Trusted Design

Powershell Downloaders

概要

While adware is usually considered annoying for users and relatively harmless to enterprise security, the adware campaigns we’ve seen since the beginning of 2016 behave more like advanced network threats. One particularly persistent adware attack piqued our interest around March. This attack leverages PowerShell, a Windows scripting language, to execute commands and remain persistent on the host machines. Along with creating hourly scheduled tasks, the adware also has the potential to download additional malicious code and direct the user to compromised websites.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT3

Score: 15.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 21.95
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 14.69
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Chimera

Score: 23.44
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1007 - System Service Discovery
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 21.04
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Daggerfly

Score: 14.11
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 35.41
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
MITREへのリンク →

TA2541

Score: 16.92
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.002 - Software Packing
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 9.94
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 35.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1195 - Supply Chain Compromise
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 27.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1562 - Impair Defenses
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1614.001 - System Language Discovery
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

HEXANE

Score: 16.41
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustang Panda

Score: 38.90
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1176.002 - IDE Extensions
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Magic Hound

Score: 31.48
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1562 - Impair Defenses
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 18.70
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1021.006 - Windows Remote Management
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

ToddyCat

Score: 6.78
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Blue Mockingbird

Score: 15.57
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
  • T1569.002 - Service Execution
MITREへのリンク →

Molerats

Score: 10.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.007 - Msiexec
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 25.47
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.009 - Cloud API
  • T1021.006 - Windows Remote Management
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1614.001 - System Language Discovery
  • T1556.009 - Conditional Access Policies
  • T1027.002 - Software Packing
MITREへのリンク →

APT29

Score: 38.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1059.009 - Cloud API
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT39

Score: 35.11
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.010 - AutoHotKey & AutoIT
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1197 - BITS Jobs
  • T1059.006 - Python
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 13.70
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1112 - Modify Registry
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 33.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1547.004 - Winlogon Helper DLL
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1197 - BITS Jobs
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Higaisa

Score: 11.08
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
MITREへのリンク →

APT41

Score: 25.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1197 - BITS Jobs
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Rancor

Score: 11.66
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 28.87
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
MITREへのリンク →

Ember Bear

Score: 17.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Machete

Score: 10.97
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
MITREへのリンク →

APT42

Score: 11.83
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1547 - Boot or Logon Autostart Execution
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
MITREへのリンク →

FIN10

Score: 6.41
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Naikon

Score: 6.81
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.004 - Masquerade Task or Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1078.002 - Domain Accounts
MITREへのリンク →

RedCurl

Score: 23.52
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1202 - Indirect Command Execution
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1056.002 - GUI Input Capture
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Moonstone Sleet

Score: 8.89
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT32

Score: 45.33
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1216.001 - PubPrn
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
MITREへのリンク →

Fox Kitten

Score: 12.29
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 11.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 30.68
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1195 - Supply Chain Compromise
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 34.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1543.003 - Windows Service
  • T1218.007 - Msiexec
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

menuPass

Score: 9.27
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT-C-36

Score: 6.35
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN6

Score: 16.91
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
MITREへのリンク →

LuminousMoth

Score: 14.29
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Lazarus Group

Score: 44.38
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

BRONZE BUTLER

Score: 29.33
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1007 - System Service Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

Winter Vivern

Score: 11.15
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 22.03
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MuddyWater

Score: 34.08
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.003 - CMSTP
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 30.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1112 - Modify Registry
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Kimsuky

Score: 49.14
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1176.001 - Browser Extensions
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Stealth Falcon

Score: 9.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
MITREへのリンク →

BITTER

Score: 7.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 12.44
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 21.64
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sea Turtle

Score: 10.70
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1564.011 - Ignore Process Interrupts
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Indrik Spider

Score: 21.17
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 10.01
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1543.003 - Windows Service
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Contagious Interview

Score: 28.01
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1583.006 - Web Services
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1543.001 - Launch Agent
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

Star Blizzard

Score: 3.88
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 50.60
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1615 - Group Policy Discovery
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 7.08
Matched TTPs:
  • T1583.008 - Malvertising
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 21.07
Matched TTPs:
  • T1587.001 - Malware
  • T1564.011 - Ignore Process Interrupts
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Play

Score: 14.32
Matched TTPs:
  • T1587.001 - Malware
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 6.49
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Moses Staff

Score: 3.72
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 21.41
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1614.001 - System Language Discovery
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

TeamTNT

Score: 22.07
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1059.009 - Cloud API
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tropic Trooper

