Trusted Design

FBI Cyberwatch A-000067-DM

概要

The FBI has obtained and validated information regarding a group of malicious cyber actors who have compromised and stolen sensitive information from various government and commercial networks. This group utilized the domains listed herein in furtherance of computer network exploitation (CNE) activities in the United States and abroad since at least 2011. Research and analysis indicate that these domains were associated with the command and control (C2) of customized malicious software. Furthermore, these domains have also been used to host malicious files – often through embedded links in spear phish emails. Any activity related to these domains detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 80.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1152 - Launchctl
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1053.002 - At
MITREへのリンク →

Sea Turtle

Score: 14.31
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
MITREへのリンク →

Ember Bear

Score: 25.48
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1578 - Modify Cloud Compute Infrastructure
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 16.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1552.008 - Chat Messages
  • T1166 - Setuid and Setgid
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 7.51
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1166 - Setuid and Setgid
MITREへのリンク →

Contagious Interview

Score: 45.63
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 65.33
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 25.49
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 55.87
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
  • T1665 - Hide Infrastructure
MITREへのリンク →

LAPSUS$

Score: 36.81
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Scattered Spider

Score: 29.74
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
MITREへのリンク →

FIN4

Score: 7.81
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 11.82
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1598.003 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 55.22
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1578 - Modify Cloud Compute Infrastructure
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

HAFNIUM

Score: 24.23
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.008 - Stripped Payloads
  • T1134.002 - Create Process with Token
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
MITREへのリンク →

APT41

Score: 18.01
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA551

Score: 12.46
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT28

Score: 54.98
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 20.44
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 36.96
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Mustard Tempest

Score: 18.91
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Silent Librarian

Score: 16.54
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 27.67
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 14.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 25.37
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 42.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 24.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 13.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1021.006 - Windows Remote Management
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 7.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 9.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 24.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1546.018 - Python Startup Hooks
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 9.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 8.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1542.004 - ROMMONkit
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 23.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.004 - Unix Shell
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 9.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 36.61
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 16.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1506 - Web Session Cookie
  • T1519 - Emond
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN7

Score: 31.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackTech

Score: 6.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 15.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 10.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

Mofang

Score: 6.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 13.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 6.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 5.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 11.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

FIN8

Score: 6.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 28.53
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT3

Score: 13.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 10.26
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

APT33

Score: 13.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 6.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Windshift

Score: 16.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1078 - Valid Accounts
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 10.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 15.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 20.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 16.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 20.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1567.001 - Exfiltration to Code Repository
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA577

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 18.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

TA505

Score: 10.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 11.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 13.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

APT39

Score: 9.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

CURIUM

Score: 15.05
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 25.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Saint Bear

Score: 10.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 7.10
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN6

Score: 6.64
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 10.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

WIRTE

Score: 4.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

menuPass

Score: 11.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
MITREへのリンク →

Threat Group-3390

Score: 18.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

Gamaredon Group

Score: 31.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 6.03
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BITTER

Score: 6.71
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 5.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 11.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 8.35
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
  • T1546.017 - Udev Rules
MITREへのリンク →

Naikon

Score: 5.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 6.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

Malteiro

Score: 5.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

SideCopy

Score: 11.65
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1053.002 - At
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Tonto Team

Score: 5.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 10.66
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 4.12
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

IndigoZebra

Score: 7.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 10.66
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

PLATINUM

Score: 4.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT5

Score: 9.75
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1677 - Poisoned Pipeline Execution
  • T1166 - Setuid and Setgid
MITREへのリンク →

Velvet Ant

Score: 9.56
Matched TTPs:
  • T1583.005 - Botnet
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

HEXANE

Score: 24.39
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

BlackByte

Score: 12.40
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1606.001 - Web Cookies
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Medusa Group

Score: 20.64
Matched TTPs:
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Axiom

Score: 14.70
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

INC Ransom

Score: 9.06
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cinnamon Tempest

Score: 5.66
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
MITREへのリンク →

Storm-0501

Score: 7.17
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Fox Kitten

Score: 5.78
Matched TTPs:
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
MITREへのリンク →

