Trusted Design

PowerSniff Malware Used in Macro-based Attacks

概要

The concept of file-less malware is not a new one. Families like Poweliks, which abuse Microsoft’s PowerShell, have emerged in recent years and have garnered extensive attention due to their ability to compromise a system while leaving little or no trace of their presence to traditional forensic techniques. Typically, file-less malware has been observed in the context of Exploit Kits such as Angler. Palo Alto Networks has observed a recent high-threat spam campaign that is serving malicious macro documents used to execute PowerShell scripts which injects malware similar to the Ursnif family directly into memory. We call the malware PowerSniff.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT3

Score: 16.50
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 28.40
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 20.09
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Chimera

Score: 26.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

Patchwork

Score: 32.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1027.001 - Binary Padding
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

Daggerfly

Score: 17.58
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1574.001 - DLL
  • T1059.001 - PowerShell
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 47.97
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

TA2541

Score: 24.54
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

GALLIUM

Score: 15.24
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1574.001 - DLL
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 38.55
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 26.74
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

HEXANE

Score: 17.79
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustang Panda

Score: 58.65
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1129 - Shared Modules
  • T1036.007 - Double File Extension
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1654 - Log Enumeration
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Magic Hound

Score: 32.72
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1562 - Impair Defenses
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 13.94
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ToddyCat

Score: 7.67
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1680 - Local Storage Discovery
MITREへのリンク →

Blue Mockingbird

Score: 13.38
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

Molerats

Score: 15.39
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Storm-0501

Score: 12.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.009 - Cloud API
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1027.002 - Software Packing
MITREへのリンク →

APT29

Score: 43.10
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.009 - Cloud API
  • T1027.001 - Binary Padding
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1027.006 - HTML Smuggling
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

APT39

Score: 40.06
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1197 - BITS Jobs
  • T1059.006 - Python
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 10.39
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 28.50
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Higaisa

Score: 23.81
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.001 - Binary Padding
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
  • T1027.015 - Compression
MITREへのリンク →

APT41

Score: 40.96
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1014 - Rootkit
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1197 - BITS Jobs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Rancor

Score: 8.35
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 32.68
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
MITREへのリンク →

Ember Bear

Score: 26.82
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1588.005 - Exploits
MITREへのリンク →

Machete

Score: 11.68
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
MITREへのリンク →

APT42

Score: 8.08
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
MITREへのリンク →

FIN10

Score: 9.16
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

Naikon

Score: 4.62
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
MITREへのリンク →

RedCurl

Score: 29.23
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1202 - Indirect Command Execution
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
MITREへのリンク →

Moonstone Sleet

Score: 22.35
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT32

Score: 57.55
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1216.001 - PubPrn
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1564.004 - NTFS File Attributes
  • T1078.003 - Local Accounts
MITREへのリンク →

Fox Kitten

Score: 15.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 9.80
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 43.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 55.61
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1565.003 - Runtime Data Manipulation
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1036.006 - Space after Filename
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

menuPass

Score: 21.39
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT-C-36

Score: 8.20
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN6

Score: 14.32
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
MITREへのリンク →

LuminousMoth

Score: 14.24
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lazarus Group

Score: 76.51
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1620 - Reflective Code Loading
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

BRONZE BUTLER

Score: 40.16
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1027.001 - Binary Padding
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Winter Vivern

Score: 12.83
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 28.91
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MuddyWater

Score: 43.49
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1137.001 - Office Template Macros
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 60.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1221 - Template Injection
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Kimsuky

Score: 73.78
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.007 - Double File Extension
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.001 - Binary Padding
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1546.001 - Change Default File Association
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1588.005 - Exploits
  • T1078.003 - Local Accounts
MITREへのリンク →

Stealth Falcon

Score: 8.12
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1012 - Query Registry
MITREへのリンク →

BITTER

Score: 15.94
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 16.98
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

APT37

Score: 28.67
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Turla

Score: 53.93
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1546.013 - PowerShell Profile
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

Scattered Spider

Score: 20.38
Matched TTPs:
  • T1006 - Direct Volume Access
  • T1564.008 - Email Hiding Rules
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1204 - User Execution
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 46.54
Matched TTPs:
  • T1006 - Direct Volume Access
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1654 - Log Enumeration
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

FIN4

Score: 11.33
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1059.005 - Visual Basic
MITREへのリンク →

Inception

Score: 21.60
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 10.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Elderwood

Score: 9.35
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 25.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Transparent Tribe

Score: 7.92
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
MITREへのリンク →

APT28

Score: 45.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1025 - Data from Removable Media
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

APT18

Score: 5.05
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leviathan

Score: 35.67
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1027.001 - Binary Padding
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Sidewinder

