Trusted Design

MajikPOS Combines PoS Malware and RATs to Pull Off its Malicious Tricks

概要

Crooks behind MajikPOS have various tricks up their sleeves. Apart from infecting systems with it, we also spotted instances where common lateral movement tools were detected around the same time they were actively compromising the endpoint with MajikPOS. These tools include: HKTL_MIMIKATZ, HKTL_FGDUMP, and HKTL_VNCPASSVIEW. We surmise that the bad guys attempted to gain further access within the victim’s network. In separate isolated incidents, we also noticed the deployment of MajikPOS via PsExec, a command-line tool that can be used to remotely execute processes on other systems. This may indicate that valid, administrative level credentials were used against the host. The attackers also tend to deploy what works or what's convenient, as we’ve also seen them attempt to infect the target host with other PoS malware such as PwnPOS (TSPY_PWNPOS.SMA), and BlackPOS (TSPY_POCARDL.AI).

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 40.42
Matched TTPs:
  • T1021.005 - VNC
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1497.001 - System Checks
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 37.60
Matched TTPs:
  • T1021.005 - VNC
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

GCMAN

Score: 3.62
Matched TTPs:
  • T1021.005 - VNC
MITREへのリンク →

Fox Kitten

Score: 25.04
Matched TTPs:
  • T1021.005 - VNC
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Ember Bear

Score: 33.68
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1110.003 - Password Spraying
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT39

Score: 24.42
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 39.56
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1176.002 - IDE Extensions
  • T1059 - Command and Scripting Interpreter
  • T1608 - Stage Capabilities
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1003.006 - DCSync
MITREへのリンク →

Tonto Team

Score: 8.40
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 36.26
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1078 - Valid Accounts
MITREへのリンク →

BlackByte

Score: 28.93
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 51.17
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1014 - Rootkit
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1110.003 - Password Spraying
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-0501

Score: 22.45
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1580 - Cloud Infrastructure Discovery
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1219.002 - Remote Desktop Software
  • T1003.006 - DCSync
MITREへのリンク →

Axiom

Score: 21.33
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1563.002 - RDP Hijacking
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

Leviathan

Score: 23.22
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1003.001 - LSASS Memory
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 33.59
Matched TTPs:
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1098.007 - Additional Local or Domain Groups
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Rocke

Score: 10.41
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 24.85
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1610 - Deploy Container
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 30.10
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1003.001 - LSASS Memory
  • T1548 - Abuse Elevation Control Mechanism
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.005 - Indicator Removal from Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Turla

Score: 49.07
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.005 - Indicator Removal from Tools
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

Volt Typhoon

Score: 46.76
Matched TTPs:
  • T1584.008 - Network Devices
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1552 - Unsecured Credentials
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1614 - System Location Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

ZIRCONIUM

Score: 12.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Daggerfly

Score: 8.89
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 17.25
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 34.96
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1651 - Cloud Administration Command
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

FIN13

Score: 32.99
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Dragonfly

Score: 28.52
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1098.007 - Additional Local or Domain Groups
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Ke3chang

Score: 28.13
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Agrius

Score: 17.71
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1003.001 - LSASS Memory
  • T1110.003 - Password Spraying
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT5

Score: 14.31
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1098.007 - Additional Local or Domain Groups
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

menuPass

Score: 27.54
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Threat Group-3390

Score: 31.62
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 42.33
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1552.006 - Group Policy Preferences
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

OilRig

Score: 52.35
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MuddyWater

Score: 27.88
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 7.90
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1003.001 - LSASS Memory
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
MITREへのリンク →

APT33

Score: 19.55
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1003.001 - LSASS Memory
  • T1110.003 - Password Spraying
  • T1552.006 - Group Policy Preferences
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Kimsuky

Score: 46.77
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1219.002 - Remote Desktop Software
  • T1111 - Multi-Factor Authentication Interception
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Moonstone Sleet

Score: 13.59
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 16.59
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Lazarus Group

Score: 48.22
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1134.002 - Create Process with Token
  • T1110.003 - Password Spraying
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Contagious Interview

Score: 19.68
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LuminousMoth

Score: 7.52
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 35.70
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Salt Typhoon

Score: 7.45
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 16.00
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 9.65
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 19.09
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1202 - Indirect Command Execution
  • T1003.001 - LSASS Memory
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Cleaver

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
MITREへのリンク →

Moses Staff

Score: 7.13
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Elderwood

Score: 3.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 6.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 3.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

CURIUM

Score: 5.90
Matched TTPs:
  • T1204.002 - Malicious File
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 12.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Dark Caracal

Score: 3.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 7.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA551

Score: 6.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 13.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1110.003 - Password Spraying
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN8

Score: 15.26
Matched TTPs:
  • T1204.002 - Malicious File
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1055.004 - Asynchronous Procedure Call
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BITTER

Score: 9.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 17.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1036.001 - Invalid Code Signature
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

