Trusted Design

Powershell Downloaders

概要

While adware is usually considered annoying for users and relatively harmless to enterprise security, the adware campaigns we’ve seen since the beginning of 2016 behave more like advanced network threats. One particularly persistent adware attack piqued our interest around March. This attack leverages PowerShell, a Windows scripting language, to execute commands and remain persistent on the host machines. Along with creating hourly scheduled tasks, the adware also has the potential to download additional malicious code and direct the user to compromised websites.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT3

Score: 15.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 21.95
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1518.002 - Backup Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 14.69
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Chimera

Score: 23.44
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1003.007 - Proc Filesystem
  • T1155 - AppleScript
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 21.04
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 14.11
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 35.41
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA2541

Score: 16.92
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 9.94
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 35.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1005 - Data from Local System
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 27.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1070.003 - Clear Command History
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 16.41
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustang Panda

Score: 38.90
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1136.001 - Local Account
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 31.48
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1070.003 - Clear Command History
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 18.70
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1155 - AppleScript
  • T1588.001 - Malware
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ToddyCat

Score: 6.78
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
MITREへのリンク →

Blue Mockingbird

Score: 15.57
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Molerats

Score: 10.21
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1685.002 - Disable or Modify Cloud Log
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 25.47
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1560 - Archive Collected Data
  • T1155 - AppleScript
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1102.002 - Bidirectional Communication
  • T1090.004 - Domain Fronting
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT29

Score: 38.17
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1560 - Archive Collected Data
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 35.11
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1499.002 - Service Exhaustion Flood
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1001.003 - Protocol or Service Impersonation
  • T1027.004 - Compile After Delivery
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN8

Score: 13.70
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.009 - Cloud API
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 33.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1001.003 - Protocol or Service Impersonation
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Higaisa

Score: 11.08
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT41

Score: 25.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1001.003 - Protocol or Service Impersonation
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Rancor

Score: 11.66
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1685.002 - Disable or Modify Cloud Log
  • T1204 - User Execution
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 28.87
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
MITREへのリンク →

Ember Bear

Score: 17.86
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1033 - System Owner/User Discovery
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Machete

Score: 10.97
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT42

Score: 11.83
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1110.002 - Password Cracking
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
MITREへのリンク →

FIN10

Score: 6.41
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Naikon

Score: 6.81
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1588.001 - Malware
  • T1679 - Selective Exclusion
  • T1166 - Setuid and Setgid
MITREへのリンク →

RedCurl

Score: 23.52
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1558.005 - Ccache Files
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1574.010 - Services File Permissions Weakness
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moonstone Sleet

Score: 8.89
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1679 - Selective Exclusion
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT32

Score: 45.33
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1110.001 - Password Guessing
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Fox Kitten

Score: 12.29
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1497.002 - User Activity Based Checks
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 11.77
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 30.68
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 34.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1176.001 - Browser Extensions
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

menuPass

Score: 9.27
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT-C-36

Score: 6.35
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN6

Score: 16.91
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LuminousMoth

Score: 14.29
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lazarus Group

Score: 44.38
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1558.005 - Ccache Files
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 29.33
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1003.007 - Proc Filesystem
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Winter Vivern

Score: 11.15
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 22.03
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MuddyWater

Score: 34.08
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1518.002 - Backup Software Discovery
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 30.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Kimsuky

Score: 49.14
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Stealth Falcon

Score: 9.31
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BITTER

Score: 7.63
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 12.44
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 21.64
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sea Turtle

Score: 10.70
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1218 - System Binary Proxy Execution
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Indrik Spider

Score: 21.17
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 10.01
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1176.001 - Browser Extensions
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
MITREへのリンク →

Contagious Interview

Score: 28.01
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1608.005 - Link Target
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
MITREへのリンク →

Star Blizzard

Score: 3.88
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 50.60
Matched TTPs:
  • T1014 - Rootkit
  • T1561 - Disk Wipe
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 7.08
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 21.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218 - System Binary Proxy Execution
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Play

Score: 14.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 6.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Moses Staff

Score: 3.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 21.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TeamTNT

Score: 22.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1560 - Archive Collected Data
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tropic Trooper

Score: 22.74
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 34.56
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