Score: 22.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Medusa Group

Score: 34.56
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

DarkVishnya

Score: 3.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Aquatic Panda

Score: 21.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

APT19

Score: 16.52
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Threat Group-3390

Score: 29.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

PROMETHIUM

Score: 7.00
Matched TTPs:
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 7.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Cinnamon Tempest

Score: 9.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078.002 - Domain Accounts
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Poseidon Group

Score: 4.84
Matched TTPs:
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Volt Typhoon

Score: 26.41
Matched TTPs:
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

admin@338

Score: 4.97
Matched TTPs:
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT1

Score: 8.30
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

TA505

Score: 25.39
Matched TTPs:
  • T1218.007 - Msiexec
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 19.36
Matched TTPs:
  • T1218.007 - Msiexec
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 9.62
Matched TTPs:
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 13.28
Matched TTPs:
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
MITREへのリンク →

FIN5

Score: 4.57
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1070.004 - File Deletion
MITREへのリンク →

Whitefly

Score: 3.97
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

LAPSUS$

Score: 11.57
Matched TTPs:
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1531 - Account Access Removal
MITREへのリンク →

Metador

Score: 10.44
Matched TTPs:
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 13.82
Matched TTPs:
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 11.05
Matched TTPs:
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BackdoorDiplomacy

Score: 6.18
Matched TTPs:
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 14.95
Matched TTPs:
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1556.009 - Conditional Access Policies
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HAFNIUM

Score: 17.67
Matched TTPs:
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
MITREへのリンク →

Axiom

Score: 20.49
Matched TTPs:
  • T1584.005 - Botnet
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1563.002 - RDP Hijacking
  • T1001.002 - Steganography
MITREへのリンク →

Sidewinder

Score: 15.34
Matched TTPs:
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 16.29
Matched TTPs:
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
MITREへのリンク →

TA551

Score: 12.90
Matched TTPs:
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SideCopy

Score: 7.27
Matched TTPs:
  • T1218.005 - Mshta
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 36.35
Matched TTPs:
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1546.015 - Component Object Model Hijacking
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Windshift

Score: 10.60
Matched TTPs:
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Deep Panda

Score: 5.06
Matched TTPs:
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 7.71
Matched TTPs:
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT5

Score: 6.94
Matched TTPs:
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
MITREへのリンク →

Rocke

Score: 14.93
Matched TTPs:
  • T1057 - Process Discovery
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Leviathan

Score: 22.33
Matched TTPs:
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 7.76
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-1811

Score: 4.59
Matched TTPs:
  • T1059.001 - PowerShell
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Akira

Score: 6.73
Matched TTPs:
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
MITREへのリンク →

TA459

Score: 3.70
Matched TTPs:
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

Tonto Team

Score: 5.41
Matched TTPs:
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 3.00
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Dark Caracal

Score: 7.17
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

APT18

Score: 9.35
Matched TTPs:
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

FIN4

Score: 6.72
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1071.001 - Web Protocols
  • T1059.005 - Visual Basic
MITREへのリンク →

Leafminer

Score: 4.48
Matched TTPs:
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

INC Ransom

Score: 8.16
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 4.93
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Transparent Tribe

Score: 7.33
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Elderwood

Score: 6.09
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Malteiro

Score: 5.02
Matched TTPs:
  • T1614.001 - System Language Discovery
  • T1059.005 - Visual Basic
MITREへのリンク →

Threat Group-1314

Score: 3.24
Matched TTPs:
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

PLATINUM

Score: 7.08
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Turla

Score: 0.80
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1615 - Group Policy Discovery
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1012 - Query Registry
  • T1562.001 - Disable or Modify Tools
  • T1588.001 - Malware
  • T1189 - Drive-by Compromise
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1547.004 - Winlogon Helper DLL
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1584.004 - Server
  • T1027.010 - Command Obfuscation
  • T1059.006 - Python
  • T1071.001 - Web Protocols
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1105 - Ingress Tool Transfer
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1546.013 - PowerShell Profile
  • T1057 - Process Discovery
MITREへのリンク →

Kimsuky

Score: 0.75
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1012 - Query Registry
  • T1562.001 - Disable or Modify Tools
  • T1176.001 - Browser Extensions
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1583 - Acquire Infrastructure
  • T1053.005 - Scheduled Task
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1059.006 - Python
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1036.004 - Masquerade Task or Service
  • T1027.002 - Software Packing
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

