Trusted Design

Spam Campaign Distributes AdWind RAT

概要

Dell SecureWorks Counter Threat Unit™ (CTU) researchers analyzed spam campaigns that distributed the AdWind remote access trojan (RAT). AdWind, also known as Frutas, UNRECOM, AlienSpy, and JSocket, is a Java-based RAT. It is typically distributed as a .jar (Java archive) attachment via spam emails (see Figure 1) and relies on social engineering to convince a victim to execute the attachment. In some samples analyzed by CTU researchers, the attachment was an obfuscated VBScript (.vbs) file that downloads and installs AdWind, or the email message just included a link to download and install the malware.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 8.87
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Medusa Group

Score: 28.76
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1564.003 - Hidden Window
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

menuPass

Score: 11.77
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 15.58
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Gamaredon Group

Score: 43.29
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1564.003 - Hidden Window
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

APT32

Score: 30.70
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1216.001 - PubPrn
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 33.41
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 31.93
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

Wizard Spider

Score: 17.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Leviathan

Score: 26.33
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 8.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
MITREへのリンク →

FIN7

Score: 33.19
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 3.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 20.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Blue Mockingbird

Score: 12.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 3.21
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Lazarus Group

Score: 33.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lotus Blossom

Score: 6.46
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

Sandworm Team

Score: 31.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 21.60
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Indrik Spider

Score: 11.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 18.99
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Stealth Falcon

Score: 5.30
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1012 - Query Registry
MITREへのリンク →

Aquatic Panda

Score: 10.12
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT29

Score: 22.83
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1553.005 - Mark-of-the-Web Bypass
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1651 - Cloud Administration Command
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 41.09
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windshift

Score: 11.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 15.17
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ToddyCat

Score: 9.45
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1564.003 - Hidden Window
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 8.20
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
MITREへのリンク →

Threat Group-3390

Score: 27.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 10.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Ember Bear

Score: 14.44
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Chimera

Score: 20.10
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 19.05
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 17.15
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.006 - Windows Remote Management
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
MITREへのリンク →

Magic Hound

Score: 30.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT41

Score: 17.63
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1014 - Rootkit
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 17.62
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

TA577

Score: 6.65
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 18.52
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Scattered Spider

Score: 20.40
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1219.002 - Remote Desktop Software
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN4

Score: 12.73
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1204.001 - Malicious Link
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
MITREへのリンク →

Rocke

Score: 13.26
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

TeamTNT

Score: 14.83
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT28

Score: 34.46
Matched TTPs:
  • T1014 - Rootkit
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1669 - Wi-Fi Networks
MITREへのリンク →

UNC3886

Score: 14.12
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustard Tempest

Score: 15.62
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
  • T1204.001 - Malicious Link
MITREへのリンク →

Turla

Score: 22.54
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 39.11
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1219.002 - Remote Desktop Software
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Contagious Interview

Score: 18.85
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LuminousMoth

Score: 12.01
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 7.73
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Aoqin Dragon

Score: 5.23
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 19.92
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1573.002 - Asymmetric Cryptography
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Ke3chang

Score: 9.90
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Malteiro

Score: 3.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 9.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 7.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 7.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 19.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

WIRTE

Score: 6.83
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

RTM

Score: 6.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

CURIUM

Score: 8.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 12.02
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1027.003 - Steganography
MITREへのリンク →

Dark Caracal

Score: 5.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkHydrus

Score: 4.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

PLATINUM

Score: 7.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 7.44
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
MITREへのリンク →

HEXANE

Score: 10.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BITTER

Score: 5.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 9.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 8.90
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1204.001 - Malicious Link
MITREへのリンク →

TA505

Score: 22.07
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

APT39

Score: 14.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Star Blizzard

Score: 10.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

Higaisa

Score: 11.79
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 4.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
MITREへのリンク →

Cobalt Group

Score: 20.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 14.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1566.004 - Spearphishing Voice
  • T1219.002 - Remote Desktop Software
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 8.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 10.46
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.19
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 10.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Patchwork

Score: 14.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 4.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1564.003 - Hidden Window
MITREへのリンク →

Gorgon Group

Score: 10.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1564.003 - Hidden Window
MITREへのリンク →

APT19

Score: 12.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
MITREへのリンク →

SideCopy

Score: 7.26
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

Mofang

Score: 7.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Andariel

Score: 15.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 18.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT38

Score: 21.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Molerats

Score: 13.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 15.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT33

Score: 6.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Silence

Score: 8.39
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Sidewinder

Score: 13.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1598.002 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 5.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 8.28
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 5.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 9.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 8.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ZIRCONIUM

