link Library Injection
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 25.53
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Sandworm Team

Score: 31.52
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT38

Score: 49.21
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1036.006 - Space after Filename
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Daggerfly

Score: 11.49
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1059.001 - PowerShell
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 12.64
Matched TTPs:
  • T1218.011 - Rundll32
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 10.28
Matched TTPs:
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA577

Score: 4.80
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Moonstone Sleet

Score: 16.03
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027 - Obfuscated Files or Information
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

FIN6

Score: 23.53
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1204.002 - Malicious File
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

OilRig

Score: 37.56
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Storm-1811

Score: 14.71
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 35.26
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Sidewinder

Score: 16.75
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN5

Score: 5.62
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1059 - Command and Scripting Interpreter
  • T1070.004 - File Deletion
MITREへのリンク →

Patchwork

Score: 26.90
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TeamTNT

Score: 22.73
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

Indrik Spider

Score: 9.98
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leviathan

Score: 28.05
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

BackdoorDiplomacy

Score: 14.29
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Dragonfly

Score: 21.68
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

TA2541

Score: 19.58
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 6.93
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1071.001 - Web Protocols
MITREへのリンク →

Mustard Tempest

Score: 5.65
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 9.00
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 5.18
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

admin@338

Score: 4.37
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT29

Score: 41.06
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1059.006 - Python
  • T1027.006 - HTML Smuggling
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Naikon

Score: 6.63
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1046 - Network Service Discovery
MITREへのリンク →

Tropic Trooper

Score: 38.14
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

PROMETHIUM

Score: 9.50
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

LuminousMoth

Score: 9.84
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Whitefly

Score: 6.78
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1059 - Command and Scripting Interpreter
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 10.27
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 15.34
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ember Bear

Score: 11.97
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1046 - Network Service Discovery
MITREへのリンク →

Velvet Ant

Score: 12.19
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Poseidon Group

Score: 3.45
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Silence

Score: 19.03
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

SideCopy

Score: 12.88
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1614 - System Location Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 28.00
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Malteiro

Score: 5.28
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 4.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 24.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1543.001 - Launch Agent
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

RTM

Score: 8.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 3.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 8.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1505.003 - Web Shell
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dark Caracal

Score: 9.34
Matched TTPs:
  • T1204.002 - Malicious File
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

PLATINUM

Score: 10.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

HEXANE

Score: 10.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 9.84
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 28.17
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Higaisa

Score: 16.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1680 - Local Storage Discovery
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 6.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 28.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1218.008 - Odbcconf
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 12.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

EXOTIC LILY

Score: 4.25
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 11.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

TA459

Score: 3.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 3.32
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 17.00
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 9.70
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 9.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Molerats

Score: 13.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 3.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Confucius

Score: 11.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

BlackTech

Score: 5.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
MITREへのリンク →

Windshift

Score: 9.53
Matched TTPs:
  • T1204.002 - Malicious File
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 41.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1559.001 - Component Object Model
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

DarkVishnya

Score: 4.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.001 - PowerShell
  • T1046 - Network Service Discovery
MITREへのリンク →

BlackByte

Score: 30.23
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cinnamon Tempest

Score: 10.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Evilnum

Score: 3.89
Matched TTPs:
  • T1574.001 - DLL
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 12.53
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1102.002 - Bidirectional Communication
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Winter Vivern

Score: 9.39
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Deep Panda

Score: 10.11
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Leafminer

Score: 9.93
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
MITREへのリンク →

Axiom

Score: 15.62
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

Stealth Falcon

Score: 5.85
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1071.001 - Web Protocols
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1189 - Drive-by Compromise
MITREへのリンク →

Scattered Spider

Score: 13.13
Matched TTPs:
  • T1204 - User Execution
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

LAPSUS$

Score: 6.47
Matched TTPs:
  • T1204 - User Execution
  • T1003.003 - NTDS
MITREへのリンク →

Thrip

Score: 3.55
Matched TTPs:
  • T1059.001 - PowerShell
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN10

Score: 7.01
Matched TTPs:
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

Putter Panda

Score: 5.93
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT18

Score: 5.51
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 4.30
Matched TTPs:
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1560.003 - Archive via Custom Method
  • T1055.001 - Dynamic-link Library Injection
  • T1620 - Reflective Code Loading
  • T1057 - Process Discovery
  • T1104 - Multi-Stage Channels
  • T1046 - Network Service Discovery
  • T1074.001 - Local Data Staging
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1202 - Indirect Command Execution
  • T1027.009 - Embedded Payloads
  • T1562.001 - Disable or Modify Tools
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218 - System Binary Proxy Execution
  • T1105 - Ingress Tool Transfer
  • T1218.005 - Mshta
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.007 - Dynamic API Resolution
  • T1036.003 - Rename Legitimate Utilities
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1059.003 - Windows Command Shell
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.013 - KernelCallbackTable
  • T1543.003 - Windows Service
  • T1189 - Drive-by Compromise
  • T1680 - Local Storage Discovery
  • T1529 - System Shutdown/Reboot
  • T1071.001 - Web Protocols
  • T1547.001 - Registry Run Keys / Startup Folder
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1027.012 - LNK Icon Smuggling
  • T1102.002 - Bidirectional Communication
  • T1560.003 - Archive via Custom Method
  • T1620 - Reflective Code Loading
  • T1057 - Process Discovery
  • T1074.001 - Local Data Staging
  • T1218.011 - Rundll32
  • T1055.012 - Process Hollowing
  • T1218.010 - Regsvr32
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
  • T1546.001 - Change Default File Association
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1070.004 - File Deletion
  • T1027 - Obfuscated Files or Information
  • T1560.001 - Archive via Utility
  • T1059.003 - Windows Command Shell
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1543.003 - Windows Service
  • T1680 - Local Storage Discovery
  • T1071.001 - Web Protocols
  • T1059.006 - Python
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1078.003 - Local Accounts
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1027.012 - LNK Icon Smuggling
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1560.003 - Archive via Custom Method
  • T1057 - Process Discovery
  • T1046 - Network Service Discovery
  • T1074.001 - Local Data Staging
  • T1574.001 - DLL
  • T1059 - Command and Scripting Interpreter
  • T1505.003 - Web Shell
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
  • T1129 - Shared Modules
  • T1218.005 - Mshta
  • T1003.003 - NTDS
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.007 - Dynamic API Resolution
  • T1027 - Obfuscated Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1560.001 - Archive via Utility
  • T1059.003 - Windows Command Shell
  • T1218.004 - InstallUtil
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.001 - Web Protocols
  • T1678 - Delay Execution
  • T1547.001 - Registry Run Keys / Startup Folder
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1027.012 - LNK Icon Smuggling
  • T1102.002 - Bidirectional Communication
  • T1620 - Reflective Code Loading
  • T1057 - Process Discovery
  • T1025 - Data from Removable Media
  • T1218.011 - Rundll32
  • T1559.001 - Component Object Model
  • T1562.001 - Disable or Modify Tools
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1027.015 - Compression
  • T1608.001 - Upload Malware
  • T1102.003 - One-Way Communication
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1070.004 - File Deletion
  • T1027 - Obfuscated Files or Information
  • T1059.003 - Windows Command Shell
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1027.004 - Compile After Delivery
  • T1071.001 - Web Protocols
  • T1547.001 - Registry Run Keys / Startup Folder
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る