Score: 24.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Saint Bear

Score: 15.54
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

TA505

Score: 30.50
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 20.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Threat Group-3390

Score: 33.86
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 6.23
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.005 - Visual Basic
MITREへのリンク →

Storm-1811

Score: 12.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tropic Trooper

Score: 36.86
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1070.004 - File Deletion
  • T1221 - Template Injection
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

Mofang

Score: 6.41
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

Contagious Interview

Score: 28.65
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1204.005 - Malicious Library
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

Whitefly

Score: 8.08
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 5.31
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 30.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1059.009 - Cloud API
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1680 - Local Storage Discovery
MITREへのリンク →

Metador

Score: 7.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Winnti Group

Score: 6.88
Matched TTPs:
  • T1014 - Rootkit
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 24.76
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 27.83
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1059.006 - Python
  • T1059.012 - Hypervisor CLI
  • T1070.004 - File Deletion
  • T1124 - System Time Discovery
MITREへのリンク →

Mustard Tempest

Score: 9.05
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Indrik Spider

Score: 13.16
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Play

Score: 15.05
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 13.00
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Ke3chang

Score: 17.07
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Gallmaker

Score: 7.50
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

WIRTE

Score: 9.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 5.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
MITREへのリンク →

CURIUM

Score: 6.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

DarkHydrus

Score: 6.46
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1221 - Template Injection
MITREへのリンク →

PLATINUM

Score: 13.39
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 14.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 15.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PROMETHIUM

Score: 7.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Star Blizzard

Score: 4.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA459

Score: 5.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

Nomadic Octopus

Score: 5.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 18.44
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SideCopy

Score: 12.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tonto Team

Score: 8.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 16.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

admin@338

Score: 4.46
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 9.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1124 - System Time Discovery
MITREへのリンク →

IndigoZebra

Score: 3.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 5.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 14.34
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cinnamon Tempest

Score: 13.44
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 37.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

DarkVishnya

Score: 3.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Aquatic Panda

Score: 18.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lotus Blossom

Score: 8.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

Agrius

Score: 9.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Evilnum

Score: 7.33
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT1

Score: 5.70
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

Velvet Ant

Score: 18.72
Matched TTPs:
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

BackdoorDiplomacy

Score: 8.11
Matched TTPs:
  • T1574.001 - DLL
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 17.04
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

APT5

Score: 10.90
Matched TTPs:
  • T1055 - Process Injection
  • T1083 - File and Directory Discovery
  • T1654 - Log Enumeration
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1070.004 - File Deletion
MITREへのリンク →

Moafee

Score: 3.03
Matched TTPs:
  • T1027.001 - Binary Padding
MITREへのリンク →

Akira

Score: 9.76
Matched TTPs:
  • T1027.001 - Binary Padding
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
MITREへのリンク →

FIN5

Score: 4.57
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1070.004 - File Deletion
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

LAPSUS$

Score: 11.57
Matched TTPs:
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1531 - Account Access Removal
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

HAFNIUM

Score: 7.06
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Leafminer

Score: 5.78
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Deep Panda

Score: 5.06
Matched TTPs:
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.59
Matched TTPs:
  • T1059.001 - PowerShell
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Sea Turtle

Score: 8.63
Matched TTPs:
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1078.003 - Local Accounts
MITREへのリンク →

INC Ransom

Score: 9.44
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Axiom

Score: 7.80
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.80
Matched TTPs:
  • T1124 - System Time Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1529 - System Shutdown/Reboot
  • T1053.005 - Scheduled Task
  • T1588.002 - Tool
  • T1620 - Reflective Code Loading
  • T1584.004 - Server
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1059.005 - Visual Basic
  • T1218 - System Binary Proxy Execution
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1202 - Indirect Command Execution
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1574.013 - KernelCallbackTable
  • T1587.001 - Malware
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1036.003 - Rename Legitimate Utilities
  • T1574.001 - DLL
  • T1010 - Application Window Discovery
  • T1027.007 - Dynamic API Resolution
  • T1543.003 - Windows Service
  • T1057 - Process Discovery
  • T1680 - Local Storage Discovery
  • T1218.005 - Mshta
  • T1027.009 - Embedded Payloads
  • T1204.002 - Malicious File
  • T1547.009 - Shortcut Modification
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.005 - Scheduled Task
  • T1027 - Obfuscated Files or Information
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1176.001 - Browser Extensions
  • T1078.003 - Local Accounts
  • T1059.005 - Visual Basic
  • T1027.001 - Binary Padding
  • T1546.001 - Change Default File Association
  • T1566.001 - Spearphishing Attachment
  • T1012 - Query Registry
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1027.012 - LNK Icon Smuggling
  • T1070.004 - File Deletion
  • T1027.010 - Command Obfuscation
  • T1588.005 - Exploits
  • T1587.001 - Malware
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1543.003 - Windows Service
  • T1057 - Process Discovery
  • T1680 - Local Storage Discovery
  • T1036.007 - Double File Extension
  • T1218.005 - Mshta
  • T1059.006 - Python
  • T1027.002 - Software Packing
  • T1204.002 - Malicious File
MITREへのリンク →

