Trusted Design

TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind

概要

Activity involving the cross-platform Adwind family Remote Access Trojan was observed in June 2017 by Trend Micro. Targets in this case were aerospace industry enterprises with Switzerland, Ukraine, Austria and the U.S most heavily targeted. The threat instantiates the usual array of RAT functionality – steal credentials, log keystrokes, take pictures and screenshots, exfiltrate data and more. Delivery tactics included a typical style of malicious spam with links to download a PIF (Program Information File) which is a .NET binary that downloads the Adwind malware.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 12.75
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 44.54
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1650 - Acquire Access
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

menuPass

Score: 25.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 21.12
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Gamaredon Group

Score: 76.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

APT32

Score: 56.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1216.001 - PubPrn
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Mustang Panda

Score: 78.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

MuddyWater

Score: 54.02
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Wizard Spider

Score: 41.28
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1547.004 - Winlogon Helper DLL
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Leviathan

Score: 47.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1534 - Internal Spearphishing
  • T1218.010 - Regsvr32
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 22.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1040 - Network Sniffing
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN7

Score: 57.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

GALLIUM

Score: 14.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 60.10
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1069 - Permission Groups Discovery
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1614 - System Location Discovery
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
MITREへのリンク →

Blue Mockingbird

Score: 15.32
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 9.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Lazarus Group

Score: 71.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Lotus Blossom

Score: 12.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sandworm Team

Score: 64.51
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1591.002 - Business Relationships
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 39.67
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Indrik Spider

Score: 23.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 23.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Stealth Falcon

Score: 8.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Aquatic Panda

Score: 21.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT29

Score: 41.57
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

OilRig

Score: 61.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Windshift

Score: 19.43
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 17.69
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

ToddyCat

Score: 13.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 11.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
MITREへのリンク →

Threat Group-3390

Score: 44.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1030 - Data Transfer Size Limits
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 17.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Ember Bear

Score: 33.95
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

Chimera

Score: 29.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 40.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1480 - Execution Guardrails
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 33.33
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1069 - Permission Groups Discovery
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.006 - Windows Remote Management
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Magic Hound

Score: 55.77
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT41

Score: 42.03
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1014 - Rootkit
  • T1069 - Permission Groups Discovery
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
  • T1562.006 - Indicator Blocking
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1030 - Data Transfer Size Limits
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 27.01
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Dragonfly

Score: 40.08
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 27.46
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 91.16
Matched TTPs:
  • T1113 - Screen Capture
  • T1003 - OS Credential Dumping
  • T1014 - Rootkit
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1557.004 - Evil Twin
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

MoustachedBouncer

Score: 6.82
Matched TTPs:
  • T1113 - Screen Capture
  • T1659 - Content Injection
MITREへのリンク →

GOLD SOUTHFIELD

Score: 12.56
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Winter Vivern

Score: 23.04
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Silence

Score: 14.20
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT39

Score: 32.90
Matched TTPs:
  • T1113 - Screen Capture
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Kimsuky

Score: 84.99
Matched TTPs:
  • T1113 - Screen Capture
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1176.001 - Browser Extensions
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1078.003 - Local Accounts
MITREへのリンク →

Dark Caracal

Score: 7.36
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sea Turtle

Score: 20.26
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1078.003 - Local Accounts
MITREへのリンク →

Agrius

Score: 16.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Contagious Interview

Score: 47.71
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1543.001 - Launch Agent
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Star Blizzard

Score: 13.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

TA577

Score: 6.65
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 25.67
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 66.55
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Tonto Team

Score: 13.75
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-0501

Score: 19.12
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1021.006 - Windows Remote Management
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1518.001 - Security Software Discovery
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Axiom

Score: 28.24
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1563.002 - RDP Hijacking
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 18.46
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 27.33
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 28.06
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

HEXANE

Score: 25.74
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

HAFNIUM

Score: 23.19
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

ZIRCONIUM

Score: 26.79
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 14.89
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 30.14
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

TA505

Score: 31.17
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 23.98
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

LuminousMoth

Score: 24.03
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1030 - Data Transfer Size Limits
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 10.19
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 21.32
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1030 - Data Transfer Size Limits
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 12.68
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1091 - Replication Through Removable Media
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 16.25
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 17.04
Matched TTPs:
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Cobalt Group

Score: 26.28
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Sidewinder

Score: 23.46
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1598.002 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 15.39
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gallmaker

Score: 4.41
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

BITTER

Score: 13.12
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 21.67
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Malteiro

Score: 7.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 9.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 8.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 10.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

WIRTE

Score: 7.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 8.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 3.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 18.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 29.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

DarkHydrus

Score: 4.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 10.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 16.40
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

PROMETHIUM

Score: 5.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Higaisa

Score: 16.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 8.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 8.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 25.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1588.002 - Tool
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 13.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 12.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 15.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Whitefly

Score: 4.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 7.02
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 10.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 14.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
MITREへのリンク →

