Trusted Design

Intrusions Affecting Multiple Victims Across Multiple Sectors

概要

The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that use multiple malware implants. Initial victims have been identified in several sectors including Information Technology, Energy, Healthcare, Communications, and Critical Manufacturing. According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates along with placing sophisticated malware implants on critical systems. Some of the campaign victims have been IT service providers where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 65.93
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1070.009 - Clear Persistence
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1053.002 - At
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sea Turtle

Score: 18.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ember Bear

Score: 42.24
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1178 - SID-History Injection
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1564.013 - Bind Mounts
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 24.68
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 10.52
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
MITREへのリンク →

Contagious Interview

Score: 53.36
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sandworm Team

Score: 51.71
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1166 - Setuid and Setgid
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 16.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

LAPSUS$

Score: 64.96
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1556.008 - Network Provider DLL
  • T1596.004 - CDNs
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1132.002 - Non-Standard Encoding
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

APT39

Score: 13.13
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Mustang Panda

Score: 51.57
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1567.002 - Exfiltration to Cloud Storage
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Tonto Team

Score: 6.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.001 - PowerShell
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 35.46
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1608.004 - Drive-by Target
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackByte

Score: 35.70
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 47.33
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1175 - Component Object Model and Distributed COM
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1197 - BITS Jobs
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sowbug

Score: 3.80
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1120 - Peripheral Device Discovery
MITREへのリンク →

Storm-0501

Score: 22.11
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1055.009 - Proc Memory
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Axiom

Score: 14.92
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 26.58
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 39.50
Matched TTPs:
  • T1014 - Rootkit
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1176 - Software Extensions
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 47.78
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1065 - Uncommonly Used Port
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 11.28
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1120 - Peripheral Device Discovery
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 11.78
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1053.002 - At
MITREへのリンク →

APT42

Score: 27.62
Matched TTPs:
  • T1110.002 - Password Cracking
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

MuddyWater

Score: 17.84
Matched TTPs:
  • T1178 - SID-History Injection
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 29.26
Matched TTPs:
  • T1178 - SID-History Injection
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 47.15
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Leafminer

Score: 3.68
Matched TTPs:
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 11.56
Matched TTPs:
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT29

Score: 37.28
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 14.23
Matched TTPs:
  • T1178 - SID-History Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 34.92
Matched TTPs:
  • T1178 - SID-History Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1193 - Spearphishing Attachment
  • T1175 - Component Object Model and Distributed COM
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 25.80
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN13

Score: 23.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1564.013 - Bind Mounts
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Moonstone Sleet

Score: 23.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 45.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1677 - Poisoned Pipeline Execution
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1567.002 - Exfiltration to Cloud Storage
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

UNC3886

Score: 27.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.013 - Bind Mounts
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1055.015 - ListPlanting
MITREへのリンク →

LuminousMoth

Score: 9.98
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 11.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 21.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 22.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1608.004 - Drive-by Target
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1122 - Component Object Model Hijacking
  • T1574.010 - Services File Permissions Weakness
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
MITREへのリンク →

Moses Staff

Score: 6.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 23.25
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1547.006 - Kernel Modules and Extensions
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 35.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Scattered Spider

Score: 51.55
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1120 - Peripheral Device Discovery
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1498 - Network Denial of Service
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

Tropic Trooper

Score: 14.13
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Medusa Group

Score: 36.58
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

DarkVishnya

Score: 7.32
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

Aquatic Panda

Score: 26.63
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 19.21
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT41

Score: 40.08
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1578.003 - Delete Cloud Instance
  • T1199 - Trusted Relationship
  • T1547.006 - Kernel Modules and Extensions
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1055.015 - ListPlanting
  • T1008 - Fallback Channels
MITREへのリンク →

Wizard Spider

Score: 30.74
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Blue Mockingbird

Score: 17.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1547.006 - Kernel Modules and Extensions
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

APT19

Score: 5.82
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

PROMETHIUM

Score: 4.60
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Carbanak

Score: 4.21
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT3

Score: 12.72
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 20.14
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1546.016 - Installer Packages
MITREへのリンク →

Cobalt Group

Score: 9.77
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 11.27
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 5.60
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 16.82
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 31.42
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 25.94
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 21.18
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.003 - Delete Cloud Instance
  • T1677 - Poisoned Pipeline Execution
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1070.009 - Clear Persistence
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 13.36
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Chimera

