Trusted Design

Striking Oil: A Closer Look at Adversary Infrastructure

概要

While expanding our research into the TwoFace webshell from this past July, we were able to uncover several IP addresses that logged in and directly interfaced with the shell we discovered and wrote about. Investigating deeper into these potential adversary IPs revealed a much larger infrastructure used to execute the attacks. We found the infrastructure was segregated into different functions for specific malicious objectives. We found some sites that were set up as credential harvesters (likely used in phishing attacks), a compromised system that was used to interact with a TwoFace webshell to hide the actor’s location, and finally systems that interact with TwoFace webshell-compromised systems to provide command and control direction of those compromised systems.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 16.37
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1555.003 - Credentials from Web Browsers
  • T1491 - Defacement
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Moonstone Sleet

Score: 31.00
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1175 - Component Object Model and Distributed COM
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 13.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 17.11
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.013 - Process Doppelgänging
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN7

Score: 42.36
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1165 - Startup Items
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1062 - Hypervisor
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HAFNIUM

Score: 29.90
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059 - Command and Scripting Interpreter
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 19.79
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1055.013 - Process Doppelgänging
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 8.73
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1055.013 - Process Doppelgänging
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN10

Score: 5.23
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT32

Score: 36.72
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT39

Score: 31.12
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1543.003 - Windows Service
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1157 - Dylib Hijacking
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

APT37

Score: 15.15
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1055.013 - Process Doppelgänging
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lazarus Group

Score: 48.91
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1165 - Startup Items
  • T1547.011 - Plist Modification
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1069.001 - Local Groups
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Tropic Trooper

Score: 10.41
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1555.003 - Credentials from Web Browsers
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 29.70
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 27.52
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 60.10
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

ZIRCONIUM

Score: 21.85
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Chimera

Score: 27.17
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1062 - Hypervisor
  • T1491 - Defacement
  • T1155 - AppleScript
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 14.66
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Stealth Falcon

Score: 8.72
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1055.013 - Process Doppelgänging
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Volt Typhoon

Score: 64.09
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1148 - HISTCONTROL
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1560.003 - Archive via Custom Method
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1491 - Defacement
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1686.002 - Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1584.002 - DNS Server
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

LuminousMoth

Score: 14.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 19.42
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1165 - Startup Items
  • T1589 - Gather Victim Identity Information
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1686.002 - Network Device Firewall
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 48.21
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1547.012 - Print Processors
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1036.002 - Right-to-Left Override
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 15.27
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 26.55
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1589 - Gather Victim Identity Information
  • T1155 - AppleScript
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT41

Score: 46.87
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1539 - Steal Web Session Cookie
  • T1560.003 - Archive via Custom Method
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1059.008 - Network Device CLI
  • T1547.006 - Kernel Modules and Extensions
  • T1686.002 - Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

OilRig

Score: 36.08
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1165 - Startup Items
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

HEXANE

Score: 17.61
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Windshift

Score: 9.27
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 29.77
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1547.011 - Plist Modification
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 37.10
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1055.013 - Process Doppelgänging
  • T1175 - Component Object Model and Distributed COM
  • T1654 - Log Enumeration
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 42.49
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sandworm Team

Score: 78.73
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 23.71
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1165 - Startup Items
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sidewinder

Score: 10.80
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT3

Score: 14.94
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1547.011 - Plist Modification
  • T1059.008 - Network Device CLI
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Kimsuky

Score: 78.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1602.002 - Network Device Configuration Dump
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 23.15
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1686.002 - Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ember Bear

Score: 34.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Indrik Spider

Score: 16.24
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1157 - Dylib Hijacking
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 8.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Contagious Interview

Score: 54.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1586.003 - Cloud Accounts
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1686.002 - Network Device Firewall
  • T1564.009 - Resource Forking
  • T1690 - Prevent Command History Logging
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Star Blizzard

Score: 19.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1102.003 - One-Way Communication
  • T1157 - Dylib Hijacking
  • T1168 - Local Job Scheduling
MITREへのリンク →

Mustang Panda

Score: 39.52
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1562.006 - Indicator Blocking
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 12.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackByte

Score: 28.40
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1586.002 - Email Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 71.65
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1078.001 - Default Accounts
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-0501

Score: 10.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1155 - AppleScript
  • T1552.003 - Shell History
MITREへのリンク →

Axiom

Score: 31.79
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1189 - Drive-by Compromise
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 41.94
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1165 - Startup Items
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 14.18
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA551

Score: 7.96
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 38.74
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1036.002 - Right-to-Left Override
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1555.004 - Windows Credential Manager
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA2541

Score: 14.70
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1036.002 - Right-to-Left Override
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 5.67
Matched TTPs:
  • T1099 - Timestomp
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 39.20
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 46.27
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1131 - Authentication Package
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 45.54
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1566.002 - Spearphishing Link
  • T1165 - Startup Items
  • T1062 - Hypervisor
  • T1491 - Defacement
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1686.002 - Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1197 - BITS Jobs
  • T1498 - Network Denial of Service
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 12.99
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silent Librarian

Score: 7.17
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1157 - Dylib Hijacking
MITREへのリンク →

EXOTIC LILY

Score: 17.09
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

UNC3886

Score: 32.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1606 - Forge Web Credentials
  • T1686.002 - Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Salt Typhoon

Score: 19.05
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 14.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1142 - Keychain
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 5.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 14.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Moses Staff

Score: 6.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 27.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1165 - Startup Items
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1612 - Build Image on Host
  • T1142 - Keychain
  • T1547.006 - Kernel Modules and Extensions
  • T1686.002 - Network Device Firewall
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 6.65
Matched TTPs:
  • T1543.003 - Windows Service
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 6.92
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 16.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 11.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT1

Score: 3.91
Matched TTPs:
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
MITREへのリンク →

APT33

Score: 9.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 14.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1586.002 - Email Accounts
  • T1062 - Hypervisor
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 8.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

LazyScripter

Score: 13.05
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 13.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1599 - Network Boundary Bridging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

CURIUM

Score: 20.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 28.33
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1491 - Defacement
  • T1045 - Software Packing
  • T1055.013 - Process Doppelgänging
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 13.45
Matched TTPs:
  • T1165 - Startup Items
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

menuPass

Score: 14.43
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 21.37
Matched TTPs:
  • T1165 - Startup Items
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1547.006 - Kernel Modules and Extensions
  • T1686.002 - Network Device Firewall
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Velvet Ant

Score: 16.87
Matched TTPs:
  • T1583.005 - Botnet
  • T1036.009 - Break Process Trees
  • T1686.002 - Network Device Firewall
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 5.63
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
MITREへのリンク →

INC Ransom

Score: 20.14
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LAPSUS$

Score: 31.09
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
MITREへのリンク →

IndigoZebra

Score: 5.46
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1584.002 - DNS Server
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 12.34
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 7.82
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

BackdoorDiplomacy

Score: 6.47
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 12.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Cinnamon Tempest

Score: 11.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 9.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1547.006 - Kernel Modules and Extensions
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Carbanak

Score: 6.41
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Akira

Score: 6.54
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

FIN6

Score: 15.60
Matched TTPs:
  • T1062 - Hypervisor
  • T1055.013 - Process Doppelgänging
  • T1612 - Build Image on Host
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

SilverTerrier

Score: 7.00
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN5

Score: 6.51
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1157 - Dylib Hijacking
MITREへのリンク →

Silence

Score: 9.21
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Windigo

Score: 6.45
Matched TTPs:
  • T1045 - Software Packing
  • T1055.013 - Process Doppelgänging
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Whitefly

Score: 3.12
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 4.42
Matched TTPs:
  • T1136.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedEcho

Score: 4.47
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Inception

Score: 5.20
Matched TTPs:
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

BRONZE BUTLER

Score: 11.54
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT18

Score: 3.39
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 9.49
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Higaisa

Score: 9.45
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

Darkhotel

Score: 4.04
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 3.63
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