LazyScripter

Score: 5.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PROMETHIUM

Score: 3.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1078.003 - Local Accounts
MITREへのリンク →

TA505

Score: 9.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 5.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Higaisa

Score: 10.89
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Magic Hound

Score: 23.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1098.007 - Additional Local or Domain Groups
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN4

Score: 6.35
Matched TTPs:
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
MITREへのリンク →

Cobalt Group

Score: 17.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Storm-1811

Score: 15.79
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 7.39
Matched TTPs:
  • T1204.002 - Malicious File
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 10.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN6

Score: 17.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 10.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Whitefly

Score: 6.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Nomadic Octopus

Score: 3.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 7.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 10.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 8.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 20.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1003.006 - DCSync
MITREへのリンク →

SideCopy

Score: 7.67
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1614 - System Location Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 4.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 22.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

APT38

Score: 20.89
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Molerats

Score: 4.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

admin@338

Score: 4.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 15.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

The White Company

Score: 4.87
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Silence

Score: 13.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Sidewinder

Score: 7.17
Matched TTPs:
  • T1204.002 - Malicious File
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Confucius

Score: 3.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 4.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 11.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1036.001 - Invalid Code Signature
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cinnamon Tempest

Score: 11.46
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Evilnum

Score: 7.14
Matched TTPs:
  • T1497.001 - System Checks
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 43.02
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Aquatic Panda

Score: 16.67
Matched TTPs:
  • T1007 - System Service Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Chimera

Score: 35.32
Matched TTPs:
  • T1007 - System Service Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1110.003 - Password Spraying
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1111 - Multi-Factor Authentication Interception
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

APT1

Score: 8.01
Matched TTPs:
  • T1007 - System Service Discovery
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Velvet Ant

Score: 23.59
Matched TTPs:
  • T1040 - Network Sniffing
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

DarkVishnya

Score: 6.48
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Winter Vivern

Score: 12.88
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1059 - Command and Scripting Interpreter
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT3

Score: 15.14
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT42

Score: 8.27
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

BackdoorDiplomacy

Score: 3.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
MITREへのリンク →

Sea Turtle

Score: 7.90
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

ToddyCat

Score: 7.45
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 18.88
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

INC Ransom

Score: 15.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 16.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1003.001 - LSASS Memory
  • T1110.003 - Password Spraying
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1078.003 - Local Accounts
MITREへのリンク →

Carbanak

Score: 4.87
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Akira

Score: 11.59
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Deep Panda

Score: 9.35
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1027.005 - Indicator Removal from Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

Lotus Blossom

Score: 7.84
Matched TTPs:
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1090.001 - Internal Proxy
MITREへのリンク →

Scattered Spider

Score: 28.70
Matched TTPs:
  • T1580 - Cloud Infrastructure Discovery
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1578.002 - Create Cloud Instance
  • T1219.002 - Remote Desktop Software
  • T1538 - Cloud Service Dashboard
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Silent Librarian

Score: 5.02
Matched TTPs:
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Stealth Falcon

Score: 9.72
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

FIN5

Score: 4.61
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

LAPSUS$

Score: 24.26
Matched TTPs:
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1578.002 - Create Cloud Instance
  • T1111 - Multi-Factor Authentication Interception
  • T1003.003 - NTDS
  • T1003.006 - DCSync
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN10

Score: 8.82
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.81
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1012 - Query Registry
  • T1036 - Masquerading
  • T1555.004 - Windows Credential Manager
  • T1027.005 - Indicator Removal from Tools
  • T1003.004 - LSA Secrets
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1497.001 - System Checks
  • T1195 - Supply Chain Compromise
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
  • T1007 - System Service Discovery
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1078 - Valid Accounts
  • T1204.002 - Malicious File
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT28

Score: 0.80
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1003.003 - NTDS
  • T1021.002 - SMB/Windows Admin Shares
  • T1669 - Wi-Fi Networks
  • T1003 - OS Credential Dumping
  • T1110.003 - Password Spraying
  • T1210 - Exploitation of Remote Services
  • T1014 - Rootkit
  • T1588.002 - Tool
  • T1584.008 - Network Devices
  • T1105 - Ingress Tool Transfer
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1039 - Data from Network Shared Drive
  • T1190 - Exploit Public-Facing Application
  • T1211 - Exploitation for Defense Evasion
  • T1057 - Process Discovery
  • T1078 - Valid Accounts
  • T1040 - Network Sniffing
  • T1204.002 - Malicious File
MITREへのリンク →

