Pulse Detail-

Infrastructure of Interest: Medium Confidence Phishing

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with phishing campaigns, targeting credential theft and fraudulent resource access. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 47.63

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1677 - Poisoned Pipeline Execution
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1569.001 - Launchctl
T1608.005 - Link Target
T1087.004 - Cloud Account
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

Kimsuky

Score: 98.00

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1033 - System Owner/User Discovery
T1596.003 - Digital Certificates
T1114 - Email Collection
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1152 - Launchctl
T1059.009 - Cloud API
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1683.001 - Written Content
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1552.003 - Shell History
T1608.005 - Link Target
T1087.004 - Cloud Account
T1057 - Process Discovery
T1055.014 - VDSO Hijacking
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1597 - Search Closed Sources
T1690 - Prevent Command History Logging
T1547.002 - Authentication Package
T1030 - Data Transfer Size Limits
T1506 - Web Session Cookie
T1197 - BITS Jobs
T1003.003 - NTDS
T1008 - Fallback Channels
T1053.002 - At

MITREへのリンク →

Sea Turtle

Score: 37.26

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1033 - System Owner/User Discovery
T1499.003 - Application Exhaustion Flood
T1063 - Security Software Discovery
T1497.001 - System Checks
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1218.010 - Regsvr32
T1685 - Disable or Modify Tools
T1059.013 - Container CLI/API

MITREへのリンク →

Ember Bear

Score: 38.56

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1584.008 - Network Devices
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1059.009 - Cloud API
T1136.002 - Domain Account
T1175 - Component Object Model and Distributed COM
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1519 - Emond
T1003.003 - NTDS

MITREへのリンク →

Indrik Spider

Score: 17.23

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1059.009 - Cloud API
T1183 - Image File Execution Options Injection
T1552.008 - Chat Messages
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Agrius

Score: 13.39

Matched TTPs:

T1033 - System Owner/User Discovery
T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1087.004 - Cloud Account
T1097 - Pass the Ticket
T1597 - Search Closed Sources

MITREへのリンク →

Contagious Interview

Score: 58.15

Matched TTPs:

T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1021.006 - Windows Remote Management
T1183 - Image File Execution Options Injection
T1218.008 - Odbcconf
T1175 - Component Object Model and Distributed COM
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1608.005 - Link Target
T1087.004 - Cloud Account
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1690 - Prevent Command History Logging
T1030 - Data Transfer Size Limits
T1221 - Template Injection
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 82.02

Matched TTPs:

T1033 - System Owner/User Discovery
T1596.003 - Digital Certificates
T1564.008 - Email Hiding Rules
T1114 - Email Collection
T1606.002 - SAML Tokens
T1063 - Security Software Discovery
T1484.002 - Trust Modification
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1562.004 - Disable or Modify System Firewall
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1193 - Spearphishing Attachment
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1049 - System Network Connections Discovery
T1087.004 - Cloud Account
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1075 - Pass the Hash
T1111 - Multi-Factor Authentication Interception

MITREへのリンク →

Star Blizzard

Score: 25.49

Matched TTPs:

T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection
T1657 - Financial Theft
T1102.003 - One-Way Communication
T1199 - Trusted Relationship

MITREへのリンク →

Volt Typhoon

Score: 69.92

Matched TTPs:

T1148 - HISTCONTROL
T1596.003 - Digital Certificates
T1099 - Timestomp
T1685.001 - Disable or Modify Windows Event Log
T1560.003 - Archive via Custom Method
T1114 - Email Collection
T1553.002 - Code Signing
T1176 - Software Extensions
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1059.009 - Cloud API
T1134.002 - Create Process with Token
T1164 - Re-opened Applications
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1049 - System Network Connections Discovery
T1057 - Process Discovery
T1552.008 - Chat Messages
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1065 - Uncommonly Used Port
T1574.002 - DLL Side-Loading

MITREへのリンク →

Magic Hound

Score: 65.14

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1171 - LLMNR/NBT-NS Poisoning and Relay
T1099 - Timestomp
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1562.004 - Disable or Modify System Firewall
T1059.009 - Cloud API
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1592.003 - Firmware
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1098.002 - Additional Email Delegate Permissions
T1547.008 - LSASS Driver
T1053.002 - At

MITREへのリンク →

APT39

Score: 19.11

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1219.001 - IDE Tunneling
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1547.002 - Authentication Package