PLATINUM

Score: 7.08
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Dark Caracal

Score: 5.48
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1045 - Software Packing
  • T1557.003 - DHCP Spoofing
  • T1556.005 - Reversible Encryption
  • T1566.002 - Spearphishing Link
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1583.005 - Botnet
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1586.002 - Email Accounts
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1114 - Email Collection
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1606.002 - SAML Tokens
  • T1187 - Forced Authentication
  • T1091 - Replication Through Removable Media
  • T1564.008 - Email Hiding Rules
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1033 - System Owner/User Discovery
  • T1484.002 - Trust Modification
  • T1546.016 - Installer Packages
  • T1005 - Data from Local System
  • T1075 - Pass the Hash
  • T1547.013 - XDG Autostart Entries
  • T1102.003 - One-Way Communication
  • T1557 - Adversary-in-the-Middle
MITREへのリンク →

Kimsuky

Score: 0.80
Matched TTPs:
  • T1557.003 - DHCP Spoofing
  • T1556.005 - Reversible Encryption
  • T1683.001 - Written Content
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1583.005 - Botnet
  • T1197 - BITS Jobs
  • T1555.003 - Credentials from Web Browsers
  • T1602.002 - Network Device Configuration Dump
  • T1024 - Custom Cryptographic Protocol
  • T1654 - Log Enumeration
  • T1140 - Deobfuscate/Decode Files or Information
  • T1114 - Email Collection
  • T1601.001 - Patch System Image
  • T1606.002 - SAML Tokens
  • T1690 - Prevent Command History Logging
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1008 - Fallback Channels
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1033 - System Owner/User Discovery
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1102.003 - One-Way Communication
  • T1126 - Network Share Connection Removal
MITREへのリンク →

APT28

Score: 0.75
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1566.002 - Spearphishing Link
  • T1548.004 - Elevated Execution with Prompt
  • T1597.002 - Purchase Technical Data
  • T1218.010 - Regsvr32
  • T1583.005 - Botnet
  • T1197 - BITS Jobs
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1586.003 - Cloud Accounts
  • T1024 - Custom Cryptographic Protocol
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1139 - Bash History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1547.011 - Plist Modification
  • T1685.001 - Disable or Modify Windows Event Log
  • T1131 - Authentication Package
  • T1078.001 - Default Accounts
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1059.012 - Hypervisor CLI
  • T1175 - Component Object Model and Distributed COM
MITREへのリンク →

Volt Typhoon

Score: 0.69
Matched TTPs:
  • T1045 - Software Packing
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1569.002 - Service Execution
  • T1099 - Timestomp
  • T1049 - System Network Connections Discovery
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
  • T1114 - Email Collection
  • T1176 - Software Extensions
  • T1491 - Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1148 - HISTCONTROL
  • T1574.002 - DLL Side-Loading
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1102.003 - One-Way Communication
  • T1557 - Adversary-in-the-Middle
  • T1686.002 - Network Device Firewall
  • T1584.002 - DNS Server
  • T1560.003 - Archive via Custom Method
MITREへのリンク →

Magic Hound

Score: 0.66
Matched TTPs:
  • T1045 - Software Packing
  • T1556.005 - Reversible Encryption
  • T1062 - Hypervisor
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1555.003 - Credentials from Web Browsers
  • T1586.003 - Cloud Accounts
  • T1024 - Custom Cryptographic Protocol
  • T1099 - Timestomp
  • T1592.003 - Firmware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1187 - Forced Authentication
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1547.008 - LSASS Driver
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.013 - XDG Autostart Entries
  • T1557 - Adversary-in-the-Middle
  • T1059.012 - Hypervisor CLI
  • T1683 - Generate Content
MITREへのリンク →

Contagious Interview

Score: 0.58
Matched TTPs:
  • T1045 - Software Packing
  • T1221 - Template Injection
  • T1606.002 - SAML Tokens
  • T1586.003 - Cloud Accounts
  • T1033 - System Owner/User Discovery
  • T1608.005 - Link Target
  • T1564.009 - Resource Forking
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
  • T1552.003 - Shell History
  • T1102.003 - One-Way Communication
  • T1686.002 - Network Device Firewall
  • T1601.001 - Patch System Image
  • T1175 - Component Object Model and Distributed COM
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1126 - Network Share Connection Removal
  • T1021.006 - Windows Remote Management
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る