Pulse Detail-

Infrastructure of Interest: Medium Confidence Phishing

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with phishing campaigns, targeting credential theft and fraudulent resource access. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 47.63

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1587.001 - Malware
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1586.002 - Email Accounts
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1016 - System Network Configuration Discovery
T1070 - Indicator Removal
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1218.005 - Mshta
T1608 - Stage Capabilities
T1583.006 - Web Services
T1041 - Exfiltration Over C2 Channel
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

Kimsuky

Score: 98.00

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1056.001 - Keylogging
T1594 - Search Victim-Owned Websites
T1587.001 - Malware
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1040 - Network Sniffing
T1586.002 - Email Accounts
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1596 - Search Open Technical Databases
T1112 - Modify Registry
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1593.002 - Search Engines
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1218.005 - Mshta
T1657 - Financial Theft
T1583.006 - Web Services
T1041 - Exfiltration Over C2 Channel
T1591 - Gather Victim Org Information
T1534 - Internal Spearphishing
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1566 - Phishing
T1562.001 - Disable or Modify Tools
T1593.001 - Social Media
T1102.002 - Bidirectional Communication
T1656 - Impersonation
T1518.001 - Security Software Discovery
T1598 - Phishing for Information
T1588.005 - Exploits
T1102.001 - Dead Drop Resolver
T1584.001 - Domains

MITREへのリンク →

Sea Turtle

Score: 37.26

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1583.002 - DNS Server
T1213.006 - Databases
T1070.002 - Clear Linux or Mac System Logs
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1583.003 - Virtual Private Server
T1588.002 - Tool
T1566 - Phishing
T1203 - Exploitation for Client Execution
T1608.003 - Install Digital Certificate
T1027.004 - Compile After Delivery

MITREへのリンク →

Ember Bear

Score: 38.56

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1003.002 - Security Account Manager
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1112 - Modify Registry
T1588.001 - Malware
T1583.003 - Virtual Private Server
T1110 - Brute Force
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution
T1595.001 - Scanning IP Blocks
T1588.005 - Exploits

MITREへのリンク →

Indrik Spider

Score: 17.23

Matched TTPs:

T1583 - Acquire Infrastructure
T1587.001 - Malware
T1112 - Modify Registry
T1585.002 - Email Accounts
T1590 - Gather Victim Network Information
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact

MITREへのリンク →

Agrius

Score: 13.39

Matched TTPs:

T1583 - Acquire Infrastructure
T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1041 - Exfiltration Over C2 Channel
T1110 - Brute Force
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Contagious Interview

Score: 58.15

Matched TTPs:

T1583 - Acquire Infrastructure
T1588.007 - Artificial Intelligence
T1027.013 - Encrypted/Encoded File
T1587.001 - Malware
T1608.001 - Upload Malware
T1583.001 - Domains
T1589 - Gather Victim Identity Information
T1681 - Search Threat Vendor Data
T1585.002 - Email Accounts
T1593.003 - Code Repositories
T1583.003 - Virtual Private Server
T1083 - File and Directory Discovery
T1657 - Financial Theft
T1583.006 - Web Services
T1041 - Exfiltration Over C2 Channel
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1593.001 - Social Media
T1656 - Impersonation
T1204.004 - Malicious Copy and Paste
T1566.003 - Spearphishing via Service

MITREへのリンク →

Sandworm Team

Score: 82.02

Matched TTPs:

T1583 - Acquire Infrastructure
T1056.001 - Keylogging
T1491.002 - External Defacement
T1594 - Search Victim-Owned Websites
T1587.001 - Malware
T1213.006 - Databases
T1586.001 - Social Media Accounts
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1040 - Network Sniffing
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1595.002 - Vulnerability Scanning
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1591.002 - Business Relationships
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1584.005 - Botnet
T1041 - Exfiltration Over C2 Channel
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1592.002 - Software
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1499 - Endpoint Denial of Service
T1590.001 - Domain Properties

MITREへのリンク →

Star Blizzard

Score: 25.49

Matched TTPs:

T1583 - Acquire Infrastructure
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1586.002 - Email Accounts
T1608.001 - Upload Malware
T1583.001 - Domains
T1589 - Gather Victim Identity Information
T1585.002 - Email Accounts
T1598.002 - Spearphishing Attachment
T1593 - Search Open Websites/Domains
T1588.002 - Tool

MITREへのリンク →

Volt Typhoon

Score: 69.92

Matched TTPs:

T1592 - Gather Victim Host Information
T1056.001 - Keylogging
T1016.001 - Internet Connection Discovery
T1584.008 - Network Devices
T1069 - Permission Groups Discovery
T1594 - Search Victim-Owned Websites
T1590.004 - Network Topology
T1584.003 - Virtual Private Server
T1190 - Exploit Public-Facing Application
T1589 - Gather Victim Identity Information
T1112 - Modify Registry
T1589.002 - Email Addresses
T1590.006 - Network Security Appliances
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1584.005 - Botnet
T1591 - Gather Victim Org Information
T1590 - Gather Victim Network Information
T1593 - Search Open Websites/Domains
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1591.004 - Identify Roles
T1596.005 - Scan Databases

MITREへのリンク →

Magic Hound

Score: 65.14

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1590.005 - IP Addresses
T1016.001 - Internet Connection Discovery
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1586.002 - Email Accounts
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1589 - Gather Victim Identity Information
T1595.002 - Vulnerability Scanning
T1112 - Modify Registry
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1583.006 - Web Services
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1592.002 - Software
T1589.001 - Credentials
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1591.001 - Determine Physical Locations
T1566.003 - Spearphishing via Service
T1584.001 - Domains

MITREへのリンク →

APT39

Score: 19.11

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1083 - File and Directory Discovery
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool
T1110 - Brute Force
T1102.002 - Bidirectional Communication

MITREへのリンク →

APT38

Score: 22.71

Matched TTPs:

T1056.001 - Keylogging
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1112 - Modify Registry
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1218.005 - Mshta
T1588.002 - Tool
T1110 - Brute Force
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1518.001 - Security Software Discovery
T1189 - Drive-by Compromise

MITREへのリンク →

Ajax Security Team

Score: 5.33

Matched TTPs:

T1056.001 - Keylogging
T1566.001 - Spearphishing Attachment
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT28

Score: 67.72

Matched TTPs:

T1056.001 - Keylogging
T1213.002 - Sharepoint
T1027.013 - Encrypted/Encoded File
T1584.008 - Network Devices
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1040 - Network Sniffing
T1586.002 - Email Accounts
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1557.004 - Evil Twin
T1595.002 - Vulnerability Scanning
T1596 - Search Open Technical Databases
T1090.002 - External Proxy
T1583.003 - Virtual Private Server
T1083 - File and Directory Discovery
T1583.006 - Web Services
T1591 - Gather Victim Org Information
T1588.002 - Tool
T1110 - Brute Force
T1068 - Exploitation for Privilege Escalation
T1589.001 - Credentials
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1598 - Phishing for Information
T1189 - Drive-by Compromise
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

Darkhotel

Score: 16.46

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1497.002 - User Activity Based Checks
T1203 - Exploitation for Client Execution
T1518.001 - Security Software Discovery
T1189 - Drive-by Compromise

MITREへのリンク →

menuPass

Score: 18.08

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1003.002 - Security Account Manager
T1566.001 - Spearphishing Attachment
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1090.002 - External Proxy
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1588.002 - Tool

MITREへのリンク →

APT5

Score: 16.50

Matched TTPs:

T1056.001 - Keylogging
T1003.002 - Security Account Manager
T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1070 - Indicator Removal
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery

MITREへのリンク →

Tonto Team

Score: 9.14

Matched TTPs:

T1056.001 - Keylogging
T1566.001 - Spearphishing Attachment
T1090.002 - External Proxy
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution

MITREへのリンク →

Threat Group-3390

Score: 30.36

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1003.002 - Security Account Manager
T1566.001 - Spearphishing Attachment
T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1608.002 - Upload Tool
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1049 - System Network Connections Discovery
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Lazarus Group

Score: 53.27

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1587.001 - Malware
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1585.002 - Email Accounts
T1090.002 - External Proxy
T1589.002 - Email Addresses
T1016 - System Network Configuration Discovery
T1070 - Indicator Removal
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1218.005 - Mshta
T1583.006 - Web Services
T1491.001 - Internal Defacement
T1041 - Exfiltration Over C2 Channel
T1591 - Gather Victim Org Information
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Group5

Score: 3.53

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File

MITREへのリンク →

PLATINUM

Score: 6.67

Matched TTPs:

T1056.001 - Keylogging
T1566.001 - Spearphishing Attachment
T1068 - Exploitation for Privilege Escalation
T1189 - Drive-by Compromise

MITREへのリンク →

FIN4

Score: 8.39

Matched TTPs:

T1056.001 - Keylogging
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1056.002 - GUI Input Capture

MITREへのリンク →

OilRig

Score: 40.63

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1587.001 - Malware
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1586.002 - Email Accounts
T1608.001 - Upload Malware
T1195 - Supply Chain Compromise
T1583.001 - Domains
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1049 - System Network Connections Discovery
T1588.002 - Tool
T1110 - Brute Force
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page
T1555.004 - Windows Credential Manager
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 24.39

Matched TTPs:

T1056.001 - Keylogging
T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1583.001 - Domains
T1112 - Modify Registry
T1585.002 - Email Accounts
T1016 - System Network Configuration Discovery
T1070 - Indicator Removal
T1583.003 - Virtual Private Server
T1588.002 - Tool
T1656 - Impersonation
T1518.001 - Security Software Discovery

MITREへのリンク →

Sowbug

Score: 3.23

Matched TTPs:

T1056.001 - Keylogging
T1083 - File and Directory Discovery

MITREへのリンク →

HEXANE

Score: 38.64

Matched TTPs:

T1056.001 - Keylogging
T1016.001 - Internet Connection Discovery
T1583.002 - DNS Server
T1586.002 - Email Accounts
T1608.001 - Upload Malware
T1583.001 - Domains
T1589 - Gather Victim Identity Information
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1016 - System Network Configuration Discovery
T1049 - System Network Connections Discovery
T1534 - Internal Spearphishing
T1588.002 - Tool
T1110 - Brute Force
T1102.002 - Bidirectional Communication
T1591.004 - Identify Roles

MITREへのリンク →

APT32

Score: 39.15

Matched TTPs:

T1056.001 - Keylogging
T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1583.001 - Domains
T1589 - Gather Victim Identity Information
T1112 - Modify Registry
T1589.002 - Email Addresses
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1218.005 - Mshta
T1583.006 - Web Services
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT3

Score: 20.67

Matched TTPs:

T1056.001 - Keylogging
T1069 - Permission Groups Discovery
T1566.002 - Spearphishing Link
T1090.002 - External Proxy
T1016 - System Network Configuration Discovery
T1546.008 - Accessibility Features
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1041 - Exfiltration Over C2 Channel
T1203 - Exploitation for Client Execution

MITREへのリンク →

FIN13

Score: 32.62

Matched TTPs:

T1056.001 - Keylogging
T1016.001 - Internet Connection Discovery
T1069 - Permission Groups Discovery
T1003.002 - Security Account Manager
T1587.001 - Malware
T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application
T1589 - Gather Victim Identity Information
T1016 - System Network Configuration Discovery
T1087 - Account Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

Ke3chang

Score: 22.55

Matched TTPs:

T1056.001 - Keylogging
T1213.002 - Sharepoint
T1003.002 - Security Account Manager
T1587.001 - Malware
T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool

MITREへのリンク →

APT41

Score: 56.27

Matched TTPs:

T1056.001 - Keylogging
T1568.002 - Domain Generation Algorithms
T1069 - Permission Groups Discovery
T1003.002 - Security Account Manager
T1566.001 - Spearphishing Attachment
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1546.008 - Accessibility Features
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1588.002 - Tool
T1110 - Brute Force
T1486 - Data Encrypted for Impact
T1203 - Exploitation for Client Execution
T1595.003 - Wordlist Scanning
T1656 - Impersonation
T1213.003 - Code Repositories
T1596.005 - Scan Databases
T1480.001 - Environmental Keying
T1102.001 - Dead Drop Resolver

MITREへのリンク →

LAPSUS$

Score: 57.61

Matched TTPs:

T1597.002 - Purchase Technical Data
T1213.002 - Sharepoint
T1586.002 - Email Accounts
T1589 - Gather Victim Identity Information
T1589.002 - Email Addresses
T1598.004 - Spearphishing Voice
T1591.002 - Business Relationships
T1593.003 - Code Repositories
T1588.001 - Malware
T1583.003 - Virtual Private Server
T1204 - User Execution
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1589.001 - Credentials
T1656 - Impersonation
T1591.004 - Identify Roles
T1213.003 - Code Repositories
T1213.005 - Messaging Applications

MITREへのリンク →

Akira

Score: 14.48

Matched TTPs:

T1213.002 - Sharepoint
T1558 - Steal or Forge Kerberos Tickets
T1657 - Financial Theft
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact

MITREへのリンク →

HAFNIUM

Score: 42.96

Matched TTPs:

T1213.002 - Sharepoint
T1590.005 - IP Addresses
T1016.001 - Internet Connection Discovery
T1583.005 - Botnet
T1190 - Exploit Public-Facing Application
T1589.002 - Email Addresses
T1016 - System Network Configuration Discovery
T1593.003 - Code Repositories
T1592.004 - Client Configurations
T1583.003 - Virtual Private Server
T1083 - File and Directory Discovery
T1584.005 - Botnet
T1583.006 - Web Services
T1590 - Gather Victim Network Information
T1068 - Exploitation for Privilege Escalation

MITREへのリンク →

Chimera

Score: 14.05

Matched TTPs:

T1213.002 - Sharepoint
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool
T1589.001 - Credentials

MITREへのリンク →

Inception

Score: 8.45

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1083 - File and Directory Discovery
T1218.005 - Mshta
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

Dark Caracal

Score: 7.18

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1083 - File and Directory Discovery
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Elderwood