APT32

Score: 0.73
Matched TTPs:
  • T1588.002 - Tool
  • T1112 - Modify Registry
  • T1564.001 - Hidden Files and Directories
  • T1012 - Query Registry
  • T1216.001 - PubPrn
  • T1189 - Drive-by Compromise
  • T1059 - Command and Scripting Interpreter
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1036.003 - Rename Legitimate Utilities
  • T1053.005 - Scheduled Task
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1218.005 - Mshta
  • T1569.002 - Service Execution
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Lazarus Group

Score: 0.68
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1564.001 - Hidden Files and Directories
  • T1012 - Query Registry
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1036.003 - Rename Legitimate Utilities
  • T1202 - Indirect Command Execution
  • T1584.004 - Server
  • T1053.005 - Scheduled Task
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

APT29

Score: 0.61
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1053.005 - Scheduled Task
  • T1583.006 - Web Services
  • T1027.002 - Software Packing
  • T1059.001 - PowerShell
  • T1651 - Cloud Administration Command
  • T1059.009 - Cloud API
  • T1105 - Ingress Tool Transfer
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1218.005 - Mshta
  • T1553.005 - Mark-of-the-Web Bypass
  • T1059.006 - Python
  • T1090.004 - Domain Fronting
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

FIN7

Score: 0.60
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1674 - Input Injection
  • T1564.001 - Hidden Files and Directories
  • T1059 - Command and Scripting Interpreter
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1543.003 - Windows Service
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1053.005 - Scheduled Task
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1036.004 - Masquerade Task or Service
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1564.001 - Hidden Files and Directories
  • T1059 - Command and Scripting Interpreter
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1678 - Delay Execution
  • T1053.005 - Scheduled Task
  • T1176.002 - IDE Extensions
  • T1071.001 - Web Protocols
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1105 - Ingress Tool Transfer
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
MITREへのリンク →

APT28

Score: 0.59
Matched TTPs:
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1211 - Exploitation for Defense Evasion
  • T1546.015 - Component Object Model Hijacking
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1669 - Wi-Fi Networks
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1071.001 - Web Protocols
  • T1057 - Process Discovery
  • T1189 - Drive-by Compromise
  • T1550.001 - Application Access Token
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1053.005 - Scheduled Task
  • T1584.005 - Botnet
  • T1102.002 - Bidirectional Communication
  • T1078.002 - Domain Accounts
  • T1584.004 - Server
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1059.005 - Visual Basic
  • T1195 - Supply Chain Compromise
  • T1499 - Endpoint Denial of Service
  • T1071.001 - Web Protocols
  • T1583 - Acquire Infrastructure
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Medusa Group

Score: 0.58
Matched TTPs:
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1583.006 - Web Services
  • T1608.002 - Upload Tool
  • T1027.002 - Software Packing
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
  • T1218.014 - MMC
  • T1562.001 - Disable or Modify Tools
  • T1650 - Acquire Access
  • T1071.001 - Web Protocols
  • T1057 - Process Discovery
  • T1569.002 - Service Execution
  • T1105 - Ingress Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Wizard Spider

Score: 0.57
Matched TTPs:
  • T1588.002 - Tool
  • T1036.004 - Masquerade Task or Service
  • T1053.005 - Scheduled Task
  • T1078.002 - Domain Accounts
  • T1059.003 - Windows Command Shell
  • T1547.004 - Winlogon Helper DLL
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1197 - BITS Jobs
  • T1027.010 - Command Obfuscation
  • T1562.001 - Disable or Modify Tools
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1021.006 - Windows Remote Management
  • T1105 - Ingress Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

APT39

Score: 0.57
Matched TTPs:
  • T1588.002 - Tool
  • T1053.005 - Scheduled Task
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1059.001 - PowerShell
  • T1197 - BITS Jobs
  • T1012 - Query Registry
  • T1546.010 - AppInit DLLs
  • T1059.005 - Visual Basic
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.006 - Python
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1059 - Command and Scripting Interpreter
  • T1105 - Ingress Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

APT38

Score: 0.55
Matched TTPs:
  • T1588.002 - Tool
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1059.003 - Windows Command Shell
  • T1543.003 - Windows Service
  • T1036.003 - Rename Legitimate Utilities
  • T1053.005 - Scheduled Task
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1027.002 - Software Packing
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1218.005 - Mshta
  • T1553.005 - Mark-of-the-Web Bypass
  • T1057 - Process Discovery
  • T1569.002 - Service Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る