Trusted Design

MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks

概要

Crooks behind MajikPOS have various tricks up their sleeves. Apart from infecting systems with it, we also spotted instances where common lateral movement tools were detected around the same time they were actively compromising the endpoint with MajikPOS. These tools include: HKTL_MIMIKATZ, HKTL_FGDUMP, and HKTL_VNCPASSVIEW. We surmise that the bad guys attempted to gain further access within the victim’s network. In separate isolated incidents, we also noticed the deployment of MajikPOS via PsExec, a command-line tool that can be used to remotely execute processes on other systems. This may indicate that valid, administrative level credentials were used against the host. The attackers also tend to deploy what works or what's convenient, as we’ve also seen them attempt to infect the target host with other PoS malware such as PwnPOS (TSPY_PWNPOS.SMA), and BlackPOS (TSPY_POCARDL.AI).

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 40.42
Matched TTPs:
  • T1021.005 - VNC
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 37.60
Matched TTPs:
  • T1021.005 - VNC
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

GCMAN

Score: 3.62
Matched TTPs:
  • T1021.005 - VNC
MITREへのリンク →

Fox Kitten

Score: 25.04
Matched TTPs:
  • T1021.005 - VNC
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1055.013 - Process Doppelgänging
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ember Bear

Score: 33.68
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1027.016 - Junk Code Insertion
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT39

Score: 24.42
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Mustang Panda

Score: 39.56
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1546.005 - Trap
  • T1136.001 - Local Account
  • T1055.013 - Process Doppelgänging
  • T1569.001 - Launchctl
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Tonto Team

Score: 8.40
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 36.26
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackByte

Score: 28.93
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 51.17
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1499.001 - OS Exhaustion Flood
  • T1685.001 - Disable or Modify Windows Event Log
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-0501

Score: 22.45
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.015 - Electron Applications
  • T1155 - AppleScript
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Axiom

Score: 21.33
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 23.22
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.005 - Trap
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 33.59
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1584.008 - Network Devices
  • T1536 - Revert Cloud Instance
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Rocke

Score: 10.41
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 24.85
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1071.003 - Mail Protocols
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 30.10
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.005 - Trap
  • T1585.002 - Email Accounts
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1578.001 - Create Snapshot
MITREへのリンク →

Turla

Score: 49.07
Matched TTPs:
  • T1014 - Rootkit
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 46.76
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1567 - Exfiltration Over Web Service
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1584.002 - DNS Server
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

ZIRCONIUM

Score: 12.98
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Daggerfly

Score: 8.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 17.25
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 34.96
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1555.004 - Windows Credential Manager
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN13

Score: 32.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1536 - Revert Cloud Instance
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1155 - AppleScript
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 28.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1536 - Revert Cloud Instance
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ke3chang

Score: 28.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Agrius

Score: 17.71
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1546.005 - Trap
  • T1027.016 - Junk Code Insertion
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
MITREへのリンク →

APT5

Score: 14.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1536 - Revert Cloud Instance
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1622 - Debugger Evasion
MITREへのリンク →

menuPass

Score: 27.54
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Threat Group-3390

Score: 31.62
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1546.005 - Trap
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 42.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1546.005 - Trap
  • T1567.001 - Exfiltration to Code Repository
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

OilRig

Score: 52.35
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 27.88
Matched TTPs:
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 7.90
Matched TTPs:
  • T1178 - SID-History Injection
  • T1546.005 - Trap
  • T1027.016 - Junk Code Insertion
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 19.55
Matched TTPs:
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1546.005 - Trap
  • T1027.016 - Junk Code Insertion
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Kimsuky

Score: 46.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1536 - Revert Cloud Instance
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1570 - Lateral Tool Transfer
  • T1565.002 - Transmitted Data Manipulation
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Moonstone Sleet

Score: 13.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1546.005 - Trap
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 16.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 48.22
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 19.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1565.002 - Transmitted Data Manipulation
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