SideCopy

Score: 18.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1614 - System Location Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 7.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Andariel

Score: 16.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 32.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1565.003 - Runtime Data Manipulation
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Molerats

Score: 14.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 5.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 25.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

The White Company

Score: 5.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

IndigoZebra

Score: 5.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 16.20
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Confucius

Score: 8.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 13.17
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 11.69
Matched TTPs:
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 11.32
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Silent Librarian

Score: 3.31
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
MITREへのリンク →

Daggerfly

Score: 16.92
Matched TTPs:
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BackdoorDiplomacy

Score: 7.29
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT5

Score: 18.52
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
  • T1070 - Indicator Removal
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

DarkVishnya

Score: 6.48
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Fox Kitten

Score: 21.56
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

Volatile Cedar

Score: 4.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Akira

Score: 12.69
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
MITREへのリンク →

LAPSUS$

Score: 22.70
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1213.005 - Messaging Applications
MITREへのリンク →

Metador

Score: 6.92
Matched TTPs:
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1542.002 - Component Firmware
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Thrip

Score: 6.52
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN10

Score: 7.40
Matched TTPs:
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

CopyKittens

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1669 - Wi-Fi Networks
  • T1584.008 - Network Devices
  • T1090.002 - External Proxy
  • T1564.003 - Hidden Window
  • T1039 - Data from Network Shared Drive
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1189 - Drive-by Compromise
  • T1036 - Masquerading
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
  • T1589.001 - Credentials
  • T1057 - Process Discovery
  • T1003 - OS Credential Dumping
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1014 - Rootkit
  • T1040 - Network Sniffing
  • T1211 - Exploitation for Defense Evasion
  • T1559.002 - Dynamic Data Exchange
  • T1210 - Exploitation of Remote Services
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1546.015 - Component Object Model Hijacking
  • T1025 - Data from Removable Media
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1598 - Phishing for Information
  • T1203 - Exploitation for Client Execution
  • T1557.004 - Evil Twin
  • T1091 - Replication Through Removable Media
  • T1105 - Ingress Tool Transfer
  • T1190 - Exploit Public-Facing Application
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1078.003 - Local Accounts
  • T1557 - Adversary-in-the-Middle
  • T1564.003 - Hidden Window
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1007 - System Service Discovery
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1219.002 - Remote Desktop Software
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1518.001 - Security Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1598.003 - Spearphishing Link
  • T1566 - Phishing
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1027.012 - LNK Icon Smuggling
  • T1587.001 - Malware
  • T1583.006 - Web Services
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1598 - Phishing for Information
  • T1176.001 - Browser Extensions
  • T1657 - Financial Theft
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1190 - Exploit Public-Facing Application
  • T1534 - Internal Spearphishing
MITREへのリンク →

Mustang Panda

Score: 0.72
Matched TTPs:
  • T1518 - Software Discovery
  • T1070 - Indicator Removal
  • T1557 - Adversary-in-the-Middle
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1176.002 - IDE Extensions
  • T1608 - Stage Capabilities
  • T1204.001 - Malicious Link
  • T1622 - Debugger Evasion
  • T1608.001 - Upload Malware
  • T1678 - Delay Execution
  • T1057 - Process Discovery
  • T1003 - OS Credential Dumping
  • T1219.002 - Remote Desktop Software
  • T1204.002 - Malicious File
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1027.012 - LNK Icon Smuggling
  • T1587.001 - Malware
  • T1583.006 - Web Services
  • T1588.003 - Code Signing Certificates
  • T1047 - Windows Management Instrumentation
  • T1203 - Exploitation for Client Execution
  • T1091 - Replication Through Removable Media
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1497.001 - System Checks
  • T1564.003 - Hidden Window
  • T1012 - Query Registry
  • T1039 - Data from Network Shared Drive
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
  • T1608.001 - Upload Malware
  • T1027.015 - Compression
  • T1057 - Process Discovery
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1102 - Web Service
  • T1518.001 - Security Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1016.001 - Internet Connection Discovery
  • T1588.002 - Tool
  • T1027.004 - Compile After Delivery
  • T1025 - Data from Removable Media
  • T1566.001 - Spearphishing Attachment
  • T1027.012 - LNK Icon Smuggling
  • T1491.001 - Internal Defacement
  • T1559.001 - Component Object Model
  • T1583.006 - Web Services
  • T1047 - Windows Management Instrumentation
  • T1091 - Replication Through Removable Media
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1534 - Internal Spearphishing
  • T1480 - Execution Guardrails
  • T1001 - Data Obfuscation
MITREへのリンク →