Score: 7.17

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Transparent Tribe

Score: 15.01

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.004 - Drive-by Target
T1583.001 - Domains
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1584.001 - Domains

MITREへのリンク →

Leviathan

Score: 38.63

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1584.008 - Network Devices
T1586.001 - Social Media Accounts
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1586.002 - Email Accounts
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1595.002 - Vulnerability Scanning
T1585.002 - Email Accounts
T1041 - Exfiltration Over C2 Channel
T1102.003 - One-Way Communication
T1534 - Internal Spearphishing
T1589.001 - Credentials
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Sidewinder

Score: 18.50

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1218.005 - Mshta
T1598.002 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1518.001 - Security Software Discovery

MITREへのリンク →

Saint Bear

Score: 17.13

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1112 - Modify Registry
T1589.002 - Email Addresses
T1583.006 - Web Services
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution
T1656 - Impersonation

MITREへのリンク →

APT33

Score: 11.39

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1040 - Network Sniffing
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution

MITREへのリンク →

BITTER

Score: 10.40

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1583.001 - Domains
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA505

Score: 19.97

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1069 - Permission Groups Discovery
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1583.001 - Domains
T1112 - Modify Registry
T1588.001 - Malware
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact

MITREへのリンク →

Higaisa

Score: 11.25

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1016 - System Network Configuration Discovery
T1041 - Exfiltration Over C2 Channel
T1203 - Exploitation for Client Execution
T1001.003 - Protocol or Service Impersonation

MITREへのリンク →

APT19

Score: 8.38

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1588.002 - Tool
T1189 - Drive-by Compromise

MITREへのリンク →

Fox Kitten

Score: 14.02

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1190 - Exploit Public-Facing Application
T1546.008 - Accessibility Features
T1083 - File and Directory Discovery
T1110 - Brute Force
T1213.005 - Messaging Applications

MITREへのリンク →

TA2541

Score: 21.51

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1016.001 - Internet Connection Discovery
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1583.001 - Domains
T1588.001 - Malware
T1218.005 - Mshta
T1583.006 - Web Services
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1518.001 - Security Software Discovery

MITREへのリンク →

Malteiro

Score: 6.89

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1657 - Financial Theft
T1518.001 - Security Software Discovery

MITREへのリンク →

Storm-1811

Score: 22.38

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1583.001 - Domains
T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1566.004 - Spearphishing Voice
T1667 - Email Bombing
T1656 - Impersonation
T1566.003 - Spearphishing via Service

MITREへのリンク →

Blue Mockingbird

Score: 9.59

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1190 - Exploit Public-Facing Application
T1112 - Modify Registry
T1588.002 - Tool
T1134 - Access Token Manipulation

MITREへのリンク →

Tropic Trooper

Score: 10.36

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.001 - Spearphishing Attachment
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1203 - Exploitation for Client Execution
T1518.001 - Security Software Discovery

MITREへのリンク →

Mofang

Score: 3.91

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment

MITREへのリンク →

Whitefly

Score: 4.54

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation

MITREへのリンク →

Moses Staff

Score: 7.48

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1016 - System Network Configuration Discovery
T1588.002 - Tool

MITREへのリンク →

TeamTNT

Score: 25.73

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1587.001 - Malware
T1070.002 - Clear Linux or Mac System Logs
T1608.001 - Upload Malware
T1583.001 - Domains
T1595.002 - Vulnerability Scanning
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1562.001 - Disable or Modify Tools
T1518.001 - Security Software Discovery
T1595.001 - Scanning IP Blocks

MITREへのリンク →

Metador

Score: 4.90

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1588.001 - Malware
T1588.002 - Tool

MITREへのリンク →

Putter Panda

Score: 3.39

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Moonstone Sleet

Score: 30.90

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1587.001 - Malware
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1016 - System Network Configuration Discovery
T1583.003 - Virtual Private Server
T1591 - Gather Victim Org Information
T1486 - Data Encrypted for Impact
T1598 - Phishing for Information
T1566.003 - Spearphishing via Service

MITREへのリンク →

Andariel

Score: 16.02

Matched TTPs:

T1590.005 - IP Addresses
T1566.001 - Spearphishing Attachment
T1588.001 - Malware
T1049 - System Network Connections Discovery
T1592.002 - Software
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

TA551

Score: 9.87

Matched TTPs:

T1568.002 - Domain Generation Algorithms
T1566.001 - Spearphishing Attachment
T1589.002 - Email Addresses
T1218.005 - Mshta

MITREへのリンク →

APT29

Score: 42.90

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1003.002 - Security Account Manager
T1587.001 - Malware
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1586.002 - Email Accounts
T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1090.002 - External Proxy
T1546.008 - Accessibility Features
T1649 - Steal or Forge Authentication Certificates
T1218.005 - Mshta
T1583.006 - Web Services
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution
T1027.006 - HTML Smuggling
T1566.003 - Spearphishing via Service