LuminousMoth

Score: 7.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 35.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Salt Typhoon

Score: 7.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 16.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 9.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 19.09
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1558.005 - Ccache Files
  • T1546.005 - Trap
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
MITREへのリンク →

Cleaver

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
MITREへのリンク →

Moses Staff

Score: 7.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Elderwood

Score: 3.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 6.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 3.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

CURIUM

Score: 5.90
Matched TTPs:
  • T1087.002 - Domain Account
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 12.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Dark Caracal

Score: 3.31
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

PLATINUM

Score: 7.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1546.005 - Trap
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 6.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 13.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN8

Score: 15.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1027.017 - SVG Smuggling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

BITTER

Score: 9.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 17.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

LazyScripter

Score: 5.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PROMETHIUM

Score: 3.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA505

Score: 9.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 5.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Higaisa

Score: 10.89
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Magic Hound

Score: 23.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1536 - Revert Cloud Instance
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN4

Score: 6.35
Matched TTPs:
  • T1087.002 - Domain Account
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

Cobalt Group

Score: 17.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-1811

Score: 15.79
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1032 - Standard Cryptographic Protocol
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 7.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 4.09
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 10.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 17.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.005 - Trap
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 10.54
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Whitefly

Score: 6.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.005 - Trap
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Nomadic Octopus

Score: 3.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 7.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 10.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

TA2541

Score: 8.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 20.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

SideCopy

Score: 7.67
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1584.002 - DNS Server
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 4.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 22.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 20.89
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Molerats

Score: 4.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

admin@338

Score: 4.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 15.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

The White Company

Score: 4.87
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Silence

Score: 13.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sidewinder

Score: 7.17
Matched TTPs:
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Confucius

Score: 3.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 11.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cinnamon Tempest

Score: 11.46
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 7.14
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 43.02
Matched TTPs:
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Aquatic Panda

Score: 16.67
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1032 - Standard Cryptographic Protocol
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Chimera

Score: 35.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1032 - Standard Cryptographic Protocol
  • T1155 - AppleScript
  • T1027.016 - Junk Code Insertion
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT1

Score: 8.01
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

Velvet Ant

Score: 23.59
Matched TTPs:
  • T1583.005 - Botnet
  • T1684 - Social Engineering
  • T1032 - Standard Cryptographic Protocol
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 6.48
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
MITREへのリンク →

Winter Vivern

Score: 12.88
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548 - Abuse Elevation Control Mechanism
  • T1055.013 - Process Doppelgänging
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT3

Score: 15.14
Matched TTPs:
  • T1536 - Revert Cloud Instance
  • T1032 - Standard Cryptographic Protocol
  • T1546.005 - Trap
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT42

Score: 8.27
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

BackdoorDiplomacy

Score: 3.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
MITREへのリンク →

Sea Turtle

Score: 7.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

ToddyCat

Score: 7.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1583.006 - Web Services
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 18.88
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

INC Ransom

Score: 15.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HAFNIUM

Score: 16.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.005 - Trap
  • T1027.016 - Junk Code Insertion
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Carbanak

Score: 4.87
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Akira

Score: 11.59
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1622 - Debugger Evasion
MITREへのリンク →

Deep Panda

Score: 9.35
Matched TTPs:
  • T1032 - Standard Cryptographic Protocol
  • T1583.006 - Web Services
  • T1059.004 - Unix Shell
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Lotus Blossom

Score: 7.84
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 28.70
Matched TTPs:
  • T1218.015 - Electron Applications
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1557.002 - ARP Cache Poisoning
  • T1565.002 - Transmitted Data Manipulation
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Silent Librarian

Score: 5.02
Matched TTPs:
  • T1027.016 - Junk Code Insertion
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Stealth Falcon

Score: 9.72
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

FIN5

Score: 4.61
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

LAPSUS$

Score: 24.26
Matched TTPs:
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1557.002 - ARP Cache Poisoning
  • T1132.002 - Non-Standard Encoding
  • T1548.006 - TCC Manipulation
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN10

