Trusted Design

Nemucod Evolves Delivery and Obfuscation Techniques to Harvest Credentials

概要

Recently the Unit 42 research team have been investigating a wave of Nemucod downloader malware that uses weaponized documents to deploy encoded, and heavily obfuscated JavaScript, ultimately leading to further payloads being delivered to the victim. From a single instance of the encoded JavaScript discovered in one version of this malware, we pivoted on the Command and Control (C2) IPv4 address discovered during static analysis and deobfuscation, using our Threat Intelligence Service AutoFocus, unearthed many more versions of the malware and found that the versions seen to date were delivering a credential-stealing Trojan as the final payload.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 36.37
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.006 - Timestomp
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA577

Score: 7.18
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1546.013 - PowerShell Profile
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 17.32
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Turla

Score: 31.90
Matched TTPs:
  • T1056.001 - Keylogging
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ember Bear

Score: 17.24
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1178 - SID-History Injection
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 15.77
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Poseidon Group

Score: 5.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Mustang Panda

Score: 55.58
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

Tonto Team

Score: 7.39
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 39.73
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 11.14
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 38.90
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1564.004 - NTFS File Attributes
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Axiom

Score: 10.39
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 21.74
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Contagious Interview

Score: 37.19
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

Inception

Score: 10.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 4.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 7.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 7.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 7.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 14.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 13.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 15.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

BITTER

Score: 11.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 20.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1560.003 - Archive via Custom Method
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 16.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 11.99
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 7.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 23.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 14.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 3.95
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Magic Hound

Score: 20.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 17.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 6.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tropic Trooper

Score: 23.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mofang

Score: 6.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Whitefly

Score: 5.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 18.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 5.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 17.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1071.003 - Mail Protocols
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 5.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 35.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN6

Score: 10.62
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

MoustachedBouncer

Score: 6.51
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

MuddyWater

Score: 26.65
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 26.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 14.17
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548 - Abuse Elevation Control Mechanism
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 10.48
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LazyScripter

Score: 15.39
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 24.86
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 9.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 37.88
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Indrik Spider

Score: 9.99
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 9.62
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Leafminer

Score: 9.28
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA578

Score: 5.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 5.84
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1089 - Disabling Security Tools
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 5.58
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

APT41

Score: 30.34
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1560.003 - Archive via Custom Method
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 12.78
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 25.58
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1560.003 - Archive via Custom Method
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1567 - Exfiltration Over Web Service
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 11.52
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 11.50
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT3

Score: 10.94
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1089 - Disabling Security Tools
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 17.03
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
MITREへのリンク →

APT29

Score: 26.88
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Dragonfly

Score: 13.49
Matched TTPs:
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 15.33
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

UNC3886

Score: 13.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 13.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 27.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 8.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 8.25
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 7.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 13.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

WIRTE

Score: 3.98
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 7.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gallmaker

Score: 3.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.011 - Lua
MITREへのリンク →

DarkHydrus

Score: 4.79
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 10.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 12.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 13.37
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT37

Score: 10.14
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PROMETHIUM

Score: 5.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Wizard Spider

Score: 19.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN4

Score: 6.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1574.010 - Services File Permissions Weakness
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 5.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 15.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

Nomadic Octopus

Score: 3.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 5.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 8.02
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 14.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 29.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT38

Score: 14.62
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

admin@338

Score: 4.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 36.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 9.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 9.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 11.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Chimera

Score: 13.18
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cinnamon Tempest

Score: 4.93
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Velvet Ant

Score: 9.83
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1583.005 - Botnet
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aquatic Panda

Score: 12.04
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 8.93
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 8.92
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BackdoorDiplomacy

Score: 8.11
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT1

Score: 5.83
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

Agrius

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Rocke

Score: 11.54
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Mustard Tempest

Score: 10.41
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 8.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
MITREへのリンク →

Medusa Group

Score: 9.73
Matched TTPs:
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LAPSUS$

Score: 7.44
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 5.46
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sea Turtle

Score: 8.63
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN10

Score: 3.52
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1490 - Inhibit System Recovery
MITREへのリンク →

INC Ransom

Score: 4.02
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volatile Cedar

Score: 4.91
Matched TTPs:
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.80
Matched TTPs:
  • T1059.011 - Lua
  • T1608.005 - Link Target
  • T1597.002 - Purchase Technical Data
  • T1089 - Disabling Security Tools
  • T1159 - Launch Agent
  • T1546.013 - PowerShell Profile
  • T1169 - Sudo
  • T1569.001 - Launchctl
  • T1087.002 - Domain Account
  • T1136.001 - Local Account
  • T1567.002 - Exfiltration to Cloud Storage
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1608 - Stage Capabilities
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
  • T1199 - Trusted Relationship
  • T1055.005 - Thread Local Storage
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT28

Score: 0.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
  • T1491.002 - External Defacement
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1564.004 - NTFS File Attributes
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.001 - Disable or Modify Windows Event Log
  • T1146 - Clear Command History
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.005 - Botnet
MITREへのリンク →

APT32

Score: 0.59
Matched TTPs:
  • T1608.005 - Link Target
  • T1597.002 - Purchase Technical Data
  • T1089 - Disabling Security Tools
  • T1592.004 - Client Configurations
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1546.013 - PowerShell Profile
  • T1087.002 - Domain Account
  • T1490 - Inhibit System Recovery
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
  • T1059.009 - Cloud API
  • T1174 - Password Filter DLL
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Gamaredon Group

Score: 0.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1608.005 - Link Target
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1608 - Stage Capabilities
  • T1087.002 - Domain Account
  • T1061 - Graphical User Interface
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1542.004 - ROMMONkit
  • T1059.013 - Container CLI/API
  • T1546.017 - Udev Rules
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1601.001 - Patch System Image
MITREへのリンク →

Contagious Interview

Score: 0.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1546.013 - PowerShell Profile
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1021.006 - Windows Remote Management
  • T1027.018 - Invisible Unicode
  • T1221 - Template Injection
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
  • T1556 - Modify Authentication Process
  • T1059.006 - Python
  • T1044 - File System Permissions Weakness
  • T1601.001 - Patch System Image
MITREへのリンク →

Kimsuky

Score: 0.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1546.013 - PowerShell Profile
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1608 - Stage Capabilities
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
  • T1526 - Cloud Service Discovery
  • T1008 - Fallback Channels
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1583.005 - Botnet
  • T1601.001 - Patch System Image
MITREへのリンク →

Lazarus Group

Score: 0.55
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1608.005 - Link Target
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1547.013 - XDG Autostart Entries
  • T1132.001 - Standard Encoding
  • T1055.005 - Thread Local Storage
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1070.006 - Timestomp
  • T1606.002 - SAML Tokens
  • T1556 - Modify Authentication Process
  • T1059.010 - AutoHotKey & AutoIT
  • T1174 - Password Filter DLL
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る