MITREへのリンク →

Gamaredon Group

Score: 41.25

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1583.001 - Domains
T1112 - Modify Registry
T1583.003 - Virtual Private Server
T1083 - File and Directory Discovery
T1218.005 - Mshta
T1583.006 - Web Services
T1491.001 - Internal Defacement
T1041 - Exfiltration Over C2 Channel
T1102.003 - One-Way Communication
T1534 - Internal Spearphishing
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1102.002 - Bidirectional Communication
T1027.004 - Compile After Delivery
T1518.001 - Security Software Discovery

MITREへのリンク →

Lotus Blossom

Score: 13.77

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1588.002 - Tool
T1134 - Access Token Manipulation

MITREへのリンク →

Turla

Score: 45.42

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1587.001 - Malware
T1213.006 - Databases
T1566.002 - Spearphishing Link
T1584.003 - Virtual Private Server
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1588.001 - Malware
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1583.006 - Web Services
T1588.002 - Tool
T1110 - Brute Force
T1562.001 - Disable or Modify Tools
T1584.006 - Web Services
T1068 - Exploitation for Privilege Escalation
T1102.002 - Bidirectional Communication
T1518.001 - Security Software Discovery
T1555.004 - Windows Credential Manager
T1189 - Drive-by Compromise

MITREへのリンク →

FIN8

Score: 14.08

Matched TTPs:

T1016.001 - Internet Connection Discovery
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1486 - Data Encrypted for Impact
T1518.001 - Security Software Discovery

MITREへのリンク →

ZIRCONIUM

Score: 22.43

Matched TTPs:

T1584.008 - Network Devices
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.001 - Domains
T1016 - System Network Configuration Discovery
T1583.006 - Web Services
T1041 - Exfiltration Over C2 Channel
T1068 - Exploitation for Privilege Escalation
T1102.002 - Bidirectional Communication
T1598 - Phishing for Information

MITREへのリンク →

Mustard Tempest

Score: 20.58

Matched TTPs:

T1583.008 - Malvertising
T1566.002 - Spearphishing Link
T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1189 - Drive-by Compromise
T1608.006 - SEO Poisoning
T1584.001 - Domains

MITREへのリンク →

Scattered Spider

Score: 53.27

Matched TTPs:

T1069 - Permission Groups Discovery
T1598.003 - Spearphishing Link
T1583.001 - Domains
T1589 - Gather Victim Identity Information
T1598.004 - Spearphishing Voice
T1016 - System Network Configuration Discovery
T1087 - Account Discovery
T1588.001 - Malware
T1083 - File and Directory Discovery
T1657 - Financial Theft
T1204 - User Execution
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1068 - Exploitation for Privilege Escalation
T1486 - Data Encrypted for Impact
T1656 - Impersonation
T1598 - Phishing for Information
T1213.003 - Code Repositories
T1213.005 - Messaging Applications

MITREへのリンク →

Daggerfly

Score: 4.36

Matched TTPs:

T1003.002 - Security Account Manager
T1189 - Drive-by Compromise

MITREへのリンク →

GALLIUM

Score: 12.83

Matched TTPs:

T1003.002 - Security Account Manager
T1190 - Exploit Public-Facing Application
T1090.002 - External Proxy
T1016 - System Network Configuration Discovery
T1049 - System Network Connections Discovery
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool

MITREへのリンク →

Dragonfly

Score: 35.76

Matched TTPs:

T1003.002 - Security Account Manager
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.004 - Drive-by Target
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1595.002 - Vulnerability Scanning
T1112 - Modify Registry
T1591.002 - Business Relationships
T1016 - System Network Configuration Discovery
T1583.003 - Virtual Private Server
T1083 - File and Directory Discovery
T1598.002 - Spearphishing Attachment
T1588.002 - Tool
T1110 - Brute Force
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Wizard Spider

Score: 25.18

Matched TTPs:

T1003.002 - Security Account Manager
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1518.002 - Backup Software Discovery
T1112 - Modify Registry
T1585.002 - Email Accounts
T1016 - System Network Configuration Discovery
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1518.001 - Security Software Discovery
T1555.004 - Windows Credential Manager

MITREへのリンク →

Silent Librarian

Score: 16.76

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1598.003 - Spearphishing Link
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1608.005 - Link Target
T1588.002 - Tool

MITREへのリンク →

EXOTIC LILY

Score: 26.31

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1583.001 - Domains
T1585.002 - Email Accounts
T1589.002 - Email Addresses
T1597 - Search Closed Sources
T1593.001 - Social Media
T1203 - Exploitation for Client Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1583.006 - Web Services

MITREへのリンク →

Axiom

Score: 21.29

Matched TTPs:

