Trusted Design

T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis

概要

Most custom backdoors used by advanced attackers have limited functionality. They evade detection by keeping their code simple and flying under the radar. But during a recent investigation we found a backdoor that takes a very different approach. We refer to this backdoor as T9000, which is a newer variant of the T5000 malware family, also known as Plat1. In addition to the basic functionality all backdoors provide, T9000 allows the attacker to capture encrypted data, take screenshots of specific applications and specifically target Skype users. The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed. It uses a multi-stage installation process with specific checks at each point to identify if it is undergoing analysis by a security researcher. The primary functionality of this tool is to gather information about the victim.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 15.46
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 14.71
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Gamaredon Group

Score: 30.71
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

OilRig

Score: 38.85
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT28

Score: 35.85
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1499.001 - OS Exhaustion Flood
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1205.001 - Port Knocking
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.28
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1573 - Encrypted Channel
MITREへのリンク →

APT42

Score: 14.80
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 30.87
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 30.20
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Winter Vivern

Score: 11.07
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
MITREへのリンク →

Silence

Score: 5.59
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 32.60
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1491 - Defacement
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1159 - Launch Agent
MITREへのリンク →

APT39

Score: 17.86
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
MITREへのリンク →

Kimsuky

Score: 35.63
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
MITREへのリンク →

Dark Caracal

Score: 6.26
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1584.003 - Virtual Private Server
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 38.43
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
MITREへのリンク →

APT41

Score: 31.54
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1578.003 - Delete Cloud Instance
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Rocke

Score: 24.93
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 22.22
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
MITREへのリンク →

UNC3886

Score: 25.94
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 18.68
Matched TTPs:
  • T1485.001 - Lifecycle-Triggered Deletion
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

FIN6

Score: 17.03
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1584.003 - Virtual Private Server
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

CopyKittens

Score: 4.00
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 43.54
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

Lotus Blossom

Score: 8.00
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
MITREへのリンク →

Lazarus Group

Score: 47.61
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.006 - Timestomp
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

FIN13

Score: 13.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moonstone Sleet

Score: 15.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1573 - Encrypted Channel
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 8.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 23.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

LuminousMoth

Score: 11.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 27.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Salt Typhoon

Score: 11.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT29

Score: 15.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 10.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 11.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1128 - Netsh Helper DLL
  • T1209 - Time Providers
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 5.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 26.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
MITREへのリンク →

Ke3chang

Score: 12.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Darkhotel

Score: 19.10
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Aquatic Panda

Score: 12.18
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Poseidon Group

Score: 4.04
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Chimera

Score: 12.18
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1491 - Defacement
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
MITREへのリンク →

Earth Lusca

Score: 17.12
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
MITREへのリンク →

admin@338

Score: 5.22
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 8.80
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 5.40
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1159 - Launch Agent
MITREへのリンク →

BlackByte

Score: 23.10
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
MITREへのリンク →

ZIRCONIUM

Score: 9.42
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 10.81
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1001.001 - Junk Data
MITREへのリンク →

HEXANE

Score: 14.53
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

TA2541

Score: 17.40
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

APT32

Score: 22.15
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

Inception

Score: 12.01
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Higaisa

Score: 5.78
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

CURIUM

Score: 9.02
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1205.001 - Port Knocking
  • T1547.008 - LSASS Driver
MITREへのリンク →

Malteiro

Score: 4.67
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1506 - Web Session Cookie
MITREへのリンク →

APT38

Score: 19.65
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1491 - Defacement
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Scattered Spider

Score: 17.06
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1491 - Defacement
  • T1136.002 - Domain Account
  • T1083 - File and Directory Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1588.005 - Exploits
MITREへのリンク →

APT3

Score: 5.66
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 8.86
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Daggerfly

Score: 6.37
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Storm-0501

Score: 8.84
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
MITREへのリンク →

SideCopy

Score: 7.82
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

APT19

Score: 6.37
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

FIN8

Score: 9.45
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1556 - Modify Authentication Process
MITREへのリンク →

Tropic Trooper

Score: 21.23
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 7.72
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
MITREへのリンク →

Wizard Spider

Score: 23.31
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1556 - Modify Authentication Process
MITREへのリンク →

Patchwork

Score: 6.89
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Windshift

Score: 9.89
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

Medusa Group

Score: 30.15
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1209 - Time Providers
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Stealth Falcon

Score: 6.41
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

LAPSUS$

Score: 8.60
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1588.005 - Exploits
MITREへのリンク →

HAFNIUM

Score: 13.25
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Axiom

Score: 8.95
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

ToddyCat

Score: 8.86
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 16.79
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1491 - Defacement
  • T1059.001 - PowerShell
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
  • T1588.005 - Exploits
MITREへのリンク →

Andariel

Score: 10.76
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

GALLIUM

Score: 3.77
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Agrius

Score: 8.05
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
MITREへのリンク →

Threat Group-3390

Score: 22.61
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1209 - Time Providers
MITREへのリンク →

