Trusted Design

Intrusions Affecting Multiple Victims Across Multiple Sectors

概要

The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that use multiple malware implants. Initial victims have been identified in several sectors including Information Technology, Energy, Healthcare, Communications, and Critical Manufacturing. According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates along with placing sophisticated malware implants on critical systems. Some of the campaign victims have been IT service providers where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 65.93
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1070.004 - File Deletion
  • T1111 - Multi-Factor Authentication Interception
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
  • T1584.001 - Domains
  • T1078.003 - Local Accounts
MITREへのリンク →

Sea Turtle

Score: 18.00
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1078.003 - Local Accounts
MITREへのリンク →

Ember Bear

Score: 42.24
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1003.004 - LSA Secrets
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1078.001 - Default Accounts
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 24.68
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1136 - Create Account
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 10.52
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
MITREへのリンク →

Contagious Interview

Score: 53.36
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1583.003 - Virtual Private Server
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Sandworm Team

Score: 51.71
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1586.001 - Social Media Accounts
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1591.002 - Business Relationships
  • T1584.005 - Botnet
  • T1072 - Software Deployment Tools
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1078.002 - Domain Accounts
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 16.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

LAPSUS$

Score: 64.96
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1586.002 - Email Accounts
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1621 - Multi-Factor Authentication Request Generation
  • T1552.008 - Chat Messages
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1111 - Multi-Factor Authentication Interception
  • T1078.004 - Cloud Accounts
  • T1213.005 - Messaging Applications
MITREへのリンク →

APT39

Score: 13.13
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 51.57
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1072 - Software Deployment Tools
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1001.003 - Protocol or Service Impersonation
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Tonto Team

Score: 6.12
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1210 - Exploitation of Remote Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 35.46
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1552.002 - Credentials in Registry
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1072 - Software Deployment Tools
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1078 - Valid Accounts
MITREへのリンク →

BlackByte

Score: 35.70
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 47.33
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1557.004 - Evil Twin
  • T1583.003 - Virtual Private Server
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1598 - Phishing for Information
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1078.004 - Cloud Accounts
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Sowbug

Score: 3.80
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1082 - System Information Discovery
MITREへのリンク →

Storm-0501

Score: 22.11
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1484.002 - Trust Modification
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1537 - Transfer Data to Cloud Account
  • T1078.004 - Cloud Accounts
MITREへのリンク →

Axiom

Score: 14.92
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
MITREへのリンク →

Leviathan

Score: 26.58
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1586.001 - Social Media Accounts
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 39.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1584.003 - Virtual Private Server
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Volt Typhoon

Score: 47.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1590.006 - Network Security Appliances
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1591.004 - Identify Roles
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 11.28
Matched TTPs:
  • T1584.008 - Network Devices
  • T1082 - System Information Discovery
  • T1012 - Query Registry
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 11.78
Matched TTPs:
  • T1583.008 - Malvertising
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
  • T1584.001 - Domains
MITREへのリンク →

APT42

Score: 27.62
Matched TTPs:
  • T1547 - Boot or Logon Autostart Execution
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

MuddyWater

Score: 17.84
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 29.26
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 47.15
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Leafminer

Score: 3.68
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1588.002 - Tool
MITREへのリンク →

APT33

Score: 11.56
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1078.004 - Cloud Accounts
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT29

Score: 37.28
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1586.003 - Cloud Accounts
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1649 - Steal or Forge Authentication Certificates
  • T1621 - Multi-Factor Authentication Request Generation
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1078.004 - Cloud Accounts
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

menuPass

Score: 14.23
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 34.92
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1591.002 - Business Relationships
  • T1583.003 - Virtual Private Server
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1012 - Query Registry
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 25.80
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1078.004 - Cloud Accounts
MITREへのリンク →

FIN13

Score: 23.85
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1078.001 - Default Accounts
  • T1087 - Account Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

Moonstone Sleet

Score: 23.71
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lazarus Group

Score: 45.83
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1070 - Indicator Removal
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1001.003 - Protocol or Service Impersonation
  • T1012 - Query Registry
  • T1070.004 - File Deletion
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

UNC3886

Score: 27.88
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1078.001 - Default Accounts
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1008 - Fallback Channels
MITREへのリンク →

LuminousMoth

Score: 9.98
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 11.01
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1136 - Create Account
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 21.89
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

RedCurl

Score: 22.06
Matched TTPs:
  • T1587.001 - Malware
  • T1552.002 - Credentials in Registry
  • T1082 - System Information Discovery
  • T1102 - Web Service
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1537 - Transfer Data to Cloud Account
  • T1070.004 - File Deletion
MITREへのリンク →

