Trusted Design

Taiwan targeted with new cyberespionage backdoor Trojan

概要

In late August 2015, Symantec identified a previously unknown back door Trojan (Backdoor.Dripion) infecting organizations primarily located in Taiwan, as well as Brazil and the United States. Dripion is custom-built, designed to steal information, and has been used sparingly in a limited number of targeted attacks. The attackers behind this campaign went to some lengths to disguise their activities, including using domains names disguised as antivirus (AV) company websites for their command and control (C&C) servers. These attacks have some links to earlier attacks by a group called Budminer involving the Taidoor Trojan (Trojan.Taidoor). The threat posed by custom malware such as Dripion illustrates the value of multilayered security. Unknown threats may evade signature-based detection, but can be blocked by other detection tools which identify malicious behavior.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 45.64
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1578.001 - Create Snapshot
MITREへのリンク →

Contagious Interview

Score: 30.79
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 21.52
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 61.96
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT41

Score: 27.69
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 7.10
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 15.15
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Silent Librarian

Score: 8.11
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

Kimsuky

Score: 61.24
Matched TTPs:
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1683.001 - Written Content
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1053.002 - At
MITREへのリンク →

EXOTIC LILY

Score: 13.60
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 15.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moonstone Sleet

Score: 19.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 11.35
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
  • T1597 - Search Closed Sources
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 41.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1677 - Poisoned Pipeline Execution
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 25.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 21.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 10.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 32.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1546.018 - Python Startup Hooks
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 11.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 13.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1122 - Component Object Model Hijacking
  • T1542.004 - ROMMONkit
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 27.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Ke3chang

Score: 11.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 32.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 12.25
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 33.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

BlackTech

Score: 9.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 21.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 7.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 14.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Elderwood

Score: 6.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 4.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 10.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Evilnum

Score: 3.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 12.23
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 26.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT3

Score: 8.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 9.56
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

Leviathan

Score: 16.80
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1554 - Compromise Host Software Binary
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 13.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 22.98
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Molerats

Score: 3.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 45.51
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

Windshift

Score: 18.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1078 - Valid Accounts
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 13.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 18.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 21.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 12.92
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 19.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.001 - Malware
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 15.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 12.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 13.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 14.05
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

APT39

Score: 10.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Scattered Spider

Score: 12.38
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 39.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 10.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 14.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 23.56
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 22.85
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 8.94
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

Velvet Ant

Score: 14.11
Matched TTPs:
  • T1583.005 - Botnet
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackByte

Score: 18.29
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gamaredon Group

Score: 29.22
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Threat Group-3390

Score: 22.80
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
MITREへのリンク →

SideCopy

Score: 10.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1053.002 - At
MITREへのリンク →

BITTER

Score: 12.33
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 10.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 8.64
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Rocke

Score: 16.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1114.003 - Email Forwarding Rule
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 7.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 10.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 29.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 14.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Storm-0501

Score: 7.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Fox Kitten

Score: 7.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 5.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 5.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
MITREへのリンク →

menuPass

Score: 12.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 5.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 4.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

GALLIUM

Score: 3.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 19.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volatile Cedar

Score: 6.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 13.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Axiom

Score: 16.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

IndigoZebra

Score: 5.16
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedEcho

Score: 4.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT38

Score: 12.36
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BRONZE BUTLER

Score: 24.37
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

PLATINUM

Score: 4.73
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

LAPSUS$

Score: 9.90
Matched TTPs:
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 9.88
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 10.34
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1589.003 - Employee Names
MITREへのリンク →

Carbanak

Score: 5.34
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT-C-36

Score: 3.72
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN6

Score: 12.41
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Naikon

Score: 3.99
Matched TTPs:
  • T1588.001 - Malware
  • T1506 - Web Session Cookie
MITREへのリンク →

PROMETHIUM

Score: 3.86
Matched TTPs:
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Higaisa

Score: 6.18
Matched TTPs:
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Gorgon Group

Score: 7.56
Matched TTPs:
  • T1114.003 - Email Forwarding Rule
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 4.42
Matched TTPs:
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 4.32
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
MITREへのリンク →

POLONIUM

Score: 8.01
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Inception

Score: 5.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Silence

Score: 4.02
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Chimera

Score: 9.65
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

APT37

Score: 10.57
Matched TTPs:
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 13.28
Matched TTPs:
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 9.66
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 5.98
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

Darkhotel

Score: 8.53
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.84
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1543.003 - Windows Service
  • T1114 - Email Collection
  • T1199 - Trusted Relationship
  • T1102.003 - One-Way Communication
  • T1546.016 - Installer Packages
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1187 - Forced Authentication
  • T1027.018 - Invisible Unicode
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.005 - Botnet
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1049 - System Network Connections Discovery
  • T1606.002 - SAML Tokens
  • T1122 - Component Object Model Hijacking
  • T1075 - Pass the Hash
  • T1564.008 - Email Hiding Rules
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1573 - Encrypted Channel
MITREへのリンク →

Kimsuky

Score: 0.80
Matched TTPs:
  • T1543.003 - Windows Service
  • T1114 - Email Collection
  • T1526 - Cloud Service Discovery
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1102.003 - One-Way Communication
  • T1683.001 - Written Content
  • T1098.007 - Additional Local or Domain Groups
  • T1003.003 - NTDS
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1583.005 - Botnet
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1606.002 - SAML Tokens
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1588.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

Volt Typhoon

Score: 0.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1114 - Email Collection
  • T1057 - Process Discovery
  • T1148 - HISTCONTROL
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1553.002 - Code Signing
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Magic Hound

Score: 0.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1098.007 - Additional Local or Domain Groups
  • T1187 - Forced Authentication
  • T1027.018 - Invisible Unicode
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.002 - Create Cloud Instance
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1683 - Generate Content
  • T1547.008 - LSASS Driver
  • T1597 - Search Closed Sources
  • T1588.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1053.002 - At
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1543.003 - Windows Service
  • T1057 - Process Discovery
  • T1547.008 - LSASS Driver
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1677 - Poisoned Pipeline Execution
  • T1578.001 - Create Snapshot
  • T1546.016 - Installer Packages
  • T1588.001 - Malware
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1098.007 - Additional Local or Domain Groups
  • T1606.001 - Web Cookies
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 0.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1558 - Steal or Forge Kerberos Tickets
  • T1057 - Process Discovery
  • T1583.005 - Botnet
  • T1566.003 - Spearphishing via Service
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1542.004 - ROMMONkit
  • T1146 - Clear Command History
  • T1098.007 - Additional Local or Domain Groups
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN7

Score: 0.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1547.002 - Authentication Package
  • T1027.007 - Dynamic API Resolution
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1011.001 - Exfiltration Over Bluetooth
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1588.001 - Malware
  • T1606.002 - SAML Tokens
  • T1098.007 - Additional Local or Domain Groups
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る