Trusted Design

AURIGA (FAMILY)

概要

The AURIGA malware family shares a large amount of functionality with the BANGAT backdoor. The malware family contains functionality for keystroke logging, creating and killing processes, performing file system and registry modifications, spawning interactive command shells, performing process injection, logging off the current user or shutting down the local machine. The AURIGA malware contains a driver component which is used to inject the malware DLL into other processes. This driver can also perform process and IP connection hiding. The malware family will create a copy of cmd.exe to perform its C2 activity, and replace the "Microsoft corp" strings in the cmd.exe binary with different values. The malware family typically maintains persistence through installing itself as a service.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 31.72
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.015 - Compression
MITREへのリンク →

FIN7

Score: 33.50
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1546.011 - Application Shimming
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

APT19

Score: 11.22
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 38.72
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1546.001 - Change Default File Association
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

UNC3886

Score: 18.80
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Carbanak

Score: 7.60
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
MITREへのリンク →

APT3

Score: 14.81
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Magic Hound

Score: 10.80
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
MITREへのリンク →

TA551

Score: 7.02
Matched TTPs:
  • T1218.011 - Rundll32
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
MITREへのリンク →

Blue Mockingbird

Score: 19.35
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Wizard Spider

Score: 24.05
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT32

Score: 33.18
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1552.002 - Credentials in Registry
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Lazarus Group

Score: 49.19
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1547.009 - Shortcut Modification
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.007 - Dynamic API Resolution
  • T1055.001 - Dynamic-link Library Injection
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 20.14
Matched TTPs:
  • T1218.011 - Rundll32
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1027.002 - Software Packing
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

APT41

Score: 39.22
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.004 - Unix Shell
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sandworm Team

Score: 16.83
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1003.003 - NTDS
MITREへのリンク →

APT28

Score: 35.95
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1546.015 - Component Object Model Hijacking
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1137.002 - Office Test
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
MITREへのリンク →

HAFNIUM

Score: 12.59
Matched TTPs:
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

APT38

Score: 42.77
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1036.006 - Space after Filename
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Daggerfly

Score: 7.46
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
MITREへのリンク →

RedCurl

Score: 16.02
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1552.002 - Credentials in Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1056.002 - GUI Input Capture
  • T1070.004 - File Deletion
MITREへのリンク →

LazyScripter

Score: 7.94
Matched TTPs:
  • T1218.011 - Rundll32
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1547.001 - Registry Run Keys / Startup Folder
MITREへのリンク →

Aquatic Panda

Score: 15.31
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
MITREへのリンク →

Storm-0501

Score: 8.25
Matched TTPs:
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1027.002 - Software Packing
MITREへのリンク →

MuddyWater

Score: 23.56
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustang Panda

Score: 40.57
Matched TTPs:
  • T1129 - Shared Modules
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1218.004 - InstallUtil
  • T1106 - Native API
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
MITREへのリンク →

Rocke

Score: 24.19
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TeamTNT

Score: 23.40
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Turla

Score: 41.53
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1553.006 - Code Signing Policy Modification
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

Volt Typhoon

Score: 21.03
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1059.004 - Unix Shell
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1003.003 - NTDS
MITREへのリンク →

BRONZE BUTLER

Score: 11.87
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA2541

Score: 16.60
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 7.50
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547 - Boot or Logon Autostart Execution
  • T1112 - Modify Registry
MITREへのリンク →

Storm-1811

Score: 7.75
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1547.001 - Registry Run Keys / Startup Folder
MITREへのリンク →

Indrik Spider

Score: 12.94
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1136 - Create Account
MITREへのリンク →

WIRTE

Score: 5.45
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Patchwork

Score: 12.39
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Earth Lusca

Score: 12.79
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1057 - Process Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 6.52
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.001 - Malware
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Akira

Score: 5.53
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT29

Score: 25.03
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1546.008 - Accessibility Features
  • T1218.005 - Mshta
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1562.008 - Disable or Modify Cloud Logs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1078.003 - Local Accounts
MITREへのリンク →

Chimera

Score: 17.83
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1556.001 - Domain Controller Authentication
  • T1070.004 - File Deletion
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 14.20
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Tropic Trooper

