Trusted Design

Striking Oil: A Closer Look at Adversary Infrastructure

概要

While expanding our research into the TwoFace webshell from this past July, we were able to uncover several IP addresses that logged in and directly interfaced with the shell we discovered and wrote about. Investigating deeper into these potential adversary IPs revealed a much larger infrastructure used to execute the attacks. We found the infrastructure was segregated into different functions for specific malicious objectives. We found some sites that were set up as credential harvesters (likely used in phishing attacks), a compromised system that was used to interact with a TwoFace webshell to hide the actor’s location, and finally systems that interact with TwoFace webshell-compromised systems to provide command and control direction of those compromised systems.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 16.37
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1505.003 - Web Shell
  • T1217 - Browser Information Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Moonstone Sleet

Score: 31.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1217 - Browser Information Discovery
  • T1583.003 - Virtual Private Server
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN8

Score: 13.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 17.11
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1059 - Command and Scripting Interpreter
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

FIN7

Score: 42.36
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1021.004 - SSH
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1572 - Protocol Tunneling
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 29.90
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Winter Vivern

Score: 19.79
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1056.003 - Web Portal Capture
  • T1059 - Command and Scripting Interpreter
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 8.73
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1059 - Command and Scripting Interpreter
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN10

Score: 5.23
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT32

Score: 36.72
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT39

Score: 31.12
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1566.002 - Spearphishing Link
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1078 - Valid Accounts
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT37

Score: 15.15
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1059 - Command and Scripting Interpreter
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Lazarus Group

Score: 48.91
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1021.004 - SSH
  • T1090.002 - External Proxy
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1574.013 - KernelCallbackTable
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Tropic Trooper

Score: 10.41
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1505.003 - Web Shell
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 29.70
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 27.52
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Magic Hound

Score: 60.10
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 21.85
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
MITREへのリンク →

Chimera

Score: 27.17
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1572 - Protocol Tunneling
  • T1217 - Browser Information Discovery
  • T1021.006 - Windows Remote Management
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 14.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Stealth Falcon

Score: 8.72
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1059 - Command and Scripting Interpreter
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
MITREへのリンク →

Volt Typhoon

Score: 64.09
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1592 - Gather Victim Host Information
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1069 - Permission Groups Discovery
  • T1594 - Search Victim-Owned Websites
  • T1590.004 - Network Topology
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1217 - Browser Information Discovery
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1059.004 - Unix Shell
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1614 - System Location Discovery
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

LuminousMoth

Score: 14.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aquatic Panda

Score: 19.42
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1021.004 - SSH
  • T1021 - Remote Services
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1059.004 - Unix Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 48.21
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1559.001 - Component Object Model
  • T1608.001 - Upload Malware
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1568 - Dynamic Resolution
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 15.27
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 26.55
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1021 - Remote Services
  • T1021.006 - Windows Remote Management
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT41

Score: 46.87
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1568.002 - Domain Generation Algorithms
  • T1069 - Permission Groups Discovery
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1104 - Multi-Stage Channels
  • T1496.001 - Compute Hijacking
  • T1059.004 - Unix Shell
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

OilRig

Score: 36.08
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1021.004 - SSH
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HEXANE

Score: 17.61
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Windshift

Score: 9.27
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MuddyWater

Score: 29.77
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1090.002 - External Proxy
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 37.10
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1059 - Command and Scripting Interpreter
  • T1583.003 - Virtual Private Server
  • T1564.002 - Hidden Users
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 42.49
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Sandworm Team

Score: 78.73
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-1811

Score: 23.71
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1021.004 - SSH
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 10.80
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT3

Score: 14.94
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1069 - Permission Groups Discovery
  • T1566.002 - Spearphishing Link
  • T1090.002 - External Proxy
  • T1104 - Multi-Stage Channels
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Kimsuky

Score: 78.38
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1185 - Browser Session Hijacking
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1593.002 - Search Engines
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1566 - Phishing
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 23.15
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1566 - Phishing
  • T1059.004 - Unix Shell
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 34.66
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1021 - Remote Services
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Indrik Spider

Score: 16.24
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1078 - Valid Accounts
  • T1136 - Create Account
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 8.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 54.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1567 - Exfiltration Over Web Service
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1059.004 - Unix Shell
  • T1546.004 - Unix Shell Configuration Modification
  • T1593.001 - Social Media
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Star Blizzard

Score: 19.38
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1593 - Search Open Websites/Domains
  • T1078 - Valid Accounts
  • T1550.004 - Web Session Cookie
MITREへのリンク →

Mustang Panda

Score: 39.52
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tonto Team

Score: 12.12
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1078 - Valid Accounts
MITREへのリンク →

BlackByte

Score: 28.40
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1219 - Remote Access Tools
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 71.65
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1567 - Exfiltration Over Web Service
  • T1557.004 - Evil Twin
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1092 - Communication Through Removable Media
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-0501

Score: 10.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1021.006 - Windows Remote Management
  • T1657 - Financial Theft
MITREへのリンク →