Lazarus Group

Score: 0.66
Matched TTPs:
  • T1566.003 - Spearphishing via Service
  • T1584.004 - Server
  • T1070 - Indicator Removal
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1010 - Application Window Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1189 - Drive-by Compromise
  • T1102.002 - Bidirectional Communication
  • T1090.001 - Internal Proxy
  • T1057 - Process Discovery
  • T1218 - System Binary Proxy Execution
  • T1204.002 - Malicious File
  • T1027.009 - Embedded Payloads
  • T1562.001 - Disable or Modify Tools
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1491.001 - Internal Defacement
  • T1587.001 - Malware
  • T1583.006 - Web Services
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1203 - Exploitation for Client Execution
  • T1574.013 - KernelCallbackTable
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Turla

Score: 0.66
Matched TTPs:
  • T1584.004 - Server
  • T1547.004 - Winlogon Helper DLL
  • T1078.003 - Local Accounts
  • T1555.004 - Windows Credential Manager
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1007 - System Service Discovery
  • T1189 - Drive-by Compromise
  • T1102.002 - Bidirectional Communication
  • T1090.001 - Internal Proxy
  • T1570 - Lateral Tool Transfer
  • T1204.001 - Malicious Link
  • T1057 - Process Discovery
  • T1102 - Web Service
  • T1584.006 - Web Services
  • T1518.001 - Security Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.001 - Malware
  • T1016.001 - Internet Connection Discovery
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1025 - Data from Removable Media
  • T1564.012 - File/Path Exclusions
  • T1587.001 - Malware
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
MITREへのリンク →

Sandworm Team

Score: 0.63
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1584.004 - Server
  • T1583 - Acquire Infrastructure
  • T1195.002 - Compromise Software Supply Chain
  • T1140 - Deobfuscate/Decode Files or Information
  • T1499 - Endpoint Denial of Service
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1584.005 - Botnet
  • T1204.001 - Malicious Link
  • T1608.001 - Upload Malware
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1195 - Supply Chain Compromise
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1587.001 - Malware
  • T1047 - Windows Management Instrumentation
  • T1591.002 - Business Relationships
  • T1203 - Exploitation for Client Execution
  • T1592.002 - Software
  • T1105 - Ingress Tool Transfer
  • T1190 - Exploit Public-Facing Application
  • T1078.002 - Domain Accounts
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1078.003 - Local Accounts
  • T1564.003 - Hidden Window
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1569.002 - Service Execution
  • T1497.002 - User Activity Based Checks
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
  • T1608.001 - Upload Malware
  • T1608.004 - Drive-by Target
  • T1057 - Process Discovery
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1559.002 - Dynamic Data Exchange
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1587.001 - Malware
  • T1583.006 - Web Services
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1091 - Replication Through Removable Media
  • T1105 - Ingress Tool Transfer
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

OilRig

Score: 0.58
Matched TTPs:
  • T1566.003 - Spearphishing via Service
  • T1497.001 - System Checks
  • T1555.004 - Windows Credential Manager
  • T1012 - Query Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219 - Remote Access Tools
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1204.001 - Malicious Link
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1195 - Supply Chain Compromise
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1137.004 - Outlook Home Page
  • T1025 - Data from Removable Media
  • T1566.001 - Spearphishing Attachment
  • T1587.001 - Malware
  • T1588.003 - Code Signing Certificates
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1078.002 - Domain Accounts
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Volt Typhoon

Score: 0.57
Matched TTPs:
  • T1518 - Software Discovery
  • T1584.004 - Server
  • T1497.001 - System Checks
  • T1584.008 - Network Devices
  • T1012 - Query Registry
  • T1010 - Application Window Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1007 - System Service Discovery
  • T1090.001 - Internal Proxy
  • T1570 - Lateral Tool Transfer
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1218 - System Binary Proxy Execution
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1588.002 - Tool
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1190 - Exploit Public-Facing Application
  • T1078.002 - Domain Accounts
  • T1614 - System Location Discovery
  • T1069 - Permission Groups Discovery
MITREへのリンク →

APT32

Score: 0.55
Matched TTPs:
  • T1078.003 - Local Accounts
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
  • T1569.002 - Service Execution
  • T1036 - Masquerading
  • T1570 - Lateral Tool Transfer
  • T1204.001 - Malicious Link
  • T1608.001 - Upload Malware
  • T1608.004 - Drive-by Target
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1102 - Web Service
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1047 - Windows Management Instrumentation
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1216.001 - PubPrn
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Magic Hound

Score: 0.55
Matched TTPs:
  • T1566.003 - Spearphishing via Service
  • T1595.002 - Vulnerability Scanning
  • T1573 - Encrypted Channel
  • T1564.003 - Hidden Window
  • T1562 - Impair Defenses
  • T1189 - Drive-by Compromise
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1204.001 - Malicious Link
  • T1589.001 - Credentials
  • T1057 - Process Discovery
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1562.001 - Disable or Modify Tools
  • T1598.003 - Spearphishing Link
  • T1016.001 - Internet Connection Discovery
  • T1588.002 - Tool
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1592.002 - Software
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1190 - Exploit Public-Facing Application
  • T1078.002 - Domain Accounts
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る