Score: 25.00
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1106 - Native API
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

PROMETHIUM

Score: 6.94
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1078.003 - Local Accounts
MITREへのリンク →

INC Ransom

Score: 9.30
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
MITREへのリンク →

LuminousMoth

Score: 11.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1547.001 - Registry Run Keys / Startup Folder
MITREへのリンク →

OilRig

Score: 17.78
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
MITREへのリンク →

Machete

Score: 4.42
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.007 - Msiexec
MITREへのリンク →

Darkhotel

Score: 9.95
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 5.11
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.001 - Malware
  • T1057 - Process Discovery
MITREへのリンク →

Sidewinder

Score: 7.69
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

menuPass

Score: 16.13
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.004 - InstallUtil
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1003.003 - NTDS
MITREへのリンク →

Ember Bear

Score: 10.10
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

APT39

Score: 28.81
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1553.006 - Code Signing Policy Modification
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1012 - Query Registry
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Velvet Ant

Score: 13.29
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

APT5

Score: 6.49
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

Silence

Score: 12.70
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
MITREへのリンク →

Fox Kitten

Score: 9.00
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1546.008 - Accessibility Features
  • T1012 - Query Registry
  • T1003.003 - NTDS
MITREへのリンク →

ToddyCat

Score: 4.94
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1057 - Process Discovery
MITREへのリンク →

SideCopy

Score: 5.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1218.005 - Mshta
MITREへのリンク →

FIN13

Score: 8.35
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1003.003 - NTDS
MITREへのリンク →

Moonstone Sleet

Score: 7.27
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1569.002 - Service Execution
MITREへのリンク →

Contagious Interview

Score: 18.39
Matched TTPs:
  • T1587.001 - Malware
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1543.001 - Launch Agent
  • T1070.004 - File Deletion
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 5.94
Matched TTPs:
  • T1587.001 - Malware
  • T1136 - Create Account
MITREへのリンク →

Play

Score: 9.46
Matched TTPs:
  • T1587.001 - Malware
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 8.68
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Medusa Group

Score: 32.14
Matched TTPs:
  • T1543.003 - Windows Service
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

DarkVishnya

Score: 4.53
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
MITREへのリンク →

Lotus Blossom

Score: 6.00
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1012 - Query Registry
MITREへのリンク →

BlackByte

Score: 19.40
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
MITREへのリンク →

Threat Group-3390

Score: 16.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

Agrius

Score: 5.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Cobalt Group

Score: 17.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Cinnamon Tempest

Score: 3.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Molerats

Score: 10.73
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 6.12
Matched TTPs:
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

ZIRCONIUM

Score: 10.35
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1012 - Query Registry
  • T1027.002 - Software Packing
MITREへのリンク →

Higaisa

Score: 11.22
Matched TTPs:
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Gorgon Group

Score: 16.44
Matched TTPs:
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

BlackTech

Score: 3.78
Matched TTPs:
  • T1106 - Native API
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 12.58
Matched TTPs:
  • T1106 - Native API
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Leviathan

Score: 19.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 4.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

PLATINUM

Score: 7.00
Matched TTPs:
  • T1055 - Process Injection
  • T1056.004 - Credential API Hooking
MITREへのリンク →

Dragonfly

Score: 10.49
Matched TTPs:
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1003.003 - NTDS
MITREへのリンク →

Saint Bear

Score: 7.17
Matched TTPs:
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

FIN8

Score: 10.58
Matched TTPs:
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.004 - File Deletion
MITREへのリンク →

Deep Panda

Score: 7.55
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 9.32
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
  • T1001.002 - Steganography
MITREへのリンク →

LAPSUS$

Score: 4.80
Matched TTPs:
  • T1588.001 - Malware
  • T1003.003 - NTDS
MITREへのリンク →

Metador

Score: 6.67
Matched TTPs:
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.004 - File Deletion
MITREへのリンク →

Andariel

Score: 5.47
Matched TTPs:
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Scattered Spider

Score: 13.27
Matched TTPs:
  • T1588.001 - Malware
  • T1059.004 - Unix Shell
  • T1562.001 - Disable or Modify Tools
  • T1136 - Create Account
  • T1003.003 - NTDS
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

