Trusted Design

AURIGA (FAMILY)

概要

The AURIGA malware family shares a large amount of functionality with the BANGAT backdoor. The malware family contains functionality for keystroke logging, creating and killing processes, performing file system and registry modifications, spawning interactive command shells, performing process injection, logging off the current user or shutting down the local machine. The AURIGA malware contains a driver component which is used to inject the malware DLL into other processes. This driver can also perform process and IP connection hiding. The malware family will create a copy of cmd.exe to perform its C2 activity, and replace the "Microsoft corp" strings in the cmd.exe binary with different values. The malware family typically maintains persistence through installing itself as a service.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 31.72
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 33.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1555 - Credentials from Password Stores
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT19

Score: 11.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Kimsuky

Score: 38.72
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1496.004 - Cloud Service Hijacking
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

UNC3886

Score: 18.80
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Carbanak

Score: 7.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
MITREへのリンク →

APT3

Score: 14.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Magic Hound

Score: 10.80
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
MITREへのリンク →

TA551

Score: 7.02
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Blue Mockingbird

Score: 19.35
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1204 - User Execution
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

Wizard Spider

Score: 24.05
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1587 - Develop Capabilities
MITREへのリンク →

APT32

Score: 33.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1608.004 - Drive-by Target
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Lazarus Group

Score: 49.19
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1587 - Develop Capabilities
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 20.14
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1587 - Develop Capabilities
MITREへのリンク →

APT41

Score: 39.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1177 - LSASS Driver
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

Sandworm Team

Score: 16.83
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT28

Score: 35.95
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1205.001 - Port Knocking
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1588.003 - Code Signing Certificates
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

HAFNIUM

Score: 12.59
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT38

Score: 42.77
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1059.005 - Visual Basic
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Daggerfly

Score: 7.46
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 16.02
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1608.004 - Drive-by Target
  • T1679 - Selective Exclusion
  • T1574.010 - Services File Permissions Weakness
  • T1070.009 - Clear Persistence
MITREへのリンク →

LazyScripter

Score: 7.94
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
MITREへのリンク →

Aquatic Panda

Score: 15.31
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
MITREへのリンク →

Storm-0501

Score: 8.25
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

MuddyWater

Score: 23.56
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustang Panda

Score: 40.57
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1588.006 - Vulnerabilities
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1593.002 - Search Engines
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
MITREへのリンク →

Rocke

Score: 24.19
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 23.40
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Turla

Score: 41.53
Matched TTPs:
  • T1014 - Rootkit
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1021 - Remote Services
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 21.03
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1686.002 - Network Device Firewall
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 11.87
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1008 - Fallback Channels
MITREへのリンク →

TA2541

Score: 16.60
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 7.50
Matched TTPs:
  • T1218.013 - Mavinject
  • T1110.002 - Password Cracking
  • T1059.009 - Cloud API
MITREへのリンク →

Storm-1811

Score: 7.75
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1205.001 - Port Knocking
  • T1679 - Selective Exclusion
MITREへのリンク →

Indrik Spider

Score: 12.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1498 - Network Denial of Service
MITREへのリンク →

WIRTE

Score: 5.45
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Patchwork

Score: 12.39
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
MITREへのリンク →

Earth Lusca

Score: 12.79
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
MITREへのリンク →

BackdoorDiplomacy

Score: 6.52
Matched TTPs:
  • T1218.013 - Mavinject
  • T1136.002 - Domain Account
  • T1587 - Develop Capabilities
MITREへのリンク →

Akira

Score: 5.53
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
MITREへのリンク →

APT29

Score: 25.03
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1546.018 - Python Startup Hooks
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 17.83
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Ke3chang

Score: 14.20
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tropic Trooper

Score: 25.00
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

PROMETHIUM

Score: 6.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1679 - Selective Exclusion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

INC Ransom

Score: 9.30
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LuminousMoth

Score: 11.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1679 - Selective Exclusion
MITREへのリンク →