MITREへのリンク →

APT38

Score: 22.71

Matched TTPs:

T1596.003 - Digital Certificates
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1059.009 - Cloud API
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI

MITREへのリンク →

Ajax Security Team

Score: 5.33

Matched TTPs:

T1596.003 - Digital Certificates
T1598.003 - Spearphishing Link
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 67.72

Matched TTPs:

T1596.003 - Digital Certificates
T1574.007 - Path Interception by PATH Environment Variable
T1491.002 - External Defacement
T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1139 - Bash History
T1562.004 - Disable or Modify System Firewall
T1152 - Launchctl
T1547.011 - Plist Modification
T1175 - Component Object Model and Distributed COM
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1057 - Process Discovery
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1039 - Data from Network Shared Drive
T1592.003 - Firmware
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1197 - BITS Jobs
T1059.012 - Hypervisor CLI
T1566.003 - Spearphishing via Service

MITREへのリンク →

Darkhotel

Score: 16.46

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1564.002 - Hidden Users
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI

MITREへのリンク →

menuPass

Score: 18.08

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1584.008 - Network Devices
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship

MITREへのリンク →

APT5

Score: 16.50

Matched TTPs:

T1596.003 - Digital Certificates
T1584.008 - Network Devices
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1677 - Poisoned Pipeline Execution
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

Tonto Team

Score: 9.14

Matched TTPs:

T1596.003 - Digital Certificates
T1598.003 - Spearphishing Link
T1547.011 - Plist Modification
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32

MITREへのリンク →

Threat Group-3390

Score: 30.36

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1584.008 - Network Devices
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1218.003 - CMSTP
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Lazarus Group

Score: 53.27

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1547.011 - Plist Modification
T1134.002 - Create Process with Token
T1590.006 - Network Security Appliances
T1677 - Poisoned Pipeline Execution
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1608.005 - Link Target
T1606.001 - Web Cookies
T1087.004 - Cloud Account
T1057 - Process Discovery
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Group5

Score: 3.53

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement

MITREへのリンク →

PLATINUM

Score: 6.67

Matched TTPs:

T1596.003 - Digital Certificates
T1598.003 - Spearphishing Link
T1039 - Data from Network Shared Drive
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN4

Score: 8.39

Matched TTPs:

T1596.003 - Digital Certificates
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1574.010 - Services File Permissions Weakness

MITREへのリンク →

OilRig

Score: 40.63

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1098.007 - Additional Local or Domain Groups
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1592.002 - Software
T1556.009 - Conditional Access Policies
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 24.39

Matched TTPs:

T1596.003 - Digital Certificates
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1059.009 - Cloud API
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1677 - Poisoned Pipeline Execution
T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship
T1030 - Data Transfer Size Limits
T1506 - Web Session Cookie

MITREへのリンク →

Sowbug

Score: 3.23

Matched TTPs:

T1596.003 - Digital Certificates
T1219.001 - IDE Tunneling

MITREへのリンク →

HEXANE

Score: 38.64

Matched TTPs:

T1596.003 - Digital Certificates
T1099 - Timestomp
T1499.003 - Application Exhaustion Flood
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1590.006 - Network Security Appliances
T1055.004 - Asynchronous Procedure Call
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1547.002 - Authentication Package
T1065 - Uncommonly Used Port

MITREへのリンク →

APT32

Score: 39.15

Matched TTPs:

T1596.003 - Digital Certificates
T1491.002 - External Defacement
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1059.009 - Cloud API
T1134.002 - Create Process with Token
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1608.005 - Link Target
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT3

Score: 20.67

Matched TTPs:

T1596.003 - Digital Certificates
T1560.003 - Archive via Custom Method
T1543.003 - Windows Service
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1087.004 - Cloud Account
T1218.010 - Regsvr32

MITREへのリンク →

FIN13

Score: 32.62

Matched TTPs:

T1596.003 - Digital Certificates
T1099 - Timestomp
T1560.003 - Archive via Custom Method
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1590.006 - Network Security Appliances
T1144 - Gatekeeper Bypass
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1552.003 - Shell History
T1199 - Trusted Relationship

MITREへのリンク →

Ke3chang

Score: 22.55

Matched TTPs:

T1596.003 - Digital Certificates
T1574.007 - Path Interception by PATH Environment Variable
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1087.004 - Cloud Account
T1199 - Trusted Relationship

MITREへのリンク →

APT41

Score: 56.27

Matched TTPs:

T1596.003 - Digital Certificates
T1539 - Steal Web Session Cookie
T1560.003 - Archive via Custom Method
T1584.008 - Network Devices
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1027 - Obfuscated Files or Information
T1218.010 - Regsvr32
T1002 - Data Compressed
T1030 - Data Transfer Size Limits
T1564.003 - Hidden Window
T1574.002 - DLL Side-Loading
T1037.001 - Logon Script (Windows)
T1008 - Fallback Channels

MITREへのリンク →

LAPSUS$

Score: 57.61

Matched TTPs:

T1216.001 - PubPrn
T1574.007 - Path Interception by PATH Environment Variable
T1024 - Custom Cryptographic Protocol
T1547.005 - Security Support Provider
T1134.002 - Create Process with Token
T1019 - System Firmware
T1193 - Spearphishing Attachment
T1218.008 - Odbcconf
T1136.002 - Domain Account
T1175 - Component Object Model and Distributed COM
T1619 - Cloud Storage Object Discovery
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1592.003 - Firmware
T1030 - Data Transfer Size Limits
T1065 - Uncommonly Used Port
T1564.003 - Hidden Window
T1588.005 - Exploits

MITREへのリンク →

Akira

Score: 14.48

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1137.005 - Outlook Rules
T1552.003 - Shell History
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

HAFNIUM

Score: 42.96

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1171 - LLMNR/NBT-NS Poisoning and Relay
T1099 - Timestomp
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1134.002 - Create Process with Token
T1590.006 - Network Security Appliances
T1218.008 - Odbcconf
T1059 - Command and Scripting Interpreter
T1175 - Component Object Model and Distributed COM
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1552.008 - Chat Messages
T1039 - Data from Network Shared Drive

MITREへのリンク →

Chimera

Score: 14.05

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1592.003 - Firmware

MITREへのリンク →

Inception

Score: 8.45

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Dark Caracal

Score: 7.18

Matched TTPs:

T1491.002 - External Defacement
T1219.001 - IDE Tunneling
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Elderwood

Score: 7.17

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 15.01

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1098.007 - Additional Local or Domain Groups
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1053.002 - At

MITREへのリンク →

Leviathan

Score: 38.63

Matched TTPs:

T1491.002 - External Defacement
T1685.001 - Disable or Modify Windows Event Log
T1484.002 - Trust Modification
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1562.004 - Disable or Modify System Firewall
T1183 - Image File Execution Options Injection
T1087.004 - Cloud Account
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1592.003 - Firmware
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Sidewinder

Score: 18.50

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1657 - Financial Theft
T1218.010 - Regsvr32
T1506 - Web Session Cookie

MITREへのリンク →

Saint Bear

Score: 17.13

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1134.002 - Create Process with Token
T1608.005 - Link Target
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1030 - Data Transfer Size Limits

MITREへのリンク →

APT33

Score: 11.39

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32

MITREへのリンク →

BITTER

Score: 10.40

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32

MITREへのリンク →

TA505

Score: 19.97

Matched TTPs:

T1491.002 - External Defacement
T1560.003 - Archive via Custom Method
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1059.009 - Cloud API
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Higaisa

Score: 11.25

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1590.006 - Network Security Appliances
T1087.004 - Cloud Account
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage

MITREへのリンク →

APT19

Score: 8.38

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship
T1059.012 - Hypervisor CLI

MITREへのリンク →

Fox Kitten

Score: 14.02

Matched TTPs:

T1491.002 - External Defacement
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1097 - Pass the Ticket
T1588.005 - Exploits

MITREへのリンク →

TA2541

Score: 21.51

Matched TTPs:

T1491.002 - External Defacement
T1099 - Timestomp
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1136.002 - Domain Account
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie

MITREへのリンク →

Malteiro

Score: 6.89

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1552.003 - Shell History
T1506 - Web Session Cookie

MITREへのリンク →

Storm-1811

Score: 22.38

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1098.007 - Additional Local or Domain Groups
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact
T1567.003 - Exfiltration to Text Storage Sites
T1030 - Data Transfer Size Limits
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 9.59

Matched TTPs:

T1491.002 - External Defacement
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1199 - Trusted Relationship
T1505 - Server Software Component

MITREへのリンク →

Tropic Trooper

Score: 10.36

Matched TTPs:

T1491.002 - External Defacement
T1598.003 - Spearphishing Link
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32
T1506 - Web Session Cookie