T1583.002 - DNS Server
T1190 - Exploit Public-Facing Application
T1546.008 - Accessibility Features
T1583.003 - Virtual Private Server
T1584.005 - Botnet
T1566 - Phishing
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

UNC3886

Score: 19.88

Matched TTPs:

T1587.001 - Malware
T1040 - Network Sniffing
T1190 - Exploit Public-Facing Application
T1681 - Search Threat Vendor Data
T1588.001 - Malware
T1083 - File and Directory Discovery
T1562.001 - Disable or Modify Tools
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution

MITREへのリンク →

LuminousMoth

Score: 20.80

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1112 - Modify Registry
T1588.001 - Malware
T1083 - File and Directory Discovery
T1608.005 - Link Target
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool

MITREへのリンク →

Salt Typhoon

Score: 19.45

Matched TTPs:

T1587.001 - Malware
T1070.002 - Clear Linux or Mac System Logs
T1040 - Network Sniffing
T1590.004 - Network Topology
T1190 - Exploit Public-Facing Application
T1602.002 - Network Device Configuration Dump
T1588.002 - Tool

MITREへのリンク →

Play

Score: 13.40

Matched TTPs:

T1587.001 - Malware
T1190 - Exploit Public-Facing Application
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1657 - Financial Theft
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1518.001 - Security Software Discovery

MITREへのリンク →

Aoqin Dragon

Score: 5.74

Matched TTPs:

T1587.001 - Malware
T1083 - File and Directory Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

RedCurl

Score: 9.85

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1083 - File and Directory Discovery
T1056.002 - GUI Input Capture

MITREへのリンク →

FIN7

Score: 41.77

Matched TTPs:

T1587.001 - Malware
T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.004 - Drive-by Target
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1674 - Input Injection
T1218.005 - Mshta
T1608.005 - Link Target
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1591 - Gather Victim Org Information
T1588.002 - Tool
T1486 - Data Encrypted for Impact
T1102.002 - Bidirectional Communication
T1591.004 - Identify Roles

MITREへのリンク →

FIN6

Score: 15.61

Matched TTPs:

T1213.006 - Databases
T1566.001 - Spearphishing Attachment
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1068 - Exploitation for Privilege Escalation
T1134 - Access Token Manipulation
T1566.003 - Spearphishing via Service

MITREへのリンク →

BlackTech

Score: 6.13

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1190 - Exploit Public-Facing Application
T1588.002 - Tool
T1203 - Exploitation for Client Execution

MITREへのリンク →

MuddyWater

Score: 33.56

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1190 - Exploit Public-Facing Application
T1218.003 - CMSTP
T1090.002 - External Proxy
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1218.005 - Mshta
T1583.006 - Web Services
T1041 - Exfiltration Over C2 Channel
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1027.004 - Compile After Delivery
T1518.001 - Security Software Discovery

MITREへのリンク →

Confucius

Score: 11.44

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1083 - File and Directory Discovery
T1218.005 - Mshta
T1583.006 - Web Services
T1041 - Exfiltration Over C2 Channel
T1203 - Exploitation for Client Execution

MITREへのリンク →

Machete

Score: 4.09

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1189 - Drive-by Compromise

MITREへのリンク →

APT1

Score: 15.92

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1585.002 - Email Accounts
T1016 - System Network Configuration Discovery
T1588.001 - Malware
T1049 - System Network Connections Discovery
T1588.002 - Tool
T1584.001 - Domains

MITREへのリンク →

Windshift

Score: 8.51

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1518.001 - Security Software Discovery
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

Cobalt Group

Score: 12.79

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1218.003 - CMSTP
T1588.002 - Tool
T1068 - Exploitation for Privilege Escalation
T1203 - Exploitation for Client Execution
T1518.001 - Security Software Discovery

MITREへのリンク →

Earth Lusca

Score: 27.08

Matched TTPs:

T1566.002 - Spearphishing Link
T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1595.002 - Vulnerability Scanning
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1588.001 - Malware
T1049 - System Network Connections Discovery
T1218.005 - Mshta
T1583.006 - Web Services
T1588.002 - Tool
T1584.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

TA577

Score: 4.11

Matched TTPs:

T1566.002 - Spearphishing Link
T1586.002 - Email Accounts

MITREへのリンク →

Patchwork

Score: 17.20

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1083 - File and Directory Discovery
T1588.002 - Tool
T1203 - Exploitation for Client Execution
T1518.001 - Security Software Discovery
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

LazyScripter

Score: 12.62

Matched TTPs:

T1566.002 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1583.001 - Domains
T1588.001 - Malware
T1218.005 - Mshta
T1583.006 - Web Services

MITREへのリンク →

Rocke

Score: 15.69

Matched TTPs:

T1070.002 - Clear Linux or Mac System Logs
T1190 - Exploit Public-Facing Application
T1562.001 - Disable or Modify Tools
T1027.004 - Compile After Delivery
T1518.001 - Security Software Discovery
T1102.001 - Dead Drop Resolver

MITREへのリンク →

CURIUM

Score: 22.58

Matched TTPs:

T1598.003 - Spearphishing Link
T1566.001 - Spearphishing Attachment
T1608.004 - Drive-by Target
T1583.001 - Domains
T1585.002 - Email Accounts
T1583.003 - Virtual Private Server
T1041 - Exfiltration Over C2 Channel
T1584.006 - Web Services
T1189 - Drive-by Compromise
T1566.003 - Spearphishing via Service

MITREへのリンク →

admin@338

Score: 6.87

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1203 - Exploitation for Client Execution

MITREへのリンク →

BRONZE BUTLER

Score: 11.36

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1083 - File and Directory Discovery
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

RTM

Score: 5.92

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Winter Vivern

Score: 22.17

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1190 - Exploit Public-Facing Application
T1583.001 - Domains
T1595.002 - Vulnerability Scanning
T1056.003 - Web Portal Capture
T1583.003 - Virtual Private Server
T1083 - File and Directory Discovery
T1041 - Exfiltration Over C2 Channel
T1584.006 - Web Services
T1189 - Drive-by Compromise

MITREへのリンク →

Gorgon Group

Score: 5.35

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1588.002 - Tool
T1562.001 - Disable or Modify Tools

MITREへのリンク →

Naikon

Score: 4.24

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1016 - System Network Configuration Discovery
T1518.001 - Security Software Discovery

MITREへのリンク →

APT12

Score: 4.77

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Ferocious Kitten

Score: 3.24

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1583.001 - Domains
T1588.002 - Tool

MITREへのリンク →

SideCopy

Score: 15.46

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1608.001 - Upload Malware
T1016 - System Network Configuration Discovery
T1218.005 - Mshta
T1598.002 - Spearphishing Attachment
T1518.001 - Security Software Discovery
T1584.001 - Domains

MITREへのリンク →

APT37

Score: 6.53

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Silence

Score: 6.30

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1112 - Modify Registry
T1090.002 - External Proxy
T1588.002 - Tool

MITREへのリンク →

IndigoZebra

Score: 7.92

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1586.002 - Email Accounts
T1583.001 - Domains
T1583.006 - Web Services
T1588.002 - Tool

MITREへのリンク →

The White Company

Score: 4.27

Matched TTPs:

T1566.001 - Spearphishing Attachment
T1203 - Exploitation for Client Execution
T1518.001 - Security Software Discovery

MITREへのリンク →

Velvet Ant

Score: 12.00

Matched TTPs:

T1040 - Network Sniffing
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1562.001 - Disable or Modify Tools
T1211 - Exploitation for Defense Evasion

MITREへのリンク →

DarkVishnya

Score: 6.41

Matched TTPs:

T1040 - Network Sniffing
T1588.002 - Tool
T1110 - Brute Force

MITREへのリンク →

BlackByte

Score: 23.22

Matched TTPs:

T1608.001 - Upload Malware
T1190 - Exploit Public-Facing Application
T1112 - Modify Registry
T1016 - System Network Configuration Discovery
T1583.003 - Virtual Private Server
T1491.001 - Internal Defacement
T1041 - Exfiltration Over C2 Channel
T1562.001 - Disable or Modify Tools
T1068 - Exploitation for Privilege Escalation
T1486 - Data Encrypted for Impact
T1518.001 - Security Software Discovery

MITREへのリンク →

BackdoorDiplomacy

Score: 6.51

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1588.001 - Malware
T1049 - System Network Connections Discovery
T1588.002 - Tool

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1566 - Phishing

MITREへのリンク →

Medusa Group

Score: 23.91

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1608.002 - Upload Tool
T1112 - Modify Registry
T1585.002 - Email Accounts
T1016 - System Network Configuration Discovery
T1083 - File and Directory Discovery
T1657 - Financial Theft
T1583.006 - Web Services
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact
T1518.001 - Security Software Discovery

MITREへのリンク →

Storm-0501

Score: 10.76

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1110 - Brute Force
T1486 - Data Encrypted for Impact
T1518.001 - Security Software Discovery

MITREへのリンク →

Cinnamon Tempest

Score: 4.84

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1657 - Financial Theft
T1588.002 - Tool

MITREへのリンク →

ToddyCat

Score: 8.93

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1518.001 - Security Software Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Volatile Cedar

Score: 8.19

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1595.002 - Vulnerability Scanning
T1595.003 - Wordlist Scanning

MITREへのリンク →

INC Ransom

Score: 14.00

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1049 - System Network Connections Discovery
T1657 - Financial Theft
T1588.002 - Tool
T1566 - Phishing
T1562.001 - Disable or Modify Tools
T1486 - Data Encrypted for Impact

