Trusted Design

Attack on Critical Infrastructure Leverages Template Injection

概要

Attackers are continually trying to find new ways to target users with malware sent via email. Talos has identified an email-based attack targeting the energy sector, including nuclear power, that puts a new spin on the classic word document attachment phish. Typically, malicious Word documents that are sent as attachments to phishing emails will themselves contain a script or macro that executes malicious code. In this case, there is no malicious code in the attachment itself. The attachment instead tries to download a template file over an SMB connection so that the user's credentials can be silently harvested. In addition, this template file could also potentially be used to download other malicious payloads to the victim's computer.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 39.04
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA577

Score: 9.32
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 28.85
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 40.45
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 37.18
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 8.60
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 17.60
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1578 - Modify Cloud Compute Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Sandworm Team

Score: 47.86
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Inception

Score: 10.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Dark Caracal

Score: 10.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 10.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 15.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 15.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 56.14
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1552.005 - Cloud Instance Metadata API
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Leviathan

Score: 45.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 19.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 12.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 13.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 8.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 10.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 22.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1587 - Develop Capabilities
MITREへのリンク →

Higaisa

Score: 9.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

APT19

Score: 11.20
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 8.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1542.004 - ROMMONkit
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 22.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 18.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 10.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1587 - Develop Capabilities
MITREへのリンク →

Magic Hound

Score: 37.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1578 - Modify Cloud Compute Infrastructure
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 27.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 5.81
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Tropic Trooper

Score: 21.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mofang

Score: 9.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Whitefly

Score: 3.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 12.29
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 5.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 14.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1142 - Keychain
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 4.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Putter Panda

Score: 4.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1587 - Develop Capabilities
MITREへのリンク →

OilRig

Score: 36.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 39.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Kimsuky

Score: 75.03
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mustang Panda

Score: 50.28
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1013 - Port Monitors
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volt Typhoon

Score: 13.52
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1013 - Port Monitors
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 21.27
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 12.21
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
MITREへのリンク →

Gamaredon Group

Score: 56.86
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Turla

Score: 42.18
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 20.51
Matched TTPs:
  • T1013 - Port Monitors
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1606.001 - Web Cookies
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 13.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Indrik Spider

Score: 8.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 9.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

LuminousMoth

Score: 22.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 33.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1555.004 - Windows Credential Manager
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Play

Score: 15.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1142 - Keychain
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 11.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1058 - Service Registry Permissions Weakness
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 17.99
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 11.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 43.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 16.55
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 22.42
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 15.59
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gallmaker

Score: 6.70
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

Patchwork

Score: 18.86
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 6.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 27.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1531 - Account Access Removal
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 6.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 6.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 4.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 17.35
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

DarkHydrus

Score: 8.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 8.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 9.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 16.37
Matched TTPs:
  • T1087.002 - Domain Account
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 9.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ferocious Kitten

Score: 5.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

LazyScripter

Score: 15.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PROMETHIUM

Score: 5.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Star Blizzard

Score: 14.67
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
MITREへのリンク →

Wizard Spider

Score: 20.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1183 - Image File Execution Options Injection
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1587 - Develop Capabilities
MITREへのリンク →

EXOTIC LILY

Score: 16.59
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 6.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 4.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 4.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 20.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 8.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 3.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 12.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 22.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT38

Score: 19.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 9.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

IndigoZebra

Score: 7.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 10.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 11.90
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 10.87
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 14.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cinnamon Tempest

Score: 9.78
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 10.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 3.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 7.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 7.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
MITREへのリンク →

APT42

Score: 12.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1183 - Image File Execution Options Injection
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT41

Score: 27.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 13.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Agrius

Score: 7.46
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Rocke

Score: 15.67
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1008 - Fallback Channels
MITREへのリンク →

LAPSUS$

Score: 20.27
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BackdoorDiplomacy

Score: 9.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1587 - Develop Capabilities
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 24.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 12.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Storm-0501

Score: 9.08
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

GALLIUM

Score: 6.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.011 - Lua
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volatile Cedar

Score: 6.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 12.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 12.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HAFNIUM

Score: 13.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 3.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Velvet Ant

Score: 7.36
Matched TTPs:
  • T1684 - Social Engineering
  • T1566.004 - Spearphishing Voice
  • T1490 - Inhibit System Recovery
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

Aquatic Panda

Score: 5.10
Matched TTPs:
  • T1136.002 - Domain Account
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

POLONIUM

Score: 4.41
Matched TTPs:
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Chimera

Score: 7.91
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN10

Score: 4.90
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 3.63
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 3.90
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1552.003 - Shell History
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1690 - Prevent Command History Logging
  • T1606.002 - SAML Tokens
  • T1053.007 - Container Orchestration Job
  • T1684 - Social Engineering
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1027.014 - Polymorphic Code
  • T1091 - Replication Through Removable Media
  • T1030 - Data Transfer Size Limits
  • T1087.002 - Domain Account
  • T1055.014 - VDSO Hijacking
  • T1490 - Inhibit System Recovery
  • T1608 - Stage Capabilities
  • T1598.003 - Spearphishing Link
  • T1683.001 - Written Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1008 - Fallback Channels
  • T1547.013 - XDG Autostart Entries
  • T1547.002 - Authentication Package
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1131 - Authentication Package
MITREへのリンク →

Gamaredon Group

Score: 0.64
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1200 - Hardware Additions
  • T1027.018 - Invisible Unicode
  • T1684 - Social Engineering
  • T1601.001 - Patch System Image
  • T1091 - Replication Through Removable Media
  • T1591.003 - Identify Business Tempo
  • T1546.017 - Udev Rules
  • T1058 - Service Registry Permissions Weakness
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1087.002 - Domain Account
  • T1552.005 - Cloud Instance Metadata API
  • T1055.014 - VDSO Hijacking
  • T1608 - Stage Capabilities
  • T1059.013 - Container CLI/API
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
  • T1547.002 - Authentication Package
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1059.010 - AutoHotKey & AutoIT
  • T1200 - Hardware Additions
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1197 - BITS Jobs
  • T1206 - Sudo Caching
  • T1055.008 - Ptrace System Calls
  • T1105 - Ingress Tool Transfer
  • T1058 - Service Registry Permissions Weakness
  • T1685.001 - Disable or Modify Windows Event Log
  • T1218.010 - Regsvr32
  • T1087.002 - Domain Account
  • T1552.005 - Cloud Instance Metadata API
  • T1059.012 - Hypervisor CLI
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1491.002 - External Defacement
  • T1542.004 - ROMMONkit
  • T1547.013 - XDG Autostart Entries
  • T1547.002 - Authentication Package
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1024 - Custom Cryptographic Protocol
  • T1059.010 - AutoHotKey & AutoIT
  • T1013 - Port Monitors
  • T1059.011 - Lua
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1053.007 - Container Orchestration Job
  • T1091 - Replication Through Removable Media
  • T1105 - Ingress Tool Transfer
  • T1058 - Service Registry Permissions Weakness
  • T1218.010 - Regsvr32
  • T1087.002 - Domain Account
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1601.001 - Patch System Image
  • T1091 - Replication Through Removable Media
  • T1564.008 - Email Hiding Rules
  • T1484.002 - Trust Modification
  • T1566.004 - Spearphishing Voice
  • T1218.010 - Regsvr32
  • T1087.002 - Domain Account
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1547.002 - Authentication Package
  • T1558 - Steal or Forge Kerberos Tickets
  • T1193 - Spearphishing Attachment
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る