OilRig

Score: 17.78
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
MITREへのリンク →

Machete

Score: 4.42
Matched TTPs:
  • T1218.013 - Mavinject
  • T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →

Darkhotel

Score: 9.95
Matched TTPs:
  • T1218.013 - Mavinject
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 5.11
Matched TTPs:
  • T1218.013 - Mavinject
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
MITREへのリンク →

Sidewinder

Score: 7.69
Matched TTPs:
  • T1218.013 - Mavinject
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

menuPass

Score: 16.13
Matched TTPs:
  • T1218.013 - Mavinject
  • T1588.006 - Vulnerabilities
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ember Bear

Score: 10.10
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT39

Score: 28.81
Matched TTPs:
  • T1218.013 - Mavinject
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1021 - Remote Services
  • T1679 - Selective Exclusion
  • T1570 - Lateral Tool Transfer
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 13.29
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 6.49
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
MITREへのリンク →

Silence

Score: 12.70
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Fox Kitten

Score: 9.00
Matched TTPs:
  • T1218.013 - Mavinject
  • T1177 - LSASS Driver
  • T1570 - Lateral Tool Transfer
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ToddyCat

Score: 4.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1583.006 - Web Services
MITREへのリンク →

SideCopy

Score: 5.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1218.012 - Verclsid
MITREへのリンク →

FIN13

Score: 8.35
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 7.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Contagious Interview

Score: 18.39
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1059.006 - Python
  • T1070.009 - Clear Persistence
  • T1651 - Cloud Administration Command
MITREへのリンク →

Salt Typhoon

Score: 5.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 9.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 8.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Medusa Group

Score: 32.14
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1586.002 - Email Accounts
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

DarkVishnya

Score: 4.53
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
MITREへのリンク →

Lotus Blossom

Score: 6.00
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BlackByte

Score: 19.40
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Threat Group-3390

Score: 16.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Agrius

Score: 5.30
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
MITREへのリンク →

Cobalt Group

Score: 17.94
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Cinnamon Tempest

Score: 3.50
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Molerats

Score: 10.73
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1546.017 - Udev Rules
MITREへのリンク →

Rancor

Score: 6.12
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1204 - User Execution
MITREへのリンク →

ZIRCONIUM

Score: 10.35
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Higaisa

Score: 11.22
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Gorgon Group

Score: 16.44
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
MITREへのリンク →

BlackTech

Score: 3.78
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 12.58
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Leviathan

Score: 19.55
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 4.50
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1587 - Develop Capabilities
MITREへのリンク →

PLATINUM

Score: 7.00
Matched TTPs:
  • T1684 - Social Engineering
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Dragonfly

Score: 10.49
Matched TTPs:
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Saint Bear

Score: 7.17
Matched TTPs:
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN8

Score: 10.58
Matched TTPs:
  • T1059.009 - Cloud API
  • T1027.017 - SVG Smuggling
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
MITREへのリンク →

Deep Panda

Score: 7.55
Matched TTPs:
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 9.32
Matched TTPs:
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

LAPSUS$

Score: 4.80
Matched TTPs:
  • T1136.002 - Domain Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Metador

Score: 6.67
Matched TTPs:
  • T1136.002 - Domain Account
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
MITREへのリンク →

Andariel

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

Scattered Spider

Score: 13.27
Matched TTPs:
  • T1136.002 - Domain Account
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1498 - Network Denial of Service
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Inception

Score: 9.30
Matched TTPs:
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 5.04
Matched TTPs:
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

CURIUM

Score: 3.84
Matched TTPs:
  • T1205.001 - Port Knocking
MITREへのリンク →

Stealth Falcon

Score: 3.75
Matched TTPs:
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

HEXANE

Score: 4.35
Matched TTPs:
  • T1583.006 - Web Services
  • T1204 - User Execution
MITREへのリンク →

APT33

Score: 5.53
Matched TTPs:
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

RTM

Score: 4.49
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1008 - Fallback Channels
MITREへのリンク →

