Trusted Design

PowerSniff Malware Used in Macro-based Attacks

概要

The concept of file-less malware is not a new one. Families like Poweliks, which abuse Microsoft’s PowerShell, have emerged in recent years and have garnered extensive attention due to their ability to compromise a system while leaving little or no trace of their presence to traditional forensic techniques. Typically, file-less malware has been observed in the context of Exploit Kits such as Angler. Palo Alto Networks has observed a recent high-threat spam campaign that is serving malicious macro documents used to execute PowerShell scripts which injects malware similar to the Ursnif family directly into memory. We call the malware PowerSniff.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT3

Score: 16.50
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 28.40
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 20.09
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Chimera

Score: 26.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
MITREへのリンク →

Patchwork

Score: 32.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1580 - Cloud Infrastructure Discovery
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

Daggerfly

Score: 17.58
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1089 - Disabling Security Tools
  • T1497.002 - User Activity Based Checks
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 47.97
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA2541

Score: 24.54
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

GALLIUM

Score: 15.24
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1089 - Disabling Security Tools
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 38.55
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 26.74
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 17.79
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustang Panda

Score: 58.65
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1003 - OS Credential Dumping
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Magic Hound

Score: 32.72
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1070.003 - Clear Command History
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 13.94
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 7.67
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1665 - Hide Infrastructure
MITREへのリンク →

Blue Mockingbird

Score: 13.38
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Molerats

Score: 15.39
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Storm-0501

Score: 12.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1560 - Archive Collected Data
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT29

Score: 43.10
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1560 - Archive Collected Data
  • T1580 - Cloud Infrastructure Discovery
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1070.009 - Clear Persistence
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 40.06
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1001.003 - Protocol or Service Impersonation
  • T1027.004 - Compile After Delivery
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN8

Score: 10.39
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 28.50
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1001.003 - Protocol or Service Impersonation
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Higaisa

Score: 23.81
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1580 - Cloud Infrastructure Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

APT41

Score: 40.96
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1499.001 - OS Exhaustion Flood
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1001.003 - Protocol or Service Impersonation
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Rancor

Score: 8.35
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 32.68
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
MITREへのリンク →

Ember Bear

Score: 26.82
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1003.003 - NTDS
MITREへのリンク →

Machete

Score: 11.68
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT42

Score: 8.08
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.010 - Command Obfuscation
MITREへのリンク →

FIN10

Score: 9.16
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Naikon

Score: 4.62
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
MITREへのリンク →

RedCurl

Score: 29.23
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1558.005 - Ccache Files
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Moonstone Sleet

Score: 22.35
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT32

Score: 57.55
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1110.001 - Password Guessing
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1484 - Domain or Tenant Policy Modification
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Fox Kitten

Score: 15.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 9.80
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 43.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 55.61
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1675 - ESXi Administration Command
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

menuPass

Score: 21.39
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT-C-36

Score: 8.20
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN6

Score: 14.32
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LuminousMoth

Score: 14.24
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 76.51
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1205 - Traffic Signaling
  • T1050 - New Service
  • T1070.006 - Timestomp
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
  • T1216 - System Script Proxy Execution
MITREへのリンク →

BRONZE BUTLER

Score: 40.16
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1580 - Cloud Infrastructure Discovery
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Winter Vivern

Score: 12.83
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 28.91
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MuddyWater

Score: 43.49
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1558.001 - Golden Ticket
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 60.19
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1200 - Hardware Additions
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Kimsuky

Score: 73.78
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1580 - Cloud Infrastructure Discovery
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1496.004 - Cloud Service Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Stealth Falcon

Score: 8.12
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BITTER

Score: 15.94
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 16.98
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT37

Score: 28.67
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Turla

Score: 53.93
Matched TTPs:
  • T1056.001 - Keylogging
  • T1014 - Rootkit
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Scattered Spider

Score: 20.38
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1666 - Modify Cloud Resource Hierarchy
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1619 - Cloud Storage Object Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 46.54
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
MITREへのリンク →

FIN4

Score: 11.33
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Inception

Score: 21.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 10.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Elderwood

Score: 9.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 25.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Transparent Tribe

Score: 7.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT28

Score: 45.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1552.005 - Cloud Instance Metadata API
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT18

