Trusted Design

TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

概要

The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including information technology, energy, healthcare and public health, communications, and critical manufacturing. According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates, along with placing sophisticated malware implants on critical systems. Some of the campaign victims have been IT service providers, where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 80.39
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1070.009 - Clear Persistence
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1053.002 - At
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sea Turtle

Score: 15.47
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ember Bear

Score: 37.13
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1178 - SID-History Injection
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1564.013 - Bind Mounts
  • T1136.002 - Domain Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 24.68
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 8.59
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
MITREへのリンク →

Contagious Interview

Score: 59.98
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sandworm Team

Score: 58.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1187 - Forced Authentication
  • T1166 - Setuid and Setgid
  • T1075 - Pass the Hash
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 22.24
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

LAPSUS$

Score: 55.66
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1596.004 - CDNs
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1132.002 - Non-Standard Encoding
  • T1588.005 - Exploits
MITREへのリンク →

Volt Typhoon

Score: 52.83
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1065 - Uncommonly Used Port
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT28

Score: 48.56
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1197 - BITS Jobs
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 15.75
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1608.005 - Link Target
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 23.99
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 11.78
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1053.002 - At
MITREへのリンク →

MuddyWater

Score: 18.34
Matched TTPs:
  • T1178 - SID-History Injection
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 24.40
Matched TTPs:
  • T1178 - SID-History Injection
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 46.44
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Leafminer

Score: 3.68
Matched TTPs:
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 11.66
Matched TTPs:
  • T1178 - SID-History Injection
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT29

Score: 32.52
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1568 - Dynamic Resolution
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 14.23
Matched TTPs:
  • T1178 - SID-History Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 31.93
Matched TTPs:
  • T1178 - SID-History Injection
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 17.02
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 23.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1564.013 - Bind Mounts
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Moonstone Sleet

Score: 21.60
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 47.67
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1567.002 - Exfiltration to Cloud Storage
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

UNC3886

Score: 29.39
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.013 - Bind Mounts
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1055.015 - ListPlanting
MITREへのリンク →

LuminousMoth

Score: 9.98
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 18.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 20.37
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 20.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1122 - Component Object Model Hijacking
  • T1574.010 - Services File Permissions Weakness
  • T1128 - Netsh Helper DLL
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
MITREへのリンク →

Moses Staff

Score: 6.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 34.95
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mustang Panda

Score: 56.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1567.002 - Exfiltration to Cloud Storage
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

TeamTNT

Score: 16.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 31.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
  • T1055.015 - ListPlanting
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Evilnum

Score: 5.60
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 15.30
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1064 - Scripting
  • T1564.002 - Hidden Users
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 29.39
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 12.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 43.10
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1498 - Network Denial of Service
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

Silent Librarian

Score: 4.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT32

Score: 25.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Magic Hound

Score: 50.67
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1564.013 - Bind Mounts
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

CURIUM

Score: 9.81
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 13.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

HAFNIUM

Score: 25.52
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 16.74
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.003 - Delete Cloud Instance
  • T1677 - Poisoned Pipeline Execution
  • T1166 - Setuid and Setgid
  • T1070.009 - Clear Persistence
MITREへのリンク →

BRONZE BUTLER

Score: 13.36
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Aquatic Panda

Score: 24.70
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Chimera

Score: 27.61
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1592.003 - Firmware
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1059.003 - Windows Command Shell
  • T1070.009 - Clear Persistence
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 22.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1546.016 - Installer Packages
MITREへのリンク →

admin@338

Score: 3.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
MITREへのリンク →

APT1

Score: 9.12
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

Velvet Ant

Score: 14.38
Matched TTPs:
  • T1583.005 - Botnet
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 8.42
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

Windigo

Score: 3.95
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1159 - Launch Agent
MITREへのリンク →

BlackByte

Score: 26.26
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 33.33
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1578.003 - Delete Cloud Instance
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1055.015 - ListPlanting
  • T1008 - Fallback Channels
MITREへのリンク →

Blue Mockingbird

Score: 9.89
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1001.001 - Junk Data
MITREへのリンク →

HEXANE

Score: 20.39
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 15.72
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 14.34
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT37

Score: 5.60
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Inception

Score: 7.32
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

Higaisa

Score: 5.05
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

Malteiro

Score: 5.63
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

APT38

Score: 13.36
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT3

Score: 9.27
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 7.05
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 10.94
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
  • T1055.009 - Proc Memory
MITREへのリンク →

APT42

Score: 23.30
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

SideCopy

Score: 15.51
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1053.002 - At
MITREへのリンク →

APT19

Score: 3.88
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

APT18

Score: 4.79
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 17.38
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Tropic Trooper

Score: 13.42
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Winter Vivern

Score: 11.61
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 26.41
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Windshift

Score: 9.15
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Medusa Group

Score: 32.21
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Stealth Falcon

Score: 7.06
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

IndigoZebra

Score: 6.30
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 9.74
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 11.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 3.60
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 14.49
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

EXOTIC LILY

Score: 10.86
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

BackdoorDiplomacy

Score: 5.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Fox Kitten

Score: 15.02
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

Cinnamon Tempest

Score: 9.33
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 8.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

GALLIUM

Score: 4.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 17.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 9.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT39

Score: 8.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Silence

Score: 6.26
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 4.91
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 5.25
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 7.08
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