FIN6

Score: 9.12
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Putter Panda

Score: 5.93
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
MITREへのリンク →

Dark Caracal

Score: 3.26
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN10

Score: 5.25
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Sea Turtle

Score: 6.99
Matched TTPs:
  • T1686.002 - Network Device Firewall
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

GALLIUM

Score: 5.34
Matched TTPs:
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

The White Company

Score: 4.93
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.78
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1587 - Develop Capabilities
  • T1174 - Password Filter DLL
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1570 - Lateral Tool Transfer
  • T1583 - Acquire Infrastructure
  • T1070.008 - Clear Mailbox Data
  • T1583.006 - Web Services
  • T1216 - System Script Proxy Execution
  • T1218.010 - Regsvr32
  • T1597 - Search Closed Sources
  • T1176.001 - Browser Extensions
  • T1070.009 - Clear Persistence
  • T1069.001 - Local Groups
  • T1218.013 - Mavinject
  • T1050 - New Service
MITREへのリンク →

Turla

Score: 0.70
Matched TTPs:
  • T1136.002 - Domain Account
  • T1490 - Inhibit System Recovery
  • T1590.003 - Network Trust Dependencies
  • T1606.002 - SAML Tokens
  • T1021 - Remote Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1218.013 - Mavinject
  • T1597 - Search Closed Sources
  • T1014 - Rootkit
  • T1587 - Develop Capabilities
  • T1684 - Social Engineering
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
MITREへのリンク →

APT38

Score: 0.67
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1590.003 - Network Trust Dependencies
  • T1216 - System Script Proxy Execution
  • T1059.005 - Visual Basic
  • T1059.010 - AutoHotKey & AutoIT
  • T1685.002 - Disable or Modify Cloud Log
  • T1218.012 - Verclsid
  • T1537 - Transfer Data to Cloud Account
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1027.007 - Dynamic API Resolution
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1583 - Acquire Infrastructure
  • T1503 - Credentials from Web Browsers
  • T1583.006 - Web Services
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
  • T1499.001 - OS Exhaustion Flood
  • T1008 - Fallback Channels
  • T1177 - LSASS Driver
  • T1537 - Transfer Data to Cloud Account
  • T1679 - Selective Exclusion
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1218.013 - Mavinject
  • T1686.002 - Network Device Firewall
  • T1037.001 - Logon Script (Windows)
  • T1027.007 - Dynamic API Resolution
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1583 - Acquire Infrastructure
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1590.003 - Network Trust Dependencies
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1588.006 - Vulnerabilities
  • T1548.006 - TCC Manipulation
  • T1003 - OS Credential Dumping
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1218.013 - Mavinject
  • T1593.002 - Search Engines
  • T1583.006 - Web Services
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1490 - Inhibit System Recovery
  • T1606.002 - SAML Tokens
  • T1586.002 - Email Accounts
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.013 - Mavinject
  • T1027.007 - Dynamic API Resolution
  • T1176.001 - Browser Extensions
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1555 - Credentials from Password Stores
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
  • T1496.004 - Cloud Service Hijacking
  • T1606.002 - SAML Tokens
  • T1027.014 - Polymorphic Code
  • T1008 - Fallback Channels
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1537 - Transfer Data to Cloud Account
  • T1679 - Selective Exclusion
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1218.013 - Mavinject
  • T1597 - Search Closed Sources
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
MITREへのリンク →

Medusa Group

Score: 0.56
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1094 - Custom Command and Control Protocol
  • T1590.003 - Network Trust Dependencies
  • T1216 - System Script Proxy Execution
  • T1586.002 - Email Accounts
  • T1548.006 - TCC Manipulation
  • T1547.012 - Print Processors
  • T1537 - Transfer Data to Cloud Account
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1176.001 - Browser Extensions
  • T1583.006 - Web Services
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
  • T1499.001 - OS Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1058 - Service Registry Permissions Weakness
  • T1679 - Selective Exclusion
  • T1218.013 - Mavinject
  • T1205.001 - Port Knocking
  • T1588.003 - Code Signing Certificates
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る