Moses Staff

Score: 6.40
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 23.25
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 35.18
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1591.004 - Identify Roles
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1078.003 - Local Accounts
MITREへのリンク →

Scattered Spider

Score: 51.55
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1082 - System Information Discovery
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1136 - Create Account
  • T1538 - Cloud Service Dashboard
  • T1105 - Ingress Tool Transfer
  • T1078.004 - Cloud Accounts
  • T1213.005 - Messaging Applications
MITREへのリンク →

Tropic Trooper

Score: 14.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Medusa Group

Score: 36.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1072 - Software Deployment Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

DarkVishnya

Score: 7.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

Aquatic Panda

Score: 26.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 19.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

APT41

Score: 40.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1562.006 - Indicator Blocking
  • T1588.002 - Tool
  • T1496.001 - Compute Hijacking
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1008 - Fallback Channels
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Wizard Spider

Score: 30.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Blue Mockingbird

Score: 17.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1496.001 - Compute Hijacking
  • T1569.002 - Service Execution
  • T1574.012 - COR_PROFILER
MITREへのリンク →

APT19

Score: 5.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1588.002 - Tool
MITREへのリンク →

PROMETHIUM

Score: 4.60
Matched TTPs:
  • T1543.003 - Windows Service
  • T1078.003 - Local Accounts
MITREへのリンク →

Carbanak

Score: 4.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

APT3

Score: 12.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 20.14
Matched TTPs:
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.004 - Server
MITREへのリンク →

Cobalt Group

Score: 9.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cinnamon Tempest

Score: 11.27
Matched TTPs:
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Evilnum

Score: 5.60
Matched TTPs:
  • T1497.001 - System Checks
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 16.82
Matched TTPs:
  • T1497.001 - System Checks
  • T1082 - System Information Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 31.42
Matched TTPs:
  • T1497.001 - System Checks
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HAFNIUM

Score: 25.94
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1593.003 - Code Repositories
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
  • T1078.004 - Cloud Accounts
  • T1078.003 - Local Accounts
MITREへのリンク →

APT5

Score: 21.18
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
  • T1070 - Indicator Removal
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1070.004 - File Deletion
  • T1078.004 - Cloud Accounts
MITREへのリンク →

BRONZE BUTLER

Score: 13.36
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Chimera

Score: 31.53
Matched TTPs:
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1589.001 - Credentials
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1556.001 - Domain Controller Authentication
  • T1070.004 - File Deletion
  • T1111 - Multi-Factor Authentication Interception
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

admin@338

Score: 3.73
Matched TTPs:
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
MITREへのリンク →

APT1

Score: 10.63
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1584.001 - Domains
MITREへのリンク →

Windigo

Score: 3.95
Matched TTPs:
  • T1082 - System Information Discovery
  • T1518 - Software Discovery
MITREへのリンク →

HEXANE

Score: 21.91
Matched TTPs:
  • T1082 - System Information Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA2541

Score: 10.96
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 19.48
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT37

Score: 7.12
Matched TTPs:
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Inception

Score: 8.84
Matched TTPs:
  • T1082 - System Information Discovery
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1518 - Software Discovery
MITREへのリンク →

Higaisa

Score: 6.57
Matched TTPs:
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

CURIUM

Score: 6.25
Matched TTPs:
  • T1082 - System Information Discovery
  • T1583.003 - Virtual Private Server
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Malteiro

Score: 5.63
Matched TTPs:
  • T1082 - System Information Discovery
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Sidewinder

Score: 11.77
Matched TTPs:
  • T1082 - System Information Discovery
  • T1598.002 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 47.71
Matched TTPs:
  • T1082 - System Information Discovery
  • T1562 - Impair Defenses
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1078.001 - Default Accounts
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1078.002 - Domain Accounts
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
  • T1584.001 - Domains
MITREへのリンク →

Daggerfly

Score: 9.98
Matched TTPs:
  • T1082 - System Information Discovery
  • T1195.002 - Compromise Software Supply Chain
  • T1012 - Query Registry
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SideCopy

Score: 15.51
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1584.001 - Domains
MITREへのリンク →

APT18

Score: 4.79
Matched TTPs:
  • T1082 - System Information Discovery
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 14.64
Matched TTPs:
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Winter Vivern

Score: 10.51
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 11.23
Matched TTPs:
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Windshift

Score: 10.67
Matched TTPs:
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Stealth Falcon