Ember Bear

Score: 17.02
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

menuPass

Score: 9.85
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

WIRTE

Score: 5.16
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Gorgon Group

Score: 8.35
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Molerats

Score: 3.09
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
MITREへのリンク →

Storm-1811

Score: 12.63
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1205.001 - Port Knocking
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA505

Score: 8.65
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Leviathan

Score: 7.28
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

Cinnamon Tempest

Score: 3.89
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

LazyScripter

Score: 6.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

BITTER

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 11.12
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 5.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

BackdoorDiplomacy

Score: 6.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

BlackTech

Score: 5.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

Sea Turtle

Score: 7.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 12.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1083 - File and Directory Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
MITREへのリンク →

APT5

Score: 9.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1578.003 - Delete Cloud Instance
  • T1583.006 - Web Services
MITREへのリンク →

DarkVishnya

Score: 9.74
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
  • T1209 - Time Providers
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Akira

Score: 4.39
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
MITREへのリンク →

Cobalt Group

Score: 19.48
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
MITREへのリンク →

Velvet Ant

Score: 11.13
Matched TTPs:
  • T1684 - Social Engineering
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 7.00
Matched TTPs:
  • T1684 - Social Engineering
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Confucius

Score: 3.51
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Deep Panda

Score: 4.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 5.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Transparent Tribe

Score: 4.16
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Naikon

Score: 3.66
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81
Matched TTPs:
  • T1556 - Modify Authentication Process
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1584.003 - Virtual Private Server
  • T1016.001 - Internet Connection Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1120 - Peripheral Device Discovery
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1209 - Time Providers
  • T1216 - System Script Proxy Execution
  • T1069.001 - Local Groups
  • T1105 - Ingress Tool Transfer
  • T1570 - Lateral Tool Transfer
  • T1218.010 - Regsvr32
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
  • T1070.006 - Timestomp
MITREへのリンク →

Mustang Panda

Score: 0.73
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
  • T1136.001 - Local Account
  • T1105 - Ingress Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1169 - Sudo
  • T1091 - Replication Through Removable Media
  • T1120 - Peripheral Device Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1209 - Time Providers
  • T1556 - Modify Authentication Process
  • T1071.001 - Web Protocols
  • T1159 - Launch Agent
MITREへのリンク →

FIN7

Score: 0.72
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1199 - Trusted Relationship
  • T1564.002 - Hidden Users
  • T1105 - Ingress Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.001 - PowerShell
  • T1156 - Malicious Shell Modification
  • T1091 - Replication Through Removable Media
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1011.001 - Exfiltration Over Bluetooth
  • T1583.006 - Web Services
  • T1606.002 - SAML Tokens
  • T1547.002 - Authentication Package
  • T1584.003 - Virtual Private Server
  • T1586.002 - Email Accounts
MITREへのリンク →

APT28

Score: 0.65
Matched TTPs:
  • T1205.001 - Port Knocking
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.001 - PowerShell
  • T1499.001 - OS Exhaustion Flood
  • T1156 - Malicious Shell Modification
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1055.008 - Ptrace System Calls
  • T1584.003 - Virtual Private Server
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 0.65
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1156 - Malicious Shell Modification
  • T1570 - Lateral Tool Transfer
  • T1091 - Replication Through Removable Media
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
  • T1606.002 - SAML Tokens
  • T1209 - Time Providers
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1556 - Modify Authentication Process
  • T1586.002 - Email Accounts
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Kimsuky

Score: 0.60
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1016.001 - Internet Connection Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1059.010 - AutoHotKey & AutoIT
  • T1156 - Malicious Shell Modification
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1606.002 - SAML Tokens
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1570 - Lateral Tool Transfer
  • T1584.003 - Virtual Private Server
MITREへのリンク →

APT41

Score: 0.59
Matched TTPs:
  • T1578.003 - Delete Cloud Instance
  • T1573 - Encrypted Channel
  • T1199 - Trusted Relationship
  • T1002 - Data Compressed
  • T1499.001 - OS Exhaustion Flood
  • T1570 - Lateral Tool Transfer
  • T1218.010 - Regsvr32
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1209 - Time Providers
  • T1037.001 - Logon Script (Windows)
  • T1584.003 - Virtual Private Server
MITREへのリンク →

Medusa Group

Score: 0.58
Matched TTPs:
  • T1598 - Phishing for Information
  • T1199 - Trusted Relationship
  • T1218.003 - CMSTP
  • T1597 - Search Closed Sources
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1216 - System Script Proxy Execution
  • T1586.002 - Email Accounts
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Volt Typhoon

Score: 0.58
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1156 - Malicious Shell Modification
  • T1570 - Lateral Tool Transfer
  • T1583.006 - Web Services
  • T1083 - File and Directory Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1491 - Defacement
  • T1584.003 - Virtual Private Server
  • T1070.006 - Timestomp
  • T1159 - Launch Agent
MITREへのリンク →

Magic Hound

Score: 0.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1156 - Malicious Shell Modification
  • T1597 - Search Closed Sources
  • T1583.006 - Web Services
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
  • T1209 - Time Providers
  • T1683 - Generate Content
  • T1070.003 - Clear Command History
  • T1584.003 - Virtual Private Server
  • T1187 - Forced Authentication
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る