Score: 31.53
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1592.003 - Firmware
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1059.003 - Windows Command Shell
  • T1070.009 - Clear Persistence
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

admin@338

Score: 3.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
MITREへのリンク →

APT1

Score: 10.63
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

Windigo

Score: 3.95
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1159 - Launch Agent
MITREへのリンク →

HEXANE

Score: 21.91
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 10.96
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 19.48
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1547.006 - Kernel Modules and Extensions
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT37

Score: 7.12
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Inception

Score: 8.84
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

Higaisa

Score: 6.57
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

CURIUM

Score: 6.25
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1547.008 - LSASS Driver
MITREへのリンク →

Malteiro

Score: 5.63
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Sidewinder

Score: 11.77
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 47.71
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1564.013 - Bind Mounts
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

Daggerfly

Score: 9.98
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 15.51
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1053.002 - At
MITREへのリンク →

APT18

Score: 4.79
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 14.64
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Winter Vivern

Score: 10.51
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 11.23
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Windshift

Score: 10.67
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Stealth Falcon

Score: 8.58
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

IndigoZebra

Score: 4.29
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 7.73
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 11.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 3.60
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 12.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

EXOTIC LILY

Score: 7.02
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1547.008 - LSASS Driver
MITREへのリンク →

BackdoorDiplomacy

Score: 5.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 10.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Fox Kitten

Score: 15.02
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

ToddyCat

Score: 9.70
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

GALLIUM

Score: 4.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 19.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Silence

Score: 11.94
Matched TTPs:
  • T1059.009 - Cloud API
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gorgon Group

Score: 5.25
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 8.60
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

FIN6

Score: 15.64
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 9.88
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
MITREへのリンク →

Threat Group-1314

Score: 5.57
Matched TTPs:
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1166 - Setuid and Setgid
MITREへのリンク →

POLONIUM

Score: 5.02
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

Storm-1811

Score: 15.34
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN5

Score: 3.65
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN10

Score: 6.32
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Velvet Ant

Score: 10.99
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Naikon

Score: 4.19
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

The White Company

Score: 3.28
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

Transparent Tribe

Score: 3.29
Matched TTPs:
  • T1053.002 - At
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

LAPSUS$

Score: 0.83
Matched TTPs:
  • T1218.008 - Odbcconf
  • T1588.005 - Exploits
  • T1556.008 - Network Provider DLL
  • T1065 - Uncommonly Used Port
  • T1193 - Spearphishing Attachment
  • T1157 - Dylib Hijacking
  • T1136.002 - Domain Account
  • T1021.001 - Remote Desktop Protocol
  • T1030 - Data Transfer Size Limits
  • T1216.001 - PubPrn
  • T1175 - Component Object Model and Distributed COM
  • T1596.004 - CDNs
  • T1592.003 - Firmware
  • T1199 - Trusted Relationship
  • T1019 - System Firmware
  • T1132.002 - Non-Standard Encoding
  • T1547.005 - Security Support Provider
  • T1024 - Custom Cryptographic Protocol
  • T1122 - Component Object Model Hijacking
  • T1601 - Modify System Image
MITREへのリンク →

Kimsuky

Score: 0.81
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1008 - Fallback Channels
  • T1059.009 - Cloud API
  • T1197 - BITS Jobs
  • T1030 - Data Transfer Size Limits
  • T1003.007 - Proc Filesystem
  • T1126 - Network Share Connection Removal
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1132.002 - Non-Standard Encoding
  • T1024 - Custom Cryptographic Protocol
  • T1506 - Web Session Cookie
  • T1552.003 - Shell History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1570 - Lateral Tool Transfer
  • T1176.001 - Browser Extensions
  • T1606.002 - SAML Tokens
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1033 - System Owner/User Discovery
  • T1055.014 - VDSO Hijacking
  • T1053.002 - At
  • T1120 - Peripheral Device Discovery
  • T1003.003 - NTDS
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sandworm Team

Score: 0.68
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1193 - Spearphishing Attachment
  • T1157 - Dylib Hijacking
  • T1564.008 - Email Hiding Rules
  • T1166 - Setuid and Setgid
  • T1049 - System Network Connections Discovery
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1199 - Trusted Relationship
  • T1484.002 - Trust Modification
  • T1546.016 - Installer Packages
  • T1122 - Component Object Model Hijacking
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.002 - SAML Tokens
  • T1033 - System Owner/User Discovery
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1005 - Data from Local System
MITREへのリンク →

