Trusted Design

TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind

概要

Activity involving the cross-platform Adwind family Remote Access Trojan was observed in June 2017 by Trend Micro. Targets in this case were aerospace industry enterprises with Switzerland, Ukraine, Austria and the U.S most heavily targeted. The threat instantiates the usual array of RAT functionality – steal credentials, log keystrokes, take pictures and screenshots, exfiltrate data and more. Delivery tactics included a typical style of malicious spam with links to download a PIF (Program Information File) which is a .NET binary that downloads the Adwind malware.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 12.75
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 44.54
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1598 - Phishing for Information
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

menuPass

Score: 25.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

INC Ransom

Score: 21.12
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gamaredon Group

Score: 76.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1547.012 - Print Processors
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1562.010 - Downgrade Attack
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

APT32

Score: 56.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1110.001 - Password Guessing
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mustang Panda

Score: 78.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1037 - Boot or Logon Initialization Scripts
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

MuddyWater

Score: 54.02
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.012 - Print Processors
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Wizard Spider

Score: 41.28
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1003.001 - LSASS Memory
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Leviathan

Score: 47.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1204 - User Execution
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Velvet Ant

Score: 22.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1583.005 - Botnet
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 57.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

GALLIUM

Score: 14.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 60.10
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1560.003 - Archive via Custom Method
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1584.002 - DNS Server
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
MITREへのリンク →

Blue Mockingbird

Score: 15.32
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Naikon

Score: 9.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

Lazarus Group

Score: 71.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1547.011 - Plist Modification
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Lotus Blossom

Score: 12.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Sandworm Team

Score: 64.51
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1166 - Setuid and Setgid
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 39.67
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Indrik Spider

Score: 23.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

TA2541

Score: 23.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Stealth Falcon

Score: 8.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Aquatic Panda

Score: 21.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT29

Score: 41.57
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1138 - Application Shimming
  • T1608.005 - Link Target
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

OilRig

Score: 61.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Windshift

Score: 19.43
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 17.69
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

ToddyCat

Score: 13.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1547.008 - LSASS Driver
MITREへのリンク →

Deep Panda

Score: 11.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Threat Group-3390

Score: 44.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1155 - AppleScript
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 17.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Ember Bear

Score: 33.95
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1003.003 - NTDS
MITREへのリンク →

Chimera

Score: 29.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1155 - AppleScript
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackByte

Score: 40.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1059.009 - Cloud API
  • T1562.010 - Downgrade Attack
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN13

Score: 33.33
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1155 - AppleScript
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Magic Hound

Score: 55.77
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1156 - Malicious Shell Modification
  • T1099 - Timestomp
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1166 - Setuid and Setgid
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 42.03
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1499.001 - OS Exhaustion Flood
  • T1560.003 - Archive via Custom Method
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1177 - LSASS Driver
  • T1578.003 - Delete Cloud Instance
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1574.009 - Path Interception by Unquoted Path
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN8

Score: 27.01
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

Dragonfly

Score: 40.08
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 27.46
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 91.16
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1597.002 - Purchase Technical Data
  • T1499.001 - OS Exhaustion Flood
  • T1685.001 - Disable or Modify Windows Event Log
  • T1552.005 - Cloud Instance Metadata API
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1139 - Bash History
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1205.001 - Port Knocking
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1553.004 - Install Root Certificate
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MoustachedBouncer

Score: 6.82
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

GOLD SOUTHFIELD

Score: 12.56
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Winter Vivern

Score: 23.04
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 14.20
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT39

Score: 32.90
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Kimsuky

Score: 84.99
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1553.004 - Install Root Certificate
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Dark Caracal

Score: 7.36
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sea Turtle

Score: 20.26
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Agrius

Score: 16.22
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 47.71
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.006 - Python
  • T1565.002 - Transmitted Data Manipulation
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Star Blizzard

Score: 13.60
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
MITREへのリンク →

TA577

Score: 6.65
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 25.67
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 66.55
Matched TTPs:
  • T1056.001 - Keylogging
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Tonto Team

Score: 13.75
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-0501

Score: 19.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1155 - AppleScript
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Axiom

Score: 28.24
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1189 - Drive-by Compromise
  • T1622 - Debugger Evasion
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 18.46
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 27.33
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 28.06
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

HEXANE

Score: 25.74
Matched TTPs:
  • T1099 - Timestomp
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

HAFNIUM

Score: 23.19
Matched TTPs:
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

ZIRCONIUM

Score: 26.79
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 14.89
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 30.14
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1566.002 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

TA505

Score: 31.17
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 23.98
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 24.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1574.009 - Path Interception by Unquoted Path
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 10.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 21.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1574.009 - Path Interception by Unquoted Path
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 12.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1058 - Service Registry Permissions Weakness
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 16.25
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 17.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cobalt Group

Score: 26.28
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 23.46
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 15.39
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gallmaker

Score: 4.41
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

BITTER

Score: 13.12
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 21.67
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 7.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 9.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 8.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 10.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

WIRTE

Score: 7.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 8.09
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 3.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 18.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1205.001 - Port Knocking
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 29.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

DarkHydrus

Score: 4.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

TA551

Score: 10.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 16.40
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PROMETHIUM

Score: 5.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Higaisa

Score: 16.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1569.002 - Service Execution
  • T1546.017 - Udev Rules
MITREへのリンク →

Rancor

Score: 8.56
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1204 - User Execution
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 8.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 25.42
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1205.001 - Port Knocking
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 13.54
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

EXOTIC LILY

Score: 12.98
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 15.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Whitefly

Score: 4.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 7.02
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 10.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 14.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

SideCopy

Score: 18.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 7.62
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Andariel

Score: 16.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 32.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1675 - ESXi Administration Command
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Molerats

Score: 14.77
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 5.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 25.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

The White Company

Score: 5.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

IndigoZebra

Score: 5.30
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 16.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1556 - Modify Authentication Process
MITREへのリンク →

Confucius

Score: 8.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 13.17
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 11.69
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 11.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

Silent Librarian

Score: 3.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
MITREへのリンク →

Daggerfly

Score: 16.92
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BackdoorDiplomacy

Score: 7.29
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 18.52
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.003 - Delete Cloud Instance
  • T1677 - Poisoned Pipeline Execution
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

DarkVishnya

Score: 6.48
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
MITREへのリンク →

Fox Kitten

Score: 21.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

Volatile Cedar

Score: 4.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Akira

Score: 12.69
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1601 - Modify System Image
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

LAPSUS$

Score: 22.70
Matched TTPs:
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1601 - Modify System Image
  • T1592.003 - Firmware
  • T1588.005 - Exploits
MITREへのリンク →

Metador

Score: 6.92
Matched TTPs:
  • T1136.002 - Domain Account
  • T1204 - User Execution
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1589.003 - Employee Names
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Thrip

Score: 6.52
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN10

Score: 7.40
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

CopyKittens

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1542.004 - ROMMONkit
  • T1156 - Malicious Shell Modification
  • T1566.002 - Spearphishing Link
  • T1139 - Bash History
  • T1197 - BITS Jobs
  • T1199 - Trusted Relationship
  • T1558 - Steal or Forge Kerberos Tickets
  • T1574.009 - Path Interception by Unquoted Path
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.010 - AutoHotKey & AutoIT
  • T1058 - Service Registry Permissions Weakness
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1206 - Sudo Caching
  • T1546.007 - Netsh Helper DLL
  • T1547.013 - XDG Autostart Entries
  • T1552.005 - Cloud Instance Metadata API
  • T1547.011 - Plist Modification
  • T1583.005 - Botnet
  • T1205.001 - Port Knocking
  • T1592.003 - Firmware
  • T1566.003 - Spearphishing via Service
  • T1685.001 - Disable or Modify Windows Event Log
  • T1583.006 - Web Services
  • T1499.001 - OS Exhaustion Flood
  • T1562.004 - Disable or Modify System Firewall
  • T1059.012 - Hypervisor CLI
  • T1548.004 - Elevated Execution with Prompt
  • T1597.002 - Purchase Technical Data
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1608.005 - Link Target
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1033 - System Owner/User Discovery
  • T1037 - Boot or Logon Initialization Scripts
  • T1156 - Malicious Shell Modification
  • T1506 - Web Session Cookie
  • T1566.002 - Spearphishing Link
  • T1490 - Inhibit System Recovery
  • T1197 - BITS Jobs
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1570 - Lateral Tool Transfer
  • T1003.003 - NTDS
  • T1091 - Replication Through Removable Media
  • T1213.006 - Databases
  • T1608 - Stage Capabilities
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.014 - VDSO Hijacking
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1622 - Debugger Evasion
  • T1526 - Cloud Service Discovery
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1583.005 - Botnet
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.009 - Cloud API
  • T1027.014 - Polymorphic Code
  • T1597 - Search Closed Sources
  • T1565.002 - Transmitted Data Manipulation
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1608.005 - Link Target
MITREへのリンク →

Mustang Panda

Score: 0.72
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1047 - Windows Management Instrumentation
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1169 - Sudo
  • T1059.010 - AutoHotKey & AutoIT
  • T1058 - Service Registry Permissions Weakness
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1055.005 - Thread Local Storage
  • T1526 - Cloud Service Discovery
  • T1606.002 - SAML Tokens
  • T1204 - User Execution
  • T1547.013 - XDG Autostart Entries
  • T1136.001 - Local Account
  • T1071.001 - Web Protocols
  • T1159 - Launch Agent
  • T1583.006 - Web Services
  • T1556 - Modify Authentication Process
  • T1089 - Disabling Security Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1612 - Build Image on Host
  • T1597.002 - Purchase Technical Data
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1542.004 - ROMMONkit
  • T1156 - Malicious Shell Modification
  • T1061 - Graphical User Interface
  • T1506 - Web Session Cookie
  • T1059.013 - Container CLI/API
  • T1199 - Trusted Relationship
  • T1047 - Windows Management Instrumentation
  • T1546.017 - Udev Rules
  • T1562.009 - Safe Mode Boot
  • T1570 - Lateral Tool Transfer
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.014 - VDSO Hijacking
  • T1058 - Service Registry Permissions Weakness
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1552.005 - Cloud Instance Metadata API
  • T1583.006 - Web Services
  • T1099 - Timestomp
  • T1562.010 - Downgrade Attack
  • T1059.009 - Cloud API
  • T1547.012 - Print Processors
  • T1597 - Search Closed Sources
  • T1606.001 - Web Cookies
  • T1612 - Build Image on Host
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1608.005 - Link Target
MITREへのリンク →

Lazarus Group

Score: 0.66
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1069.001 - Local Groups
  • T1677 - Poisoned Pipeline Execution
  • T1070.008 - Clear Mailbox Data
  • T1199 - Trusted Relationship
  • T1047 - Windows Management Instrumentation
  • T1543.003 - Windows Service
  • T1570 - Lateral Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1087.002 - Domain Account
  • T1622 - Debugger Evasion
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
  • T1547.011 - Plist Modification
  • T1583.006 - Web Services
  • T1556 - Modify Authentication Process
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
  • T1547.008 - LSASS Driver
  • T1059.012 - Hypervisor CLI
  • T1089 - Disabling Security Tools
  • T1597 - Search Closed Sources
  • T1606.001 - Web Cookies
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1070.006 - Timestomp
  • T1132.001 - Standard Encoding
MITREへのリンク →

Turla

Score: 0.66
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1506 - Web Session Cookie
  • T1490 - Inhibit System Recovery
  • T1199 - Trusted Relationship
  • T1543.003 - Windows Service
  • T1570 - Lateral Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.002 - Domain Account
  • T1027.018 - Invisible Unicode
  • T1566.004 - Spearphishing Voice
  • T1606.002 - SAML Tokens
  • T1204 - User Execution
  • T1547.013 - XDG Autostart Entries
  • T1552.005 - Cloud Instance Metadata API
  • T1003.001 - LSASS Memory
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1099 - Timestomp
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
  • T1059.009 - Cloud API
  • T1059.012 - Hypervisor CLI
  • T1597 - Search Closed Sources
  • T1556.009 - Conditional Access Policies
  • T1612 - Build Image on Host
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1056.001 - Keylogging
MITREへのリンク →

Sandworm Team

Score: 0.63
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1033 - System Owner/User Discovery
  • T1049 - System Network Connections Discovery
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1558 - Steal or Forge Kerberos Tickets
  • T1075 - Pass the Hash
  • T1047 - Windows Management Instrumentation
  • T1586.002 - Email Accounts
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1005 - Data from Local System
  • T1091 - Replication Through Removable Media
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1566.004 - Spearphishing Voice
  • T1606.002 - SAML Tokens
  • T1193 - Spearphishing Attachment
  • T1547.013 - XDG Autostart Entries
  • T1583.005 - Botnet
  • T1187 - Forced Authentication
  • T1546.016 - Installer Packages
  • T1562.004 - Disable or Modify System Firewall
  • T1547.002 - Authentication Package
  • T1573 - Encrypted Channel
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1156 - Malicious Shell Modification
  • T1490 - Inhibit System Recovery
  • T1199 - Trusted Relationship
  • T1047 - Windows Management Instrumentation
  • T1586.002 - Email Accounts
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.007 - Dynamic API Resolution
  • T1058 - Service Registry Permissions Weakness
  • T1059.001 - PowerShell
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1622 - Debugger Evasion
  • T1206 - Sudo Caching
  • T1606.002 - SAML Tokens
  • T1564.002 - Hidden Users
  • T1547.013 - XDG Autostart Entries
  • T1115 - Clipboard Data
  • T1011.001 - Exfiltration Over Bluetooth
  • T1583.006 - Web Services
  • T1547.002 - Authentication Package
  • T1573 - Encrypted Channel
  • T1553.004 - Install Root Certificate
  • T1608.005 - Link Target
MITREへのリンク →

OilRig

Score: 0.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1156 - Malicious Shell Modification
  • T1199 - Trusted Relationship
  • T1558 - Steal or Forge Kerberos Tickets
  • T1047 - Windows Management Instrumentation
  • T1586.002 - Email Accounts
  • T1543.003 - Windows Service
  • T1166 - Setuid and Setgid
  • T1562.009 - Safe Mode Boot
  • T1005 - Data from Local System
  • T1570 - Lateral Tool Transfer
  • T1091 - Replication Through Removable Media
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1622 - Debugger Evasion
  • T1526 - Cloud Service Discovery
  • T1606.002 - SAML Tokens
  • T1547.013 - XDG Autostart Entries
  • T1552.005 - Cloud Instance Metadata API
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1556 - Modify Authentication Process
  • T1059.009 - Cloud API
  • T1547.008 - LSASS Driver
  • T1556.009 - Conditional Access Policies
  • T1592.002 - Software
MITREへのリンク →

Volt Typhoon

Score: 0.57
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1156 - Malicious Shell Modification
  • T1070.008 - Clear Mailbox Data
  • T1199 - Trusted Relationship
  • T1584.002 - DNS Server
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.009 - Safe Mode Boot
  • T1166 - Setuid and Setgid
  • T1570 - Lateral Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1622 - Debugger Evasion
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1003.007 - Proc Filesystem
  • T1560.003 - Archive via Custom Method
  • T1159 - Launch Agent
  • T1685.001 - Disable or Modify Windows Event Log
  • T1583.006 - Web Services
  • T1099 - Timestomp
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
  • T1059.009 - Cloud API
  • T1070.006 - Timestomp
MITREへのリンク →

APT32

Score: 0.55
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1490 - Inhibit System Recovery
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1558 - Steal or Forge Kerberos Tickets
  • T1047 - Windows Management Instrumentation
  • T1543.003 - Windows Service
  • T1570 - Lateral Tool Transfer
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1566.004 - Spearphishing Voice
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
  • T1115 - Clipboard Data
  • T1556 - Modify Authentication Process
  • T1059.009 - Cloud API
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
  • T1089 - Disabling Security Tools
  • T1110.001 - Password Guessing
  • T1612 - Build Image on Host
  • T1597.002 - Purchase Technical Data
  • T1553.004 - Install Root Certificate
  • T1608.005 - Link Target
MITREへのリンク →

Magic Hound

Score: 0.55
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1047 - Windows Management Instrumentation
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1070.003 - Clear Command History
  • T1027.018 - Invisible Unicode
  • T1087.002 - Domain Account
  • T1622 - Debugger Evasion
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1583.006 - Web Services
  • T1099 - Timestomp
  • T1059.009 - Cloud API
  • T1547.008 - LSASS Driver
  • T1683 - Generate Content
  • T1562.004 - Disable or Modify System Firewall
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1608.005 - Link Target
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る