Trusted Design

Attack on Critical Infrastructure Leverages Template Injection

概要

Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user's credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim's computer.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 39.04
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1585.002 - Email Accounts
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1055.001 - Dynamic-link Library Injection
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA577

Score: 9.32
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 28.85
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Contagious Interview

Score: 40.45
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1585.002 - Email Accounts
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Scattered Spider

Score: 37.18
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 8.60
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Ember Bear

Score: 17.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1114 - Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 47.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Inception

Score: 10.65
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

Dark Caracal

Score: 10.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 10.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 15.33
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 15.02
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 56.14
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1583.006 - Web Services
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
  • T1550.001 - Application Access Token
MITREへのリンク →

Leviathan

Score: 45.17
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1585.002 - Email Accounts
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

Sidewinder

Score: 19.02
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT39

Score: 12.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Saint Bear

Score: 13.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 8.33
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 10.25
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 22.72
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Higaisa

Score: 9.47
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

APT19

Score: 11.20
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 8.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1039 - Data from Network Shared Drive
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 22.62
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 18.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 10.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Magic Hound

Score: 37.45
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1114 - Email Collection
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1585.002 - Email Accounts
  • T1583.006 - Web Services
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 27.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 5.81
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
MITREへのリンク →

Tropic Trooper

Score: 21.54
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

Mofang

Score: 9.21
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Whitefly

Score: 3.16
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 12.29
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1039 - Data from Network Shared Drive
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 5.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 14.33
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1048 - Exfiltration Over Alternative Protocol
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 4.83
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 4.52
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

OilRig

Score: 36.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 39.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1071.003 - Mail Protocols
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
  • T1078.003 - Local Accounts
MITREへのリンク →

Kimsuky

Score: 75.03
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1071.003 - Mail Protocols
  • T1585.002 - Email Accounts
  • T1593.002 - Search Engines
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1534 - Internal Spearphishing
  • T1566 - Phishing
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

Mustang Panda

Score: 50.28
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1036.008 - Masquerade File Type
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

Volt Typhoon

Score: 13.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 21.27
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 12.21
Matched TTPs:
  • T1114 - Email Collection
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
MITREへのリンク →

Gamaredon Group

Score: 56.86
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Turla

Score: 42.18
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1071.003 - Mail Protocols
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

BlackByte

Score: 20.51
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1491.001 - Internal Defacement
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 13.29
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1657 - Financial Theft
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Indrik Spider

Score: 8.29
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1585.002 - Email Accounts
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 9.75
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

LuminousMoth

Score: 22.69
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT29

Score: 33.79
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.003 - Cloud Accounts
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1651 - Cloud Administration Command
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

Play

Score: 15.53
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 11.83
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1091 - Replication Through Removable Media
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 17.99
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
MITREへのリンク →

Ke3chang

Score: 11.64
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 43.50
Matched TTPs:
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1674 - Input Injection
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1204.001 - Malicious Link
  • T1078.003 - Local Accounts
MITREへのリンク →

Cobalt Group

Score: 16.55
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 22.42
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 15.59
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gallmaker

Score: 6.70
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Patchwork

Score: 18.86
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 6.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 27.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1187 - Forced Authentication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 6.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 6.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 4.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 17.35
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkHydrus

Score: 8.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1187 - Forced Authentication
  • T1221 - Template Injection
MITREへのリンク →

PLATINUM

Score: 8.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA551

Score: 9.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 16.37
Matched TTPs:
  • T1204.002 - Malicious File
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 9.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Ferocious Kitten

Score: 5.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

LazyScripter

Score: 15.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

PROMETHIUM

Score: 5.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Star Blizzard

Score: 14.67
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
MITREへのリンク →

Wizard Spider

Score: 20.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1585.002 - Email Accounts
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

EXOTIC LILY

Score: 16.59
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 6.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.010 - Command Obfuscation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 4.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 4.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 20.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 8.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tonto Team

Score: 3.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 12.00
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 22.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.002 - Right-to-Left Override
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT38

Score: 19.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1218.001 - Compiled HTML File
  • T1486 - Data Encrypted for Impact
  • T1189 - Drive-by Compromise
  • T1036.006 - Space after Filename
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Molerats