Inception

Score: 9.30
Matched TTPs:
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 5.04
Matched TTPs:
  • T1218.005 - Mshta
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

CURIUM

Score: 3.84
Matched TTPs:
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
MITREへのリンク →

Stealth Falcon

Score: 3.75
Matched TTPs:
  • T1057 - Process Discovery
  • T1012 - Query Registry
MITREへのリンク →

HEXANE

Score: 4.35
Matched TTPs:
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

APT33

Score: 5.53
Matched TTPs:
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RTM

Score: 4.49
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN6

Score: 9.12
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Putter Panda

Score: 5.93
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Dark Caracal

Score: 3.26
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1027.002 - Software Packing
MITREへのリンク →

FIN10

Score: 5.25
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Sea Turtle

Score: 6.99
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1203 - Exploitation for Client Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

GALLIUM

Score: 5.34
Matched TTPs:
  • T1036.003 - Rename Legitimate Utilities
  • T1027.002 - Software Packing
MITREへのリンク →

The White Company

Score: 4.93
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1027.007 - Dynamic API Resolution
  • T1070.004 - File Deletion
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1547.009 - Shortcut Modification
  • T1055.001 - Dynamic-link Library Injection
  • T1543.003 - Windows Service
  • T1218.005 - Mshta
  • T1036.003 - Rename Legitimate Utilities
  • T1529 - System Shutdown/Reboot
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218 - System Binary Proxy Execution
  • T1106 - Native API
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Turla

Score: 0.70
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1553.006 - Code Signing Policy Modification
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1106 - Native API
  • T1588.001 - Malware
  • T1055.001 - Dynamic-link Library Injection
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1112 - Modify Registry
  • T1546.013 - PowerShell Profile
  • T1078.003 - Local Accounts
  • T1547.004 - Winlogon Helper DLL
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

APT38

Score: 0.67
Matched TTPs:
  • T1480.002 - Mutual Exclusion
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1070.004 - File Deletion
  • T1036.006 - Space after Filename
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1027.002 - Software Packing
  • T1218.011 - Rundll32
  • T1529 - System Shutdown/Reboot
  • T1569.002 - Service Execution
  • T1218.005 - Mshta
  • T1036.003 - Rename Legitimate Utilities
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1055 - Process Injection
  • T1569.002 - Service Execution
  • T1012 - Query Registry
  • T1102.001 - Dead Drop Resolver
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.011 - Rundll32
  • T1059.004 - Unix Shell
  • T1203 - Exploitation for Client Execution
  • T1003.003 - NTDS
  • T1014 - Rootkit
  • T1480.001 - Environmental Keying
  • T1027.002 - Software Packing
  • T1070.004 - File Deletion
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1129 - Shared Modules
  • T1106 - Native API
  • T1070.004 - File Deletion
  • T1027.007 - Dynamic API Resolution
  • T1218.004 - InstallUtil
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1003.003 - NTDS
  • T1203 - Exploitation for Client Execution
  • T1218.005 - Mshta
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1674 - Input Injection
  • T1219 - Remote Access Tools
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.011 - Rundll32
  • T1078.003 - Local Accounts
  • T1569.002 - Service Execution
  • T1218.005 - Mshta
  • T1546.011 - Application Shimming
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1102.001 - Dead Drop Resolver
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.011 - Rundll32
  • T1546.001 - Change Default File Association
  • T1218.010 - Regsvr32
  • T1078.003 - Local Accounts
  • T1218.005 - Mshta
  • T1027.002 - Software Packing
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Medusa Group

Score: 0.56
Matched TTPs:
  • T1057 - Process Discovery
  • T1106 - Native API
  • T1559.001 - Component Object Model
  • T1070.004 - File Deletion
  • T1218.014 - MMC
  • T1219 - Remote Access Tools
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1003.003 - NTDS
  • T1529 - System Shutdown/Reboot
  • T1569.002 - Service Execution
  • T1027.002 - Software Packing
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1550.001 - Application Access Token
  • T1070.004 - File Deletion
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1546.015 - Component Object Model Hijacking
  • T1137.002 - Office Test
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1003.003 - NTDS
  • T1203 - Exploitation for Client Execution
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1091 - Replication Through Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る