Score: 8.82
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.81
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1622 - Debugger Evasion
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1199 - Trusted Relationship
  • T1562.009 - Safe Mode Boot
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1087.002 - Domain Account
  • T1157 - Dylib Hijacking
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.008 - LSASS Driver
  • T1556.009 - Conditional Access Policies
  • T1178 - SID-History Injection
  • T1558 - Steal or Forge Kerberos Tickets
  • T1055.013 - Process Doppelgänging
  • T1546.005 - Trap
  • T1606.002 - SAML Tokens
  • T1552.005 - Cloud Instance Metadata API
MITREへのリンク →

APT28

Score: 0.80
Matched TTPs:
  • T1546.007 - Netsh Helper DLL
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1597.002 - Purchase Technical Data
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1087.002 - Domain Account
  • T1157 - Dylib Hijacking
  • T1059.010 - AutoHotKey & AutoIT
  • T1685.001 - Disable or Modify Windows Event Log
  • T1032 - Standard Cryptographic Protocol
  • T1499.001 - OS Exhaustion Flood
  • T1558 - Steal or Forge Kerberos Tickets
  • T1566.003 - Spearphishing via Service
  • T1027.016 - Junk Code Insertion
  • T1546.005 - Trap
  • T1583.005 - Botnet
  • T1552.005 - Cloud Instance Metadata API
MITREへのリンク →

Turla

Score: 0.80
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1490 - Inhibit System Recovery
  • T1059.009 - Cloud API
  • T1684 - Social Engineering
  • T1570 - Lateral Tool Transfer
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1578.001 - Create Snapshot
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1014 - Rootkit
  • T1556.009 - Conditional Access Policies
  • T1569.002 - Service Execution
  • T1606.002 - SAML Tokens
  • T1552.005 - Cloud Instance Metadata API
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1490 - Inhibit System Recovery
  • T1622 - Debugger Evasion
  • T1536 - Revert Cloud Instance
  • T1059.009 - Cloud API
  • T1684 - Social Engineering
  • T1570 - Lateral Tool Transfer
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1132.002 - Non-Standard Encoding
  • T1565.002 - Transmitted Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1546.005 - Trap
  • T1583.005 - Botnet
  • T1055.014 - VDSO Hijacking
  • T1606.002 - SAML Tokens
MITREへのリンク →

Volt Typhoon

Score: 0.76
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1567 - Exfiltration Over Web Service
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1049 - System Network Connections Discovery
  • T1562.009 - Safe Mode Boot
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.001 - Create Snapshot
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1157 - Dylib Hijacking
  • T1059.010 - AutoHotKey & AutoIT
  • T1685.001 - Disable or Modify Windows Event Log
  • T1569.002 - Service Execution
  • T1546.005 - Trap
  • T1584.002 - DNS Server
MITREへのリンク →

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1622 - Debugger Evasion
  • T1216 - System Script Proxy Execution
  • T1570 - Lateral Tool Transfer
  • T1199 - Trusted Relationship
  • T1578.001 - Create Snapshot
  • T1218.010 - Regsvr32
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1087.002 - Domain Account
  • T1157 - Dylib Hijacking
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1027.016 - Junk Code Insertion
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1174 - Password Filter DLL
MITREへのリンク →

Medusa Group

Score: 0.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1157 - Dylib Hijacking
  • T1546.005 - Trap
  • T1597 - Search Closed Sources
  • T1218.003 - CMSTP
  • T1598 - Phishing for Information
  • T1586.002 - Email Accounts
  • T1547.012 - Print Processors
  • T1622 - Debugger Evasion
  • T1199 - Trusted Relationship
  • T1059.009 - Cloud API
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Wizard Spider