Score: 5.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 35.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1580 - Cloud Infrastructure Discovery
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 24.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Saint Bear

Score: 15.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

TA505

Score: 30.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 20.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Threat Group-3390

Score: 33.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 6.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Storm-1811

Score: 12.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 36.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mofang

Score: 6.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 28.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
MITREへのリンク →

Whitefly

Score: 8.08
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 5.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 30.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1560 - Archive Collected Data
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1665 - Hide Infrastructure
MITREへのリンク →

Metador

Score: 7.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

Winnti Group

Score: 6.88
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 24.76
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 27.83
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1027.004 - Compile After Delivery
  • T1546.002 - Screensaver
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustard Tempest

Score: 9.05
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Indrik Spider

Score: 13.16
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Play

Score: 15.05
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 13.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Ke3chang

Score: 17.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gallmaker

Score: 7.50
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

WIRTE

Score: 9.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 5.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

CURIUM

Score: 6.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1497.002 - User Activity Based Checks
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

DarkHydrus

Score: 6.46
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 13.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

TA551

Score: 14.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 15.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PROMETHIUM

Score: 7.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Star Blizzard

Score: 4.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

TA459

Score: 5.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Nomadic Octopus

Score: 5.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 18.44
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 12.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 8.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 16.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

admin@338

Score: 4.46
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 9.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

IndigoZebra

Score: 3.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 5.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 14.34
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 13.44
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 37.57
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

DarkVishnya

Score: 3.58
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Aquatic Panda

Score: 18.87
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 8.15
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Agrius

Score: 9.72
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Evilnum

Score: 7.33
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT1

Score: 5.70
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

Velvet Ant

Score: 18.72
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 8.11
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 17.04
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT5

Score: 10.90
Matched TTPs:
  • T1684 - Social Engineering
  • T1219.001 - IDE Tunneling
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1070.009 - Clear Persistence
MITREへのリンク →

Moafee

Score: 3.03
Matched TTPs:
  • T1580 - Cloud Infrastructure Discovery
MITREへのリンク →

Akira

Score: 9.76
Matched TTPs:
  • T1580 - Cloud Infrastructure Discovery
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
MITREへのリンク →

FIN5

Score: 4.57
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

LAPSUS$

Score: 11.57
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1601 - Modify System Image
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

HAFNIUM

Score: 7.06
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Leafminer

Score: 5.78
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Deep Panda

Score: 5.06
Matched TTPs:
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.59
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Sea Turtle

Score: 8.63
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

INC Ransom

Score: 9.44
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Axiom

Score: 7.80
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.80
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1546.016 - Installer Packages
  • T1059.012 - Hypervisor CLI
  • T1050 - New Service
  • T1219.001 - IDE Tunneling
  • T1665 - Hide Infrastructure
  • T1069.001 - Local Groups
  • T1053.005 - Scheduled Task
  • T1597 - Search Closed Sources
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1176.001 - Browser Extensions
  • T1491.002 - External Defacement
  • T1132.001 - Standard Encoding
  • T1205 - Traffic Signaling
  • T1578.001 - Create Snapshot
  • T1216 - System Script Proxy Execution
  • T1598.003 - Spearphishing Link
  • T1558.005 - Ccache Files
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1055.005 - Thread Local Storage
  • T1497.002 - User Activity Based Checks
  • T1218.012 - Verclsid
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1089 - Disabling Security Tools
  • T1070.006 - Timestomp
  • T1174 - Password Filter DLL
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1059.011 - Lua
  • T1496.004 - Cloud Service Hijacking
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1027.004 - Compile After Delivery
  • T1213.006 - Databases
  • T1053.005 - Scheduled Task
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1087.002 - Domain Account
  • T1490 - Inhibit System Recovery
  • T1583.006 - Web Services
  • T1176.001 - Browser Extensions
  • T1205 - Traffic Signaling
  • T1053.007 - Container Orchestration Job
  • T1598.003 - Spearphishing Link
  • T1537 - Transfer Data to Cloud Account
  • T1684 - Social Engineering
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1601.001 - Patch System Image
  • T1497.002 - User Activity Based Checks
  • T1608 - Stage Capabilities
  • T1580 - Cloud Infrastructure Discovery
  • T1218.012 - Verclsid
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Gamaredon Group