Axiom

Score: 31.79
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1563.002 - RDP Hijacking
  • T1001.002 - Steganography
MITREへのリンク →

Leviathan

Score: 41.94
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1021.004 - SSH
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 14.18
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA551

Score: 7.96
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 38.74
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1568 - Dynamic Resolution
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1651 - Cloud Administration Command
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA2541

Score: 14.70
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1568 - Dynamic Resolution
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lotus Blossom

Score: 5.67
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 39.20
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1069 - Permission Groups Discovery
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1087 - Account Discovery
  • T1657 - Financial Theft
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Turla

Score: 46.27
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1071.003 - Mail Protocols
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

Scattered Spider

Score: 45.54
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1598.003 - Spearphishing Link
  • T1021.004 - SSH
  • T1572 - Protocol Tunneling
  • T1217 - Browser Information Discovery
  • T1598.004 - Spearphishing Voice
  • T1087 - Account Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1059.004 - Unix Shell
  • T1078 - Valid Accounts
  • T1598 - Phishing for Information
  • T1136 - Create Account
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 12.99
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silent Librarian

Score: 7.17
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1078 - Valid Accounts
MITREへのリンク →

EXOTIC LILY

Score: 17.09
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

UNC3886

Score: 32.08
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1059.004 - Unix Shell
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 19.05
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1136 - Create Account
MITREへのリンク →

Play

Score: 14.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1048 - Exfiltration Over Alternative Protocol
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 5.82
Matched TTPs:
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 14.42
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1071.001 - Web Protocols
MITREへのリンク →

Moses Staff

Score: 6.11
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 27.41
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1102 - Web Service
  • T1048 - Exfiltration Over Alternative Protocol
  • T1496.001 - Compute Hijacking
  • T1059.004 - Unix Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 6.65
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 6.92
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustard Tempest

Score: 16.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 11.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 3.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1588.001 - Malware
MITREへのリンク →

APT33

Score: 9.36
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 14.81
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219 - Remote Access Tools
  • T1572 - Protocol Tunneling
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 8.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
MITREへのリンク →

LazyScripter

Score: 13.05
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT42

Score: 13.50
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1056 - Input Capture
  • T1071.001 - Web Protocols
MITREへのリンク →

CURIUM

Score: 20.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Fox Kitten

Score: 28.33
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1217 - Browser Information Discovery
  • T1090 - Proxy
  • T1059 - Command and Scripting Interpreter
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT5

Score: 13.45
Matched TTPs:
  • T1021.004 - SSH
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

menuPass

Score: 14.43
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 21.37
Matched TTPs:
  • T1021.004 - SSH
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1496.001 - Compute Hijacking
  • T1059.004 - Unix Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Velvet Ant

Score: 16.87
Matched TTPs:
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1059.004 - Unix Shell
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

DarkVishnya

Score: 5.63
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
MITREへのリンク →

INC Ransom

Score: 20.14
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

LAPSUS$

Score: 31.09
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
MITREへのリンク →

IndigoZebra

Score: 5.46
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SideCopy

Score: 6.88
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1614 - System Location Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 12.34
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 7.82
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BackdoorDiplomacy

Score: 6.47
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 12.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Cinnamon Tempest

Score: 11.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 9.83
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1496.001 - Compute Hijacking
  • T1569.002 - Service Execution
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Carbanak

Score: 6.41
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Akira

Score: 6.54
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

FIN6

Score: 15.60
Matched TTPs:
  • T1572 - Protocol Tunneling
  • T1059 - Command and Scripting Interpreter
  • T1102 - Web Service
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

SilverTerrier

Score: 7.00
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1657 - Financial Theft
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN5

Score: 6.51
Matched TTPs:
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1078 - Valid Accounts
MITREへのリンク →

Silence

Score: 9.21
Matched TTPs:
  • T1090.002 - External Proxy
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Windigo

Score: 6.45
Matched TTPs:
  • T1090 - Proxy
  • T1059 - Command and Scripting Interpreter
  • T1189 - Drive-by Compromise
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Whitefly

Score: 3.12
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 4.42
Matched TTPs:
  • T1588.001 - Malware
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RedEcho

Score: 4.47
Matched TTPs:
  • T1568 - Dynamic Resolution
  • T1071.001 - Web Protocols
MITREへのリンク →

Inception

Score: 5.20
Matched TTPs:
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

BRONZE BUTLER

Score: 11.54
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT18

Score: 3.39
Matched TTPs:
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Daggerfly

Score: 9.49
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Higaisa

Score: 9.45
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
MITREへのリンク →

Darkhotel

Score: 4.04
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 3.63
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