MITREへのリンク →

Mofang

Score: 3.91

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1598.003 - Spearphishing Link

MITREへのリンク →

Whitefly

Score: 4.54

Matched TTPs:

T1491.002 - External Defacement
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive

MITREへのリンク →

Moses Staff

Score: 7.48

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship

MITREへのリンク →

TeamTNT

Score: 25.73

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1497.001 - System Checks
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1562.004 - Disable or Modify System Firewall
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1519 - Emond

MITREへのリンク →

Metador

Score: 4.90

Matched TTPs:

T1491.002 - External Defacement
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Putter Panda

Score: 3.39

Matched TTPs:

T1491.002 - External Defacement
T1597 - Search Closed Sources

MITREへのリンク →

Moonstone Sleet

Score: 30.90

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1590.006 - Network Security Appliances
T1175 - Component Object Model and Distributed COM
T1057 - Process Discovery
T1027 - Obfuscated Files or Information
T1197 - BITS Jobs
T1547.008 - LSASS Driver

MITREへのリンク →

Andariel

Score: 16.02

Matched TTPs:

T1171 - LLMNR/NBT-NS Poisoning and Relay
T1598.003 - Spearphishing Link
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA551

Score: 9.87

Matched TTPs:

T1539 - Steal Web Session Cookie
T1598.003 - Spearphishing Link
T1134.002 - Create Process with Token
T1218.012 - Verclsid

MITREへのリンク →

APT29

Score: 42.90

Matched TTPs:

T1099 - Timestomp
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1568 - Dynamic Resolution
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1223 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

Gamaredon Group

Score: 41.25

Matched TTPs:

T1099 - Timestomp
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1059.009 - Cloud API
T1175 - Component Object Model and Distributed COM
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1606.001 - Web Cookies
T1087.004 - Cloud Account
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1059.013 - Container CLI/API
T1506 - Web Session Cookie

MITREへのリンク →

Lotus Blossom

Score: 13.77

Matched TTPs:

T1099 - Timestomp
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1505 - Server Software Component

MITREへのリンク →

Turla

Score: 45.42

Matched TTPs:

T1099 - Timestomp
T1606.002 - SAML Tokens
T1063 - Security Software Discovery
T1543.003 - Windows Service
T1176 - Software Extensions
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1608.005 - Link Target
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1039 - Data from Network Shared Drive
T1547.002 - Authentication Package
T1506 - Web Session Cookie
T1556.009 - Conditional Access Policies
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN8

Score: 14.08

Matched TTPs:

T1099 - Timestomp
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

ZIRCONIUM

Score: 22.43

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1087.004 - Cloud Account
T1039 - Data from Network Shared Drive
T1547.002 - Authentication Package
T1197 - BITS Jobs

MITREへのリンク →

Mustard Tempest

Score: 20.58

Matched TTPs:

T1682 - Query Public AI Services
T1543.003 - Windows Service
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service
T1053.002 - At

MITREへのリンク →

Scattered Spider

Score: 53.27

Matched TTPs:

T1560.003 - Archive via Custom Method
T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1547.005 - Security Support Provider
T1019 - System Firmware
T1590.006 - Network Security Appliances
T1144 - Gatekeeper Bypass
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1619 - Cloud Storage Object Discovery
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1030 - Data Transfer Size Limits
T1197 - BITS Jobs
T1564.003 - Hidden Window
T1588.005 - Exploits

MITREへのリンク →

Daggerfly

Score: 4.36

Matched TTPs:

T1584.008 - Network Devices
T1059.012 - Hypervisor CLI

MITREへのリンク →

GALLIUM

Score: 12.83

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1055.004 - Asynchronous Procedure Call
T1087.004 - Cloud Account
T1199 - Trusted Relationship

MITREへのリンク →

Dragonfly

Score: 35.76

Matched TTPs:

T1584.008 - Network Devices
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1562.004 - Disable or Modify System Firewall
T1059.009 - Cloud API
T1193 - Spearphishing Attachment
T1590.006 - Network Security Appliances
T1175 - Component Object Model and Distributed COM
T1219.001 - IDE Tunneling
T1657 - Financial Theft
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Wizard Spider

Score: 25.18

Matched TTPs:

T1584.008 - Network Devices
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1038 - DLL Search Order Hijacking
T1059.009 - Cloud API
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1556.009 - Conditional Access Policies

MITREへのリンク →

Silent Librarian

Score: 