Score: 0.70
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1597 - Search Closed Sources
  • T1059.001 - PowerShell
  • T1622 - Debugger Evasion
  • T1059.009 - Cloud API
  • T1684 - Social Engineering
  • T1155 - AppleScript
  • T1584.008 - Network Devices
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1087.002 - Domain Account
  • T1157 - Dylib Hijacking
  • T1032 - Standard Cryptographic Protocol
  • T1556.009 - Conditional Access Policies
  • T1027.007 - Dynamic API Resolution
  • T1546.005 - Trap
MITREへのリンク →

FIN7

Score: 0.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.001 - Create Snapshot
  • T1055.013 - Process Doppelgänging
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1011.001 - Exfiltration Over Bluetooth
  • T1583.006 - Web Services
  • T1021.005 - VNC
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1157 - Dylib Hijacking
  • T1091 - Replication Through Removable Media
  • T1490 - Inhibit System Recovery
  • T1586.002 - Email Accounts
  • T1606.002 - SAML Tokens
  • T1059.001 - PowerShell
  • T1622 - Debugger Evasion
  • T1199 - Trusted Relationship
MITREへのリンク →

Gamaredon Group

Score: 0.63
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1684 - Social Engineering
  • T1547.013 - XDG Autostart Entries
  • T1570 - Lateral Tool Transfer
  • T1583.006 - Web Services
  • T1087.002 - Domain Account
  • T1021.005 - VNC
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.012 - Print Processors
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1552.005 - Cloud Instance Metadata API
  • T1542.004 - ROMMONkit
  • T1199 - Trusted Relationship
  • T1591.003 - Identify Business Tempo
  • T1059.009 - Cloud API
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1569.001 - Launchctl
  • T1136.001 - Local Account
  • T1218.010 - Regsvr32
  • T1597.002 - Purchase Technical Data
  • T1055.013 - Process Doppelgänging
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1087.002 - Domain Account
  • T1546.005 - Trap
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1565.002 - Transmitted Data Manipulation
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1199 - Trusted Relationship
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 0.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1087.002 - Domain Account
  • T1546.005 - Trap
  • T1059.010 - AutoHotKey & AutoIT
  • T1032 - Standard Cryptographic Protocol
  • T1583.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT32

Score: 0.60
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1218.010 - Regsvr32
  • T1597.002 - Purchase Technical Data
  • T1055.013 - Process Doppelgänging
  • T1547.013 - XDG Autostart Entries
  • T1570 - Lateral Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1087.002 - Domain Account
  • T1546.005 - Trap
  • T1032 - Standard Cryptographic Protocol
  • T1174 - Password Filter DLL
  • T1091 - Replication Through Removable Media
  • T1490 - Inhibit System Recovery
  • T1027.014 - Polymorphic Code
  • T1199 - Trusted Relationship
  • T1059.009 - Cloud API
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT41

Score: 0.59
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1570 - Lateral Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1548.006 - TCC Manipulation
  • T1157 - Dylib Hijacking
  • T1546.005 - Trap
  • T1584.008 - Network Devices
  • T1032 - Standard Cryptographic Protocol
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
  • T1499.001 - OS Exhaustion Flood
  • T1536 - Revert Cloud Instance
  • T1059.009 - Cloud API
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT29

Score: 0.59
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1027.016 - Junk Code Insertion
  • T1547.013 - XDG Autostart Entries
  • T1218.009 - Regsvcs/Regasm
  • T1087.002 - Domain Account
  • T1157 - Dylib Hijacking
  • T1584.008 - Network Devices
  • T1555.004 - Windows Credential Manager
  • T1547.008 - LSASS Driver
  • T1683 - Generate Content
  • T1490 - Inhibit System Recovery
  • T1606.002 - SAML Tokens
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

Chimera

Score: 0.57
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1027.016 - Junk Code Insertion
  • T1547.013 - XDG Autostart Entries
  • T1570 - Lateral Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1155 - AppleScript
  • T1157 - Dylib Hijacking
  • T1032 - Standard Cryptographic Protocol
  • T1003.007 - Proc Filesystem
  • T1132.002 - Non-Standard Encoding
  • T1542.004 - ROMMONkit
  • T1622 - Debugger Evasion
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る