Contagious Interview

Score: 0.68
Matched TTPs:
  • T1218.008 - Odbcconf
  • T1556 - Modify Authentication Process
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1044 - File System Permissions Weakness
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1126 - Network Share Connection Removal
  • T1221 - Template Injection
  • T1199 - Trusted Relationship
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1606.002 - SAML Tokens
  • T1033 - System Owner/User Discovery
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1064 - Scripting
MITREへのリンク →

Scattered Spider

Score: 0.66
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1597 - Search Closed Sources
  • T1547.005 - Security Support Provider
  • T1556.008 - Network Provider DLL
  • T1030 - Data Transfer Size Limits
  • T1498 - Network Denial of Service
  • T1157 - Dylib Hijacking
  • T1588.005 - Exploits
  • T1136.002 - Domain Account
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027.002 - Software Packing
  • T1120 - Peripheral Device Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1547.013 - XDG Autostart Entries
  • T1197 - BITS Jobs
MITREへのリンク →

Mustang Panda

Score: 0.66
Matched TTPs:
  • T1556 - Modify Authentication Process
  • T1070.009 - Clear Persistence
  • T1597.002 - Purchase Technical Data
  • T1677 - Poisoned Pipeline Execution
  • T1567.002 - Exfiltration to Cloud Storage
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1024 - Custom Cryptographic Protocol
  • T1071.001 - Web Protocols
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1136.001 - Local Account
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1612 - Build Image on Host
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
  • T1139 - Bash History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1197 - BITS Jobs
  • T1175 - Component Object Model and Distributed COM
  • T1546.007 - Netsh Helper DLL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.001 - PowerShell
  • T1024 - Custom Cryptographic Protocol
  • T1592.003 - Firmware
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1547.013 - XDG Autostart Entries
  • T1597.002 - Purchase Technical Data
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1065 - Uncommonly Used Port
  • T1157 - Dylib Hijacking
  • T1685.001 - Disable or Modify Windows Event Log
  • T1166 - Setuid and Setgid
  • T1059.009 - Cloud API
  • T1049 - System Network Connections Discovery
  • T1003.007 - Proc Filesystem
  • T1164 - Re-opened Applications
  • T1176 - Software Extensions
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1547.005 - Security Support Provider
  • T1546.016 - Installer Packages
  • T1140 - Deobfuscate/Decode Files or Information
  • T1159 - Launch Agent
  • T1570 - Lateral Tool Transfer
  • T1562.009 - Safe Mode Boot
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1166 - Setuid and Setgid
  • T1059.009 - Cloud API
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
  • T1592.003 - Firmware
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1547.005 - Security Support Provider
  • T1024 - Custom Cryptographic Protocol
  • T1070.003 - Clear Command History
  • T1564.013 - Bind Mounts
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1053.002 - At
  • T1120 - Peripheral Device Discovery
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
MITREへのリンク →

Lazarus Group

Score: 0.61
Matched TTPs:
  • T1556 - Modify Authentication Process
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1216 - System Script Proxy Execution
  • T1157 - Dylib Hijacking
  • T1606.001 - Web Cookies
  • T1677 - Poisoned Pipeline Execution
  • T1567.002 - Exfiltration to Cloud Storage
  • T1547.008 - LSASS Driver
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1055.015 - ListPlanting
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1570 - Lateral Tool Transfer
  • T1176.001 - Browser Extensions
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 0.59
Matched TTPs:
  • T1556 - Modify Authentication Process
  • T1070.009 - Clear Persistence
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1059.009 - Cloud API
  • T1178 - SID-History Injection
  • T1547.008 - LSASS Driver
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1556.009 - Conditional Access Policies
  • T1055.015 - ListPlanting
  • T1024 - Custom Cryptographic Protocol
  • T1570 - Lateral Tool Transfer
  • T1176.001 - Browser Extensions
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1005 - Data from Local System
MITREへのリンク →

Turla

Score: 0.56
Matched TTPs:
  • T1176 - Software Extensions
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1556.009 - Conditional Access Policies
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1120 - Peripheral Device Discovery
  • T1136.002 - Domain Account
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1490 - Inhibit System Recovery
  • T1014 - Rootkit
  • T1059.009 - Cloud API
  • T1546.016 - Installer Packages
  • T1506 - Web Session Cookie
  • T1612 - Build Image on Host
MITREへのリンク →

APT41

Score: 0.55
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1008 - Fallback Channels
  • T1570 - Lateral Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1176.001 - Browser Extensions
  • T1547.006 - Kernel Modules and Extensions
  • T1055.015 - ListPlanting
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1578.003 - Delete Cloud Instance
  • T1059.009 - Cloud API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る