FIN6

Score: 15.99
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 9.88
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
MITREへのリンク →

POLONIUM

Score: 7.03
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Tonto Team

Score: 3.52
Matched TTPs:
  • T1059.001 - PowerShell
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

Storm-1811

Score: 15.34
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 7.65
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN5

Score: 3.65
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN10

Score: 6.32
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Naikon

Score: 4.19
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

The White Company

Score: 3.28
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

Transparent Tribe

Score: 3.29
Matched TTPs:
  • T1053.002 - At
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81
Matched TTPs:
  • T1197 - BITS Jobs
  • T1490 - Inhibit System Recovery
  • T1583.005 - Botnet
  • T1566.002 - Spearphishing Link
  • T1132.002 - Non-Standard Encoding
  • T1024 - Custom Cryptographic Protocol
  • T1120 - Peripheral Device Discovery
  • T1008 - Fallback Channels
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1606.002 - SAML Tokens
  • T1102.003 - One-Way Communication
  • T1003.007 - Proc Filesystem
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1003.003 - NTDS
  • T1033 - System Owner/User Discovery
  • T1608.005 - Link Target
  • T1070.009 - Clear Persistence
  • T1053.002 - At
  • T1140 - Deobfuscate/Decode Files or Information
  • T1570 - Lateral Tool Transfer
  • T1126 - Network Share Connection Removal
  • T1690 - Prevent Command History Logging
  • T1057 - Process Discovery
  • T1506 - Web Session Cookie
  • T1055.014 - VDSO Hijacking
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 0.65
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1193 - Spearphishing Attachment
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1546.016 - Installer Packages
  • T1606.002 - SAML Tokens
  • T1102.003 - One-Way Communication
  • T1033 - System Owner/User Discovery
  • T1070.009 - Clear Persistence
  • T1140 - Deobfuscate/Decode Files or Information
  • T1484.002 - Trust Modification
  • T1005 - Data from Local System
  • T1122 - Component Object Model Hijacking
  • T1075 - Pass the Hash
  • T1157 - Dylib Hijacking
  • T1049 - System Network Connections Discovery
  • T1187 - Forced Authentication
  • T1564.008 - Email Hiding Rules
  • T1547.013 - XDG Autostart Entries
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Contagious Interview

Score: 0.64
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1218.008 - Odbcconf
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
  • T1030 - Data Transfer Size Limits
  • T1221 - Template Injection
  • T1606.002 - SAML Tokens
  • T1102.003 - One-Way Communication
  • T1033 - System Owner/User Discovery
  • T1608.005 - Link Target
  • T1070.009 - Clear Persistence
  • T1547.005 - Security Support Provider
  • T1044 - File System Permissions Weakness
  • T1126 - Network Share Connection Removal
  • T1690 - Prevent Command History Logging
  • T1021.006 - Windows Remote Management
  • T1556 - Modify Authentication Process
  • T1064 - Scripting
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
MITREへのリンク →

LAPSUS$

Score: 0.63
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1216.001 - PubPrn
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1132.002 - Non-Standard Encoding
  • T1024 - Custom Cryptographic Protocol
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1596.004 - CDNs
  • T1157 - Dylib Hijacking
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1122 - Component Object Model Hijacking
  • T1030 - Data Transfer Size Limits
  • T1601 - Modify System Image
  • T1065 - Uncommonly Used Port
  • T1588.005 - Exploits
MITREへのリンク →

Mustang Panda

Score: 0.61
Matched TTPs:
  • T1567.002 - Exfiltration to Cloud Storage
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1120 - Peripheral Device Discovery
  • T1677 - Poisoned Pipeline Execution
  • T1569.001 - Launchctl
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1612 - Build Image on Host
  • T1102.003 - One-Way Communication
  • T1070.009 - Clear Persistence
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1159 - Launch Agent
  • T1556 - Modify Authentication Process
  • T1055.005 - Thread Local Storage
  • T1136.001 - Local Account
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Volt Typhoon

Score: 0.58
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1199 - Trusted Relationship
  • T1562.009 - Safe Mode Boot
  • T1574.002 - DLL Side-Loading
  • T1546.016 - Installer Packages
  • T1102.003 - One-Way Communication
  • T1003.007 - Proc Filesystem
  • T1070.009 - Clear Persistence
  • T1164 - Re-opened Applications
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1570 - Lateral Tool Transfer
  • T1159 - Launch Agent
  • T1057 - Process Discovery
  • T1059.009 - Cloud API
  • T1157 - Dylib Hijacking
  • T1049 - System Network Connections Discovery
  • T1547.013 - XDG Autostart Entries
  • T1685.001 - Disable or Modify Windows Event Log
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Magic Hound

Score: 0.56
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1120 - Peripheral Device Discovery
  • T1578.002 - Create Cloud Instance
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
  • T1592.003 - Firmware
  • T1564.013 - Bind Mounts
  • T1070.009 - Clear Persistence
  • T1608.005 - Link Target
  • T1053.002 - At
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1098.002 - Additional Email Delegate Permissions
  • T1070.003 - Clear Command History
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1197 - BITS Jobs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1057 - Process Discovery
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1546.007 - Netsh Helper DLL
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.003 - Spearphishing via Service
  • T1059.001 - PowerShell
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る