Turla

Score: 0.80
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1562.001 - Disable or Modify Tools
  • T1021.002 - SMB/Windows Admin Shares
  • T1124 - System Time Discovery
  • T1555.004 - Windows Credential Manager
  • T1027.005 - Indicator Removal from Tools
  • T1090.001 - Internal Proxy
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1587.001 - Malware
  • T1078.003 - Local Accounts
  • T1007 - System Service Discovery
  • T1546.013 - PowerShell Profile
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1012 - Query Registry
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1219.002 - Remote Desktop Software
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1078.003 - Local Accounts
  • T1190 - Exploit Public-Facing Application
  • T1007 - System Service Discovery
  • T1218.010 - Regsvr32
  • T1057 - Process Discovery
  • T1040 - Network Sniffing
  • T1204.002 - Malicious File
  • T1111 - Multi-Factor Authentication Interception
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Volt Typhoon

Score: 0.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1003.003 - NTDS
  • T1584.005 - Botnet
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1588.002 - Tool
  • T1552 - Unsecured Credentials
  • T1497.001 - System Checks
  • T1584.008 - Network Devices
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1190 - Exploit Public-Facing Application
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1078 - Valid Accounts
  • T1614 - System Location Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1012 - Query Registry
  • T1562.001 - Disable or Modify Tools
  • T1021.002 - SMB/Windows Admin Shares
  • T1027.007 - Dynamic API Resolution
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1202 - Indirect Command Execution
  • T1529 - System Shutdown/Reboot
  • T1110.003 - Password Spraying
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1036.003 - Rename Legitimate Utilities
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1078 - Valid Accounts
  • T1204.002 - Malicious File
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Medusa Group

Score: 0.71
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1650 - Acquire Access
  • T1569.002 - Service Execution
  • T1570 - Lateral Tool Transfer
  • T1218.014 - MMC
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1529 - System Shutdown/Reboot
  • T1003.003 - NTDS
  • T1562.001 - Disable or Modify Tools
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Wizard Spider

Score: 0.70
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1003.002 - Security Account Manager
  • T1003.003 - NTDS
  • T1562.001 - Disable or Modify Tools
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1555.004 - Windows Credential Manager
  • T1210 - Exploitation of Remote Services
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1552.006 - Group Policy Preferences
  • T1021.006 - Windows Remote Management
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1569.002 - Service Execution
  • T1078 - Valid Accounts
  • T1204.002 - Malicious File
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN7

Score: 0.64
Matched TTPs:
  • T1569.002 - Service Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.005 - VNC
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1105 - Ingress Tool Transfer
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1587.001 - Malware
  • T1078 - Valid Accounts
  • T1059 - Command and Scripting Interpreter
  • T1674 - Input Injection
  • T1204.002 - Malicious File
  • T1078.003 - Local Accounts
  • T1588.002 - Tool
  • T1124 - System Time Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Gamaredon Group

Score: 0.63
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1021.005 - VNC
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1055 - Process Injection
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1080 - Taint Shared Content
  • T1497.001 - System Checks
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608 - Stage Capabilities
  • T1003.003 - NTDS
  • T1105 - Ingress Tool Transfer
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1057 - Process Discovery
  • T1587.001 - Malware
  • T1003.006 - DCSync
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1027.007 - Dynamic API Resolution
  • T1203 - Exploitation for Client Execution
  • T1003 - OS Credential Dumping
MITREへのリンク →

Sandworm Team

Score: 0.61
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.002 - SMB/Windows Admin Shares
  • T1570 - Lateral Tool Transfer
  • T1036 - Masquerading
  • T1190 - Exploit Public-Facing Application
  • T1003.003 - NTDS
  • T1105 - Ingress Tool Transfer
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1587.001 - Malware
  • T1078 - Valid Accounts
  • T1040 - Network Sniffing
  • T1003.001 - LSASS Memory
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 0.60
Matched TTPs:
  • T1569.002 - Service Execution
  • T1021.002 - SMB/Windows Admin Shares
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1036.003 - Rename Legitimate Utilities
  • T1055 - Process Injection
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1204.002 - Malicious File
  • T1078.003 - Local Accounts
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1003 - OS Credential Dumping
MITREへのリンク →

APT41

Score: 0.59
Matched TTPs:
  • T1569.002 - Service Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1190 - Exploit Public-Facing Application
  • T1003.002 - Security Account Manager
  • T1003.003 - NTDS
  • T1021.001 - Remote Desktop Protocol
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1078 - Valid Accounts
  • T1055 - Process Injection
  • T1014 - Rootkit
  • T1003.001 - LSASS Memory
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

APT29

Score: 0.59
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
  • T1003.002 - Security Account Manager
  • T1651 - Cloud Administration Command
  • T1110.003 - Password Spraying
  • T1090.004 - Domain Fronting
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1078 - Valid Accounts
  • T1078.003 - Local Accounts
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1573 - Encrypted Channel
MITREへのリンク →

Chimera

Score: 0.57
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1569.002 - Service Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1021.006 - Windows Remote Management
  • T1007 - System Service Discovery
  • T1003.003 - NTDS
  • T1110.003 - Password Spraying
  • T1105 - Ingress Tool Transfer
  • T1057 - Process Discovery
  • T1078 - Valid Accounts
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1111 - Multi-Factor Authentication Interception
  • T1124 - System Time Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る