Score: 8.58
Matched TTPs:
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

IndigoZebra

Score: 4.29
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 7.73
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 11.97
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 3.60
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 12.48
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1497 - Virtualization/Sandbox Evasion
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

EXOTIC LILY

Score: 7.02
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 5.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 10.43
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1199 - Trusted Relationship
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Fox Kitten

Score: 15.02
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1213.005 - Messaging Applications
MITREへのリンク →

ToddyCat

Score: 9.70
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

GALLIUM

Score: 4.52
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 19.75
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1537 - Transfer Data to Cloud Account
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

Silence

Score: 11.94
Matched TTPs:
  • T1112 - Modify Registry
  • T1072 - Software Deployment Tools
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Gorgon Group

Score: 5.25
Matched TTPs:
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 8.60
Matched TTPs:
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

FIN6

Score: 15.64
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Akira

Score: 9.88
Matched TTPs:
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
MITREへのリンク →

Threat Group-1314

Score: 5.57
Matched TTPs:
  • T1072 - Software Deployment Tools
  • T1078.002 - Domain Accounts
MITREへのリンク →

POLONIUM

Score: 5.02
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
MITREへのリンク →

Storm-1811

Score: 15.34
Matched TTPs:
  • T1588.002 - Tool
  • T1566.004 - Spearphishing Voice
  • T1656 - Impersonation
  • T1036.010 - Masquerade Account Name
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN5

Score: 3.65
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN10

Score: 6.32
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

Velvet Ant

Score: 10.99
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Naikon

Score: 4.19
Matched TTPs:
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
MITREへのリンク →

The White Company

Score: 3.28
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Transparent Tribe

Score: 3.29
Matched TTPs:
  • T1584.001 - Domains
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

LAPSUS$

Score: 0.83
Matched TTPs:
  • T1111 - Multi-Factor Authentication Interception
  • T1591.004 - Identify Roles
  • T1583.003 - Virtual Private Server
  • T1621 - Multi-Factor Authentication Request Generation
  • T1213.005 - Messaging Applications
  • T1656 - Impersonation
  • T1593.003 - Code Repositories
  • T1078 - Valid Accounts
  • T1199 - Trusted Relationship
  • T1588.002 - Tool
  • T1598.004 - Spearphishing Voice
  • T1552.008 - Chat Messages
  • T1597.002 - Purchase Technical Data
  • T1586.002 - Email Accounts
  • T1078.004 - Cloud Accounts
  • T1589 - Gather Victim Identity Information
  • T1588.001 - Malware
  • T1589.001 - Credentials
  • T1591.002 - Business Relationships
  • T1531 - Account Access Removal
MITREへのリンク →

Kimsuky

Score: 0.81
Matched TTPs:
  • T1111 - Multi-Factor Authentication Interception
  • T1012 - Query Registry
  • T1588.005 - Exploits
  • T1587 - Develop Capabilities
  • T1102.001 - Dead Drop Resolver
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1583 - Acquire Infrastructure
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1598 - Phishing for Information
  • T1584.001 - Domains
  • T1543.003 - Windows Service
  • T1078.003 - Local Accounts
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1534 - Internal Spearphishing
  • T1566 - Phishing
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Sandworm Team

Score: 0.68
Matched TTPs:
  • T1584.004 - Server
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1583 - Acquire Infrastructure
  • T1078 - Valid Accounts
  • T1592.002 - Software
  • T1199 - Trusted Relationship
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1195.002 - Compromise Software Supply Chain
  • T1072 - Software Deployment Tools
  • T1195 - Supply Chain Compromise
  • T1608.001 - Upload Malware
  • T1491.002 - External Defacement
  • T1591.002 - Business Relationships
  • T1584.005 - Botnet
  • T1586.001 - Social Media Accounts
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Contagious Interview

Score: 0.68
Matched TTPs:
  • T1587 - Develop Capabilities
  • T1583.003 - Virtual Private Server
  • T1656 - Impersonation
  • T1204.004 - Malicious Copy and Paste
  • T1593.003 - Code Repositories
  • T1587.001 - Malware
  • T1583 - Acquire Infrastructure
  • T1497 - Virtualization/Sandbox Evasion
  • T1562.001 - Disable or Modify Tools
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
  • T1588.007 - Artificial Intelligence
  • T1070.004 - File Deletion
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608.001 - Upload Malware
  • T1681 - Search Threat Vendor Data
  • T1589 - Gather Victim Identity Information
  • T1657 - Financial Theft
MITREへのリンク →