MITREへのリンク →

MoustachedBouncer

Score: 6.63

Matched TTPs:

T1659 - Content Injection
T1068 - Exploitation for Privilege Escalation

MITREへのリンク →

Aquatic Panda

Score: 15.27

Matched TTPs:

T1595.002 - Vulnerability Scanning
T1112 - Modify Registry
T1087 - Account Discovery
T1588.001 - Malware
T1588.002 - Tool
T1562.001 - Disable or Modify Tools
T1518.001 - Security Software Discovery

MITREへのリンク →

FIN5

Score: 6.12

Matched TTPs:

T1090.002 - External Proxy
T1588.002 - Tool
T1110 - Brute Force

MITREへのリンク →

Stealth Falcon

Score: 7.06

Matched TTPs:

T1016 - System Network Configuration Discovery
T1041 - Exfiltration Over C2 Channel
T1555.004 - Windows Credential Manager

MITREへのリンク →

Deep Panda

Score: 3.29

Matched TTPs:

T1546.008 - Accessibility Features

MITREへのリンク →

Equation

Score: 12.80

Matched TTPs:

T1542.002 - Component Firmware
T1564.005 - Hidden File System
T1480.001 - Environmental Keying

MITREへのリンク →

Windigo

Score: 3.06

Matched TTPs:

T1083 - File and Directory Discovery
T1189 - Drive-by Compromise

MITREへのリンク →

Leafminer

Score: 3.91

Matched TTPs:

T1083 - File and Directory Discovery
T1588.002 - Tool
T1189 - Drive-by Compromise

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1657 - Financial Theft
T1566 - Phishing

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1657 - Financial Theft
T1486 - Data Encrypted for Impact

MITREへのリンク →

POLONIUM

Score: 5.26

Matched TTPs:

T1583.006 - Web Services
T1588.002 - Tool
T1102.002 - Bidirectional Communication

MITREへのリンク →

Carbanak

Score: 3.25

Matched TTPs:

T1588.002 - Tool
T1102.002 - Bidirectional Communication

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70

Matched TTPs:

T1562.001 - Disable or Modify Tools
T1102.002 - Bidirectional Communication
T1594 - Search Victim-Owned Websites
T1040 - Network Sniffing
T1566.001 - Spearphishing Attachment
T1598.003 - Spearphishing Link
T1566.002 - Spearphishing Link
T1584.001 - Domains
T1583 - Acquire Infrastructure
T1585.002 - Email Accounts
T1583.001 - Domains
T1656 - Impersonation
T1596 - Search Open Technical Databases
T1588.002 - Tool
T1598 - Phishing for Information
T1587.001 - Malware
T1657 - Financial Theft
T1593 - Search Open Websites/Domains
T1589.002 - Email Addresses
T1083 - File and Directory Discovery
T1534 - Internal Spearphishing
T1593.002 - Search Engines
T1583.006 - Web Services
T1608.001 - Upload Malware
T1041 - Exfiltration Over C2 Channel
T1588.005 - Exploits
T1557 - Adversary-in-the-Middle
T1102.001 - Dead Drop Resolver
T1016 - System Network Configuration Discovery
T1591 - Gather Victim Org Information
T1112 - Modify Registry
T1566 - Phishing
T1056.001 - Keylogging
T1518.001 - Security Software Discovery
T1190 - Exploit Public-Facing Application
T1218.005 - Mshta
T1586.002 - Email Accounts
T1593.001 - Social Media

MITREへのリンク →

Sandworm Team

Score: 0.59

Matched TTPs:

T1102.002 - Bidirectional Communication
T1594 - Search Victim-Owned Websites
T1595.002 - Vulnerability Scanning
T1040 - Network Sniffing
T1566.001 - Spearphishing Attachment
T1598.003 - Spearphishing Link
T1566.002 - Spearphishing Link
T1583 - Acquire Infrastructure
T1585.002 - Email Accounts
T1583.001 - Domains
T1590.001 - Domain Properties
T1588.002 - Tool
T1587.001 - Malware
T1593 - Search Open Websites/Domains
T1589.002 - Email Addresses
T1195 - Supply Chain Compromise
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1584.005 - Botnet
T1203 - Exploitation for Client Execution
T1213.006 - Databases
T1608.001 - Upload Malware
T1499 - Endpoint Denial of Service
T1586.001 - Social Media Accounts
T1041 - Exfiltration Over C2 Channel
T1591.002 - Business Relationships
T1592.002 - Software
T1056.001 - Keylogging
T1491.002 - External Defacement
T1190 - Exploit Public-Facing Application
T1486 - Data Encrypted for Impact

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Infrastructure of Interest: Medium Confidence Phishing

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