Score: 9.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

IndigoZebra

Score: 7.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 10.20
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1218.001 - Compiled HTML File
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 11.90
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 10.87
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 14.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cinnamon Tempest

Score: 9.78
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 10.36
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 3.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 7.36
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 7.07
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1585.002 - Email Accounts
  • T1588.001 - Malware
MITREへのリンク →

APT42

Score: 12.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1585.002 - Email Accounts
  • T1656 - Impersonation
MITREへのリンク →

APT41

Score: 27.83
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Winter Vivern

Score: 13.62
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Agrius

Score: 7.46
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Rocke

Score: 15.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

LAPSUS$

Score: 20.27
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1656 - Impersonation
MITREへのリンク →

BackdoorDiplomacy

Score: 9.92
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.62
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Medusa Group

Score: 24.18
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1585.002 - Email Accounts
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1218.014 - MMC
MITREへのリンク →

Sea Turtle

Score: 12.54
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1078.003 - Local Accounts
MITREへのリンク →

Storm-0501

Score: 9.08
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

GALLIUM

Score: 6.77
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volatile Cedar

Score: 6.38
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 12.63
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Axiom

Score: 12.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HAFNIUM

Score: 13.72
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

APT5

Score: 3.93
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

Velvet Ant

Score: 7.36
Matched TTPs:
  • T1055 - Process Injection
  • T1570 - Lateral Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1657 - Financial Theft
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

Aquatic Panda

Score: 5.10
Matched TTPs:
  • T1588.001 - Malware
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Akira

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

POLONIUM

Score: 4.41
Matched TTPs:
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Chimera

Score: 7.91
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN10

Score: 4.90
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Leafminer

Score: 3.63
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Daggerfly

Score: 3.90
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1534 - Internal Spearphishing
  • T1036.007 - Double File Extension
  • T1078.003 - Local Accounts
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1102.001 - Dead Drop Resolver
  • T1218.010 - Regsvr32
  • T1566.001 - Spearphishing Attachment
  • T1593.001 - Social Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1593.002 - Search Engines
  • T1656 - Impersonation
  • T1071.003 - Mail Protocols
  • T1027.012 - LNK Icon Smuggling
  • T1585.002 - Email Accounts
  • T1055 - Process Injection
  • T1657 - Financial Theft
  • T1608.001 - Upload Malware
  • T1566 - Phishing
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1204.002 - Malicious File
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1204.001 - Malicious Link
MITREへのリンク →

Gamaredon Group

Score: 0.64
Matched TTPs:
  • T1534 - Internal Spearphishing
  • T1583.006 - Web Services
  • T1027.004 - Compile After Delivery
  • T1102.002 - Bidirectional Communication
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1039 - Data from Network Shared Drive
  • T1091 - Replication Through Removable Media
  • T1491.001 - Internal Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
  • T1105 - Ingress Tool Transfer
  • T1027.012 - LNK Icon Smuggling
  • T1055 - Process Injection
  • T1027.015 - Compression
  • T1608.001 - Upload Malware
  • T1102.003 - One-Way Communication
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1027 - Obfuscated Files or Information
  • T1025 - Data from Removable Media
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1550.001 - Application Access Token
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1036 - Masquerading
  • T1039 - Data from Network Shared Drive
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1598.003 - Spearphishing Link
  • T1221 - Template Injection
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1071.003 - Mail Protocols
  • T1189 - Drive-by Compromise
  • T1559.002 - Dynamic Data Exchange
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1203 - Exploitation for Client Execution
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1204.002 - Malicious File
  • T1025 - Data from Removable Media
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1598.003 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1564.001 - Hidden Files and Directories
  • T1027.012 - LNK Icon Smuggling
  • T1585.002 - Email Accounts
  • T1036.008 - Masquerade File Type
  • T1608.001 - Upload Malware
  • T1027.007 - Dynamic API Resolution
  • T1608 - Stage Capabilities
  • T1203 - Exploitation for Client Execution
  • T1586.002 - Email Accounts
  • T1204.002 - Malicious File
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.001 - Social Media Accounts
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1591.002 - Business Relationships
  • T1585.002 - Email Accounts
  • T1570 - Lateral Tool Transfer
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1190 - Exploit Public-Facing Application
  • T1204.002 - Malicious File
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
  • T1204.001 - Malicious Link
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る