Score: 12.35
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1012 - Query Registry
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 3.31
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
MITREへのリンク →

Winter Vivern

Score: 7.04
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Agrius

Score: 6.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.35
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1566 - Phishing
MITREへのリンク →

Sea Turtle

Score: 10.72
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Storm-0501

Score: 12.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Fox Kitten

Score: 8.39
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Axiom

Score: 13.28
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

HAFNIUM

Score: 6.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1057 - Process Discovery
MITREへのリンク →

APT5

Score: 4.64
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

DarkVishnya

Score: 3.44
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Carbanak

Score: 3.44
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Akira

Score: 6.04
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

LAPSUS$

Score: 10.88
Matched TTPs:
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1589.001 - Credentials
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

CopyKittens

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Daggerfly

Score: 5.36
Matched TTPs:
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Gamaredon Group

Score: 0.79
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1080 - Taint Shared Content
  • T1608.001 - Upload Malware
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1027.012 - LNK Icon Smuggling
  • T1027.015 - Compression
  • T1112 - Modify Registry
  • T1012 - Query Registry
  • T1039 - Data from Network Shared Drive
  • T1562.001 - Disable or Modify Tools
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1564.003 - Hidden Window
  • T1559.001 - Component Object Model
  • T1588.002 - Tool
  • T1027.004 - Compile After Delivery
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

OilRig

Score: 0.76
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1195 - Supply Chain Compromise
  • T1587.001 - Malware
  • T1112 - Modify Registry
  • T1012 - Query Registry
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
  • T1219 - Remote Access Tools
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1137.004 - Outlook Home Page
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Kimsuky

Score: 0.72
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1566.002 - Spearphishing Link
  • T1566 - Phishing
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1027.012 - LNK Icon Smuggling
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1012 - Query Registry
  • T1562.001 - Disable or Modify Tools
  • T1204.002 - Malicious File
  • T1564.003 - Hidden Window
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN7

Score: 0.68
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1566.002 - Spearphishing Link
  • T1204.002 - Malicious File
  • T1564.003 - Hidden Window
  • T1608.001 - Upload Malware
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1674 - Input Injection
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
MITREへのリンク →

APT28

Score: 0.66
Matched TTPs:
  • T1589.001 - Credentials
  • T1025 - Data from Removable Media
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1669 - Wi-Fi Networks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
MITREへのリンク →

Lazarus Group

Score: 0.65
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1566.001 - Spearphishing Attachment
  • T1012 - Query Registry
  • T1566.002 - Spearphishing Link
  • T1204.002 - Malicious File
  • T1566.003 - Spearphishing via Service
  • T1562.001 - Disable or Modify Tools
  • T1010 - Application Window Discovery
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.009 - Embedded Payloads
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1566.002 - Spearphishing Link
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1057 - Process Discovery
  • T1608.001 - Upload Malware
  • T1027.012 - LNK Icon Smuggling
  • T1588.002 - Tool
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1176.002 - IDE Extensions
MITREへのリンク →

Sandworm Team

Score: 0.63
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1566.001 - Spearphishing Attachment
  • T1592.002 - Software
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1584.005 - Botnet
  • T1195 - Supply Chain Compromise
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1589.001 - Credentials
  • T1592.002 - Software
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1564.003 - Hidden Window
  • T1566.003 - Spearphishing via Service
  • T1562.001 - Disable or Modify Tools
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
MITREへのリンク →

MuddyWater

Score: 0.61
Matched TTPs:
  • T1027.003 - Steganography
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1566.002 - Spearphishing Link
  • T1204.002 - Malicious File
  • T1562.001 - Disable or Modify Tools
  • T1559.001 - Component Object Model
  • T1588.002 - Tool
  • T1027.004 - Compile After Delivery
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
MITREへのリンク →

APT32

Score: 0.61
Matched TTPs:
  • T1216.001 - PubPrn
  • T1566.001 - Spearphishing Attachment
  • T1012 - Query Registry
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1564.003 - Hidden Window
  • T1218.010 - Regsvr32
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1047 - Windows Management Instrumentation
  • T1203 - Exploitation for Client Execution
  • T1569.002 - Service Execution
  • T1112 - Modify Registry
MITREへのリンク →

Medusa Group

Score: 0.60
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1573.002 - Asymmetric Cryptography
  • T1564.003 - Hidden Window
  • T1562.001 - Disable or Modify Tools
  • T1559.001 - Component Object Model
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1608.002 - Upload Tool
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
MITREへのリンク →

Threat Group-3390

Score: 0.57
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1012 - Query Registry
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1021.006 - Windows Remote Management
  • T1027.015 - Compression
  • T1608.002 - Upload Tool
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る