Score: 0.66
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1059.011 - Lua
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1552.005 - Cloud Instance Metadata API
  • T1053.005 - Scheduled Task
  • T1542.004 - ROMMONkit
  • T1597 - Search Closed Sources
  • T1591.003 - Identify Business Tempo
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1205 - Traffic Signaling
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
  • T1562.009 - Safe Mode Boot
  • T1601.001 - Patch System Image
  • T1497.002 - User Activity Based Checks
  • T1608 - Stage Capabilities
  • T1200 - Hardware Additions
  • T1218.012 - Verclsid
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1059.013 - Container CLI/API
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT32

Score: 0.65
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1055.013 - Process Doppelgänging
  • T1059.012 - Hypervisor CLI
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1110.001 - Password Guessing
  • T1558 - Steal or Forge Kerberos Tickets
  • T1053.005 - Scheduled Task
  • T1027.007 - Dynamic API Resolution
  • T1027.014 - Polymorphic Code
  • T1087.002 - Domain Account
  • T1490 - Inhibit System Recovery
  • T1176.001 - Browser Extensions
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1070.009 - Clear Persistence
  • T1601.001 - Patch System Image
  • T1497.002 - User Activity Based Checks
  • T1218.012 - Verclsid
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1089 - Disabling Security Tools
  • T1484 - Domain or Tenant Policy Modification
  • T1174 - Password Filter DLL
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Turla

Score: 0.64
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1546.016 - Installer Packages
  • T1059.012 - Hypervisor CLI
  • T1056.001 - Keylogging
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1552.005 - Cloud Instance Metadata API
  • T1014 - Rootkit
  • T1027.004 - Compile After Delivery
  • T1597 - Search Closed Sources
  • T1490 - Inhibit System Recovery
  • T1583.006 - Web Services
  • T1578.001 - Create Snapshot
  • T1003.001 - LSASS Memory
  • T1684 - Social Engineering
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1601.001 - Patch System Image
  • T1497.002 - User Activity Based Checks
  • T1136.002 - Domain Account
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 0.60
Matched TTPs:
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1059.012 - Hypervisor CLI
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1138 - Application Shimming
  • T1053.005 - Scheduled Task
  • T1027.007 - Dynamic API Resolution
  • T1597 - Search Closed Sources
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1176.001 - Browser Extensions
  • T1583.006 - Web Services
  • T1216 - System Script Proxy Execution
  • T1598.003 - Spearphishing Link
  • T1537 - Transfer Data to Cloud Account
  • T1684 - Social Engineering
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1675 - ESXi Administration Command
  • T1218.012 - Verclsid
  • T1027.010 - Command Obfuscation
  • T1174 - Password Filter DLL
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1055.013 - Process Doppelgänging
  • T1059.011 - Lua
  • T1219.001 - IDE Tunneling
  • T1053.005 - Scheduled Task
  • T1102 - Web Service
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1169 - Sudo
  • T1136.001 - Local Account
  • T1003 - OS Credential Dumping
  • T1053.007 - Container Orchestration Job
  • T1598.003 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.005 - Thread Local Storage
  • T1497.002 - User Activity Based Checks
  • T1608 - Stage Capabilities
  • T1218.012 - Verclsid
  • T1159 - Launch Agent
  • T1027.010 - Command Obfuscation
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN7

Score: 0.59
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1055.013 - Process Doppelgänging
  • T1053.005 - Scheduled Task
  • T1027.007 - Dynamic API Resolution
  • T1087.002 - Domain Account
  • T1490 - Inhibit System Recovery
  • T1583.006 - Web Services
  • T1176.001 - Browser Extensions
  • T1205 - Traffic Signaling
  • T1578.001 - Create Snapshot
  • T1598.003 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1011.001 - Exfiltration Over Bluetooth
  • T1059.010 - AutoHotKey & AutoIT
  • T1573 - Encrypted Channel
  • T1206 - Sudo Caching
  • T1601.001 - Patch System Image
  • T1497.002 - User Activity Based Checks
  • T1564.002 - Hidden Users
  • T1218.012 - Verclsid
  • T1027.010 - Command Obfuscation
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る