PLATINUM

Score: 7.08
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

Dark Caracal

Score: 5.48
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1593 - Search Open Websites/Domains
  • T1583.004 - Server
  • T1033 - System Owner/User Discovery
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1587.001 - Malware
  • T1105 - Ingress Tool Transfer
  • T1566.002 - Spearphishing Link
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1078 - Valid Accounts
  • T1584.005 - Botnet
  • T1608.001 - Upload Malware
  • T1027.010 - Command Obfuscation
  • T1570 - Lateral Tool Transfer
  • T1491.002 - External Defacement
  • T1584.004 - Server
  • T1499 - Endpoint Denial of Service
  • T1219 - Remote Access Tools
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1071.001 - Web Protocols
  • T1592.002 - Software
  • T1090 - Proxy
  • T1040 - Network Sniffing
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1594 - Search Victim-Owned Websites
  • T1586.001 - Social Media Accounts
  • T1195 - Supply Chain Compromise
MITREへのリンク →

Kimsuky

Score: 0.80
Matched TTPs:
  • T1593 - Search Open Websites/Domains
  • T1587 - Develop Capabilities
  • T1583.004 - Server
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1587.001 - Malware
  • T1105 - Ingress Tool Transfer
  • T1566.002 - Spearphishing Link
  • T1566 - Phishing
  • T1534 - Internal Spearphishing
  • T1185 - Browser Session Hijacking
  • T1598 - Phishing for Information
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1102.001 - Dead Drop Resolver
  • T1027.010 - Command Obfuscation
  • T1593.001 - Social Media
  • T1593.002 - Search Engines
  • T1583 - Acquire Infrastructure
  • T1071.003 - Mail Protocols
  • T1598.003 - Spearphishing Link
  • T1071.001 - Web Protocols
  • T1583.006 - Web Services
  • T1040 - Network Sniffing
  • T1505.003 - Web Shell
  • T1657 - Financial Theft
  • T1594 - Search Victim-Owned Websites
  • T1564.002 - Hidden Users
MITREへのリンク →

APT28

Score: 0.75
Matched TTPs:
  • T1584.008 - Network Devices
  • T1189 - Drive-by Compromise
  • T1583.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
  • T1078 - Valid Accounts
  • T1598 - Phishing for Information
  • T1586.002 - Email Accounts
  • T1546.015 - Component Object Model Hijacking
  • T1567 - Exfiltration Over Web Service
  • T1589.001 - Credentials
  • T1003 - OS Credential Dumping
  • T1071.003 - Mail Protocols
  • T1598.003 - Spearphishing Link
  • T1071.001 - Web Protocols
  • T1039 - Data from Network Shared Drive
  • T1583.006 - Web Services
  • T1557.004 - Evil Twin
  • T1040 - Network Sniffing
  • T1505.003 - Web Shell
  • T1498 - Network Denial of Service
  • T1092 - Communication Through Removable Media
MITREへのリンク →

Volt Typhoon

Score: 0.69
Matched TTPs:
  • T1584.008 - Network Devices
  • T1593 - Search Open Websites/Domains
  • T1217 - Browser Information Discovery
  • T1033 - System Owner/User Discovery
  • T1069 - Permission Groups Discovery
  • T1016.001 - Internet Connection Discovery
  • T1190 - Exploit Public-Facing Application
  • T1105 - Ingress Tool Transfer
  • T1059.004 - Unix Shell
  • T1078 - Valid Accounts
  • T1584.005 - Botnet
  • T1596.005 - Scan Databases
  • T1590.004 - Network Topology
  • T1570 - Lateral Tool Transfer
  • T1584.003 - Virtual Private Server
  • T1584.004 - Server
  • T1090.001 - Internal Proxy
  • T1614 - System Location Discovery
  • T1090 - Proxy
  • T1505.003 - Web Shell
  • T1594 - Search Victim-Owned Websites
  • T1592 - Gather Victim Host Information
MITREへのリンク →

Magic Hound

Score: 0.66
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1033 - System Owner/User Discovery
  • T1566.003 - Spearphishing via Service
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1190 - Exploit Public-Facing Application
  • T1591.001 - Determine Physical Locations
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1567 - Exfiltration Over Web Service
  • T1027.010 - Command Obfuscation
  • T1570 - Lateral Tool Transfer
  • T1589.001 - Credentials
  • T1071 - Application Layer Protocol
  • T1572 - Protocol Tunneling
  • T1598.003 - Spearphishing Link
  • T1071.001 - Web Protocols
  • T1592.002 - Software
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1505.003 - Web Shell
  • T1573 - Encrypted Channel
MITREへのリンク →

Contagious Interview

Score: 0.58
Matched TTPs:
  • T1546.004 - Unix Shell Configuration Modification
  • T1593 - Search Open Websites/Domains
  • T1593.001 - Social Media
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
  • T1583.003 - Virtual Private Server
  • T1071.003 - Mail Protocols
  • T1657 - Financial Theft
  • T1204.004 - Malicious Copy and Paste
  • T1681 - Search Threat Vendor Data
  • T1583 - Acquire Infrastructure
  • T1608.001 - Upload Malware
  • T1567 - Exfiltration Over Web Service
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1059.004 - Unix Shell
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る