GALLIUM

Score: 4.00
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
MITREへのリンク →

Aquatic Panda

Score: 5.03
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

Chimera

Score: 14.84
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1166 - Setuid and Setgid
  • T1027.007 - Dynamic API Resolution
  • T1665 - Hide Infrastructure
MITREへのリンク →

Blue Mockingbird

Score: 5.99
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Deep Panda

Score: 5.90
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Volatile Cedar

Score: 4.13
Matched TTPs:
  • T1002 - Data Compressed
MITREへのリンク →

ToddyCat

Score: 9.54
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 5.96
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1057 - Process Discovery
  • T1091 - Replication Through Removable Media
  • T1114 - Email Collection
  • T1098.007 - Additional Local or Domain Groups
  • T1583.005 - Botnet
  • T1506 - Web Session Cookie
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1027.018 - Invisible Unicode
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1053.002 - At
  • T1608.005 - Link Target
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1055.014 - VDSO Hijacking
  • T1134.002 - Create Process with Token
  • T1152 - Launchctl
  • T1566.002 - Spearphishing Link
  • T1665 - Hide Infrastructure
  • T1690 - Prevent Command History Logging
  • T1683.001 - Written Content
  • T1598.003 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1003.003 - NTDS
  • T1547.002 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1102.003 - One-Way Communication
  • T1024 - Custom Cryptographic Protocol
  • T1197 - BITS Jobs
MITREへのリンク →

Sandworm Team

Score: 0.71
Matched TTPs:
  • T1114 - Email Collection
  • T1098.007 - Additional Local or Domain Groups
  • T1583.005 - Botnet
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1027.018 - Invisible Unicode
  • T1199 - Trusted Relationship
  • T1111 - Multi-Factor Authentication Interception
  • T1218.010 - Regsvr32
  • T1049 - System Network Connections Discovery
  • T1166 - Setuid and Setgid
  • T1193 - Spearphishing Attachment
  • T1134.002 - Create Process with Token
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1598.003 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1484.002 - Trust Modification
  • T1183 - Image File Execution Options Injection
  • T1102.003 - One-Way Communication
  • T1564.008 - Email Hiding Rules
  • T1091 - Replication Through Removable Media
  • T1187 - Forced Authentication
  • T1546.016 - Installer Packages
MITREへのリンク →

APT28

Score: 0.62
Matched TTPs:
  • T1057 - Process Discovery
  • T1685.001 - Disable or Modify Windows Event Log
  • T1098.007 - Additional Local or Domain Groups
  • T1583.005 - Botnet
  • T1059.001 - PowerShell
  • T1546.007 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1542.004 - ROMMONkit
  • T1152 - Launchctl
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.003 - Firmware
  • T1598.003 - Spearphishing Link
  • T1566.003 - Spearphishing via Service
  • T1547.002 - Authentication Package
  • T1024 - Custom Cryptographic Protocol
  • T1197 - BITS Jobs
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.018 - Invisible Unicode
  • T1547.005 - Security Support Provider
  • T1199 - Trusted Relationship
  • T1053.002 - At
  • T1608.005 - Link Target
  • T1166 - Setuid and Setgid
  • T1059.012 - Hypervisor CLI
  • T1134.002 - Create Process with Token
  • T1578.002 - Create Cloud Instance
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
  • T1566.002 - Spearphishing Link
  • T1592.003 - Firmware
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1578 - Modify Cloud Compute Infrastructure
  • T1187 - Forced Authentication
MITREへのリンク →

Volt Typhoon

Score: 0.58
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1685.001 - Disable or Modify Windows Event Log
  • T1199 - Trusted Relationship
  • T1665 - Hide Infrastructure
  • T1553.002 - Code Signing
  • T1114 - Email Collection
  • T1148 - HISTCONTROL
  • T1102.003 - One-Way Communication
  • T1049 - System Network Connections Discovery
  • T1166 - Setuid and Setgid
  • T1552.008 - Chat Messages
  • T1164 - Re-opened Applications
  • T1065 - Uncommonly Used Port
  • T1574.002 - DLL Side-Loading
  • T1546.016 - Installer Packages
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る