Scattered Spider

Score: 0.66
Matched TTPs:
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1538 - Cloud Service Dashboard
  • T1136 - Create Account
  • T1078 - Valid Accounts
  • T1078.004 - Cloud Accounts
  • T1589 - Gather Victim Identity Information
  • T1087 - Account Discovery
  • T1657 - Financial Theft
  • T1588.001 - Malware
  • T1621 - Multi-Factor Authentication Request Generation
  • T1213.005 - Messaging Applications
  • T1562.001 - Disable or Modify Tools
  • T1598 - Phishing for Information
  • T1598.004 - Spearphishing Voice
  • T1484.002 - Trust Modification
MITREへのリンク →

Mustang Panda

Score: 0.66
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1518 - Software Discovery
  • T1678 - Delay Execution
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1057 - Process Discovery
  • T1176.002 - IDE Extensions
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1102 - Web Service
  • T1003 - OS Credential Dumping
  • T1622 - Debugger Evasion
  • T1072 - Software Deployment Tools
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608.001 - Upload Malware
  • T1001.003 - Protocol or Service Impersonation
  • T1586.002 - Email Accounts
  • T1070 - Indicator Removal
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1586.002 - Email Accounts
  • T1057 - Process Discovery
  • T1078 - Valid Accounts
  • T1078.004 - Cloud Accounts
  • T1211 - Exploitation for Defense Evasion
  • T1557.004 - Evil Twin
  • T1070.004 - File Deletion
  • T1589.001 - Credentials
  • T1583.003 - Virtual Private Server
  • T1669 - Wi-Fi Networks
  • T1003 - OS Credential Dumping
  • T1598 - Phishing for Information
  • T1584.008 - Network Devices
  • T1210 - Exploitation of Remote Services
  • T1199 - Trusted Relationship
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1012 - Query Registry
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1078.002 - Domain Accounts
  • T1584.008 - Network Devices
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078 - Valid Accounts
  • T1057 - Process Discovery
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1497.001 - System Checks
  • T1584.003 - Virtual Private Server
  • T1007 - System Service Discovery
  • T1589 - Gather Victim Identity Information
  • T1590.006 - Network Security Appliances
  • T1584.005 - Botnet
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
  • T1591.001 - Determine Physical Locations
  • T1562 - Impair Defenses
  • T1070.004 - File Deletion
  • T1584.001 - Domains
  • T1078.001 - Default Accounts
  • T1589 - Gather Victim Identity Information
  • T1036.010 - Masquerade Account Name
  • T1589.001 - Credentials
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Lazarus Group

Score: 0.61
Matched TTPs:
  • T1012 - Query Registry
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1078 - Valid Accounts
  • T1057 - Process Discovery
  • T1008 - Fallback Channels
  • T1562.001 - Disable or Modify Tools
  • T1529 - System Shutdown/Reboot
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
  • T1070.004 - File Deletion
  • T1543.003 - Windows Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1491.001 - Internal Defacement
  • T1001.003 - Protocol or Service Impersonation
  • T1070 - Indicator Removal
MITREへのリンク →

OilRig

Score: 0.59
Matched TTPs:
  • T1555.004 - Windows Credential Manager
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1078 - Valid Accounts
  • T1057 - Process Discovery
  • T1003.004 - LSA Secrets
  • T1008 - Fallback Channels
  • T1112 - Modify Registry
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
  • T1070.004 - File Deletion
  • T1497.001 - System Checks
  • T1543.003 - Windows Service
  • T1195 - Supply Chain Compromise
  • T1007 - System Service Discovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608.001 - Upload Malware
  • T1586.002 - Email Accounts
MITREへのリンク →

Turla

Score: 0.56
Matched TTPs:
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1584.003 - Virtual Private Server
  • T1012 - Query Registry
  • T1587.001 - Malware
  • T1078.003 - Local Accounts
  • T1546.013 - PowerShell Profile
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1584.004 - Server
  • T1518.001 - Security Software Discovery
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT41

Score: 0.55
Matched TTPs:
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1543.003 - Windows Service
  • T1105 - Ingress Tool Transfer
  • T1012 - Query Registry
  • T1562.006 - Indicator Blocking
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1102.001 - Dead Drop Resolver
  • T1008 - Fallback Channels
  • T1496.001 - Compute Hijacking
  • T1569.002 - Service Execution
  • T1112 - Modify Registry
  • T1480.001 - Environmental Keying
  • T1656 - Impersonation
  • T1195.002 - Compromise Software Supply Chain
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る