Gamaredon Group

Score: 0.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1221 - Template Injection
  • T1053.005 - Scheduled Task
  • T1027 - Obfuscated Files or Information
  • T1588.002 - Tool
  • T1620 - Reflective Code Loading
  • T1080 - Taint Shared Content
  • T1083 - File and Directory Discovery
  • T1059.005 - Visual Basic
  • T1566.001 - Spearphishing Attachment
  • T1012 - Query Registry
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1027.012 - LNK Icon Smuggling
  • T1070.004 - File Deletion
  • T1027.010 - Command Obfuscation
  • T1027.004 - Compile After Delivery
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1039 - Data from Network Shared Drive
  • T1057 - Process Discovery
  • T1025 - Data from Removable Media
  • T1218.005 - Mshta
  • T1027.015 - Compression
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
MITREへのリンク →

APT32

Score: 0.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1053.005 - Scheduled Task
  • T1588.002 - Tool
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
  • T1059.005 - Visual Basic
  • T1216.001 - PubPrn
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1055 - Process Injection
  • T1564.004 - NTFS File Attributes
  • T1570 - Lateral Tool Transfer
  • T1112 - Modify Registry
  • T1036 - Masquerading
  • T1070.004 - File Deletion
  • T1027.010 - Command Obfuscation
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1036.003 - Rename Legitimate Utilities
  • T1574.001 - DLL
  • T1543.003 - Windows Service
  • T1218.005 - Mshta
  • T1204.002 - Malicious File
  • T1059 - Command and Scripting Interpreter
MITREへのリンク →

Turla

Score: 0.64
Matched TTPs:
  • T1124 - System Time Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1083 - File and Directory Discovery
  • T1078.003 - Local Accounts
  • T1059.005 - Visual Basic
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1570 - Lateral Tool Transfer
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1057 - Process Discovery
  • T1025 - Data from Removable Media
  • T1564.012 - File/Path Exclusions
  • T1059.006 - Python
  • T1546.013 - PowerShell Profile
MITREへのリンク →

APT38

Score: 0.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1529 - System Shutdown/Reboot
  • T1053.005 - Scheduled Task
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1083 - File and Directory Discovery
  • T1569.002 - Service Execution
  • T1565.003 - Runtime Data Manipulation
  • T1059.005 - Visual Basic
  • T1566.001 - Spearphishing Attachment
  • T1553.005 - Mark-of-the-Web Bypass
  • T1189 - Drive-by Compromise
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1036.003 - Rename Legitimate Utilities
  • T1036.006 - Space after Filename
  • T1543.003 - Windows Service
  • T1057 - Process Discovery
  • T1218.005 - Mshta
  • T1027.002 - Software Packing
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.005 - Scheduled Task
  • T1027 - Obfuscated Files or Information
  • T1588.002 - Tool
  • T1678 - Delay Execution
  • T1176.002 - IDE Extensions
  • T1083 - File and Directory Discovery
  • T1059.005 - Visual Basic
  • T1566.001 - Spearphishing Attachment
  • T1518 - Software Discovery
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1027.012 - LNK Icon Smuggling
  • T1070.004 - File Deletion
  • T1587.001 - Malware
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1129 - Shared Modules
  • T1574.001 - DLL
  • T1654 - Log Enumeration
  • T1027.007 - Dynamic API Resolution
  • T1057 - Process Discovery
  • T1036.007 - Double File Extension
  • T1218.005 - Mshta
  • T1204.002 - Malicious File
  • T1059 - Command and Scripting Interpreter
MITREへのリンク →

FIN7

Score: 0.59
Matched TTPs:
  • T1124 - System Time Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.005 - Scheduled Task
  • T1588.002 - Tool
  • T1620 - Reflective Code Loading
  • T1569.002 - Service Execution
  • T1559.002 - Dynamic Data Exchange
  • T1078.003 - Local Accounts
  • T1674 - Input Injection
  • T1059.005 - Visual Basic
  • T1497.002 - User Activity Based Checks
  • T1195.002 - Compromise Software Supply Chain
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1543.003 - Windows Service
  • T1057 - Process Discovery
  • T1218.005 - Mshta
  • T1204.002 - Malicious File
  • T1059 - Command and Scripting Interpreter
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る