DarkVishnya

Score: 3.58
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Aquatic Panda

Score: 21.55
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT19

Score: 16.52
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Threat Group-3390

Score: 29.88
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

PROMETHIUM

Score: 7.00
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
  • T1679 - Selective Exclusion
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Carbanak

Score: 7.28
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Cinnamon Tempest

Score: 9.94
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Poseidon Group

Score: 4.84
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Volt Typhoon

Score: 26.41
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

admin@338

Score: 4.97
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

APT1

Score: 8.30
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

TA505

Score: 25.39
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 19.36
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 9.62
Matched TTPs:
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 13.28
Matched TTPs:
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN5

Score: 4.57
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

Whitefly

Score: 3.97
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

LAPSUS$

Score: 11.57
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1601 - Modify System Image
MITREへのリンク →

Metador

Score: 10.44
Matched TTPs:
  • T1136.002 - Domain Account
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 13.82
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 11.05
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BackdoorDiplomacy

Score: 6.18
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 14.95
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1090.004 - Domain Fronting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 17.67
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Axiom

Score: 20.49
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1189 - Drive-by Compromise
  • T1160 - Launch Daemon
MITREへのリンク →

Sidewinder

Score: 15.34
Matched TTPs:
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 16.29
Matched TTPs:
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
MITREへのリンク →

TA551

Score: 12.90
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 7.27
Matched TTPs:
  • T1218.012 - Verclsid
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 36.35
Matched TTPs:
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1548.004 - Elevated Execution with Prompt
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

IndigoZebra

Score: 3.64
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Windshift

Score: 10.60
Matched TTPs:
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Deep Panda

Score: 5.06
Matched TTPs:
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Darkhotel

Score: 7.71
Matched TTPs:
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 6.94
Matched TTPs:
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
MITREへのリンク →

Rocke

Score: 14.93
Matched TTPs:
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leviathan

Score: 22.33
Matched TTPs:
  • T1204 - User Execution
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 7.76
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 4.59
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1679 - Selective Exclusion
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Akira

Score: 6.73
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
MITREへのリンク →

TA459

Score: 3.70
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Tonto Team

Score: 5.41
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Putter Panda

Score: 3.00
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
MITREへのリンク →

Dark Caracal

Score: 7.17
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT18

Score: 9.35
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

FIN4

Score: 6.72
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
  • T1556.005 - Reversible Encryption
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Leafminer

Score: 4.48
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

INC Ransom

Score: 8.16
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 8.33
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 4.93
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Transparent Tribe

Score: 7.33
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Elderwood

Score: 6.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 5.02
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Threat Group-1314

Score: 3.24
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1591.004 - Identify Roles
MITREへのリンク →

PLATINUM

Score: 7.08
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Turla

Score: 0.80
Matched TTPs:
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1497.002 - User Activity Based Checks
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1027.004 - Compile After Delivery
  • T1204 - User Execution
  • T1027.010 - Command Obfuscation
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1601.001 - Patch System Image
  • T1561 - Disk Wipe
  • T1014 - Rootkit
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1003.001 - LSASS Memory
  • T1606.002 - SAML Tokens
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Kimsuky

Score: 0.75
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1213.006 - Databases
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1497.002 - User Activity Based Checks
  • T1588.001 - Malware
  • T1059.009 - Cloud API
  • T1537 - Transfer Data to Cloud Account
  • T1570 - Lateral Tool Transfer
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1003.007 - Proc Filesystem
  • T1601.001 - Patch System Image
  • T1176.001 - Browser Extensions
  • T1033 - System Owner/User Discovery
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 0.73
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1105 - Ingress Tool Transfer
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1679 - Selective Exclusion
  • T1497.002 - User Activity Based Checks
  • T1588.001 - Malware
  • T1059.009 - Cloud API
  • T1027.007 - Dynamic API Resolution
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1027.010 - Command Obfuscation
  • T1055.013 - Process Doppelgänging
  • T1174 - Password Filter DLL
  • T1601.001 - Patch System Image
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
  • T1070.009 - Clear Persistence
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1110.001 - Password Guessing
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 0.68
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1105 - Ingress Tool Transfer
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1679 - Selective Exclusion
  • T1547.002 - Authentication Package
  • T1497.002 - User Activity Based Checks
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1558.005 - Ccache Files
  • T1570 - Lateral Tool Transfer
  • T1218.012 - Verclsid
  • T1027.010 - Command Obfuscation
  • T1174 - Password Filter DLL
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 0.61
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.004 - Compile After Delivery
  • T1555.004 - Windows Credential Manager
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1218.009 - Regsvcs/Regasm
  • T1608.005 - Link Target
  • T1679 - Selective Exclusion
  • T1138 - Application Shimming
  • T1560 - Archive Collected Data
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 0.60
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1105 - Ingress Tool Transfer
  • T1011.001 - Exfiltration Over Bluetooth
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1679 - Selective Exclusion
  • T1497.002 - User Activity Based Checks
  • T1588.001 - Malware
  • T1027.007 - Dynamic API Resolution
  • T1218.012 - Verclsid
  • T1027.010 - Command Obfuscation
  • T1055.013 - Process Doppelgänging
  • T1601.001 - Patch System Image
  • T1176.001 - Browser Extensions
  • T1606.002 - SAML Tokens
  • T1591.004 - Identify Roles
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1105 - Ingress Tool Transfer
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1679 - Selective Exclusion
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1169 - Sudo
  • T1218.012 - Verclsid
  • T1136.001 - Local Account
  • T1204 - User Execution
  • T1027.010 - Command Obfuscation
  • T1055.013 - Process Doppelgänging
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1159 - Launch Agent
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 0.59
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1548.004 - Elevated Execution with Prompt
  • T1105 - Ingress Tool Transfer
  • T1070.009 - Clear Persistence
  • T1546.007 - Netsh Helper DLL
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1679 - Selective Exclusion
  • T1556.005 - Reversible Encryption
  • T1497.002 - User Activity Based Checks
  • T1566.003 - Spearphishing via Service
  • T1059.012 - Hypervisor CLI
  • T1055.008 - Ptrace System Calls
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1546.016 - Installer Packages
  • T1218.010 - Regsvr32
  • T1005 - Data from Local System
  • T1049 - System Network Connections Discovery
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1166 - Setuid and Setgid
  • T1075 - Pass the Hash
  • T1556.005 - Reversible Encryption
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1497.002 - User Activity Based Checks
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Medusa Group

Score: 0.58
Matched TTPs:
  • T1218.003 - CMSTP
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
  • T1070.009 - Clear Persistence
  • T1583.006 - Web Services
  • T1608.005 - Link Target
  • T1094 - Custom Command and Control Protocol
  • T1591.004 - Identify Roles
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1497.002 - User Activity Based Checks
  • T1598 - Phishing for Information
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 0.57
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1027.007 - Dynamic API Resolution
  • T1003.001 - LSASS Memory
  • T1070.009 - Clear Persistence
  • T1166 - Setuid and Setgid
  • T1155 - AppleScript
  • T1591.004 - Identify Roles
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1679 - Selective Exclusion
  • T1001.003 - Protocol or Service Impersonation
  • T1497.002 - User Activity Based Checks
  • T1601.001 - Patch System Image
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
  • T1556.005 - Reversible Encryption
  • T1059.009 - Cloud API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 0.57
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1499.002 - Service Exhaustion Flood
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
  • T1070.009 - Clear Persistence
  • T1027.010 - Command Obfuscation
  • T1055.013 - Process Doppelgänging
  • T1570 - Lateral Tool Transfer
  • T1564.007 - VBA Stomping
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1679 - Selective Exclusion
  • T1001.003 - Protocol or Service Impersonation
  • T1497.002 - User Activity Based Checks
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 0.55
Matched TTPs:
  • T1053.005 - Scheduled Task
  • T1685.002 - Disable or Modify Cloud Log
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1497.002 - User Activity Based Checks
  • T1059.009 - Cloud API
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
  • T1218.012 - Verclsid
  • T1027.010 - Command Obfuscation
  • T1174 - Password Filter DLL
  • T1138 - Application Shimming
  • T1176.001 - Browser Extensions
  • T1059.012 - Hypervisor CLI
  • T1070.009 - Clear Persistence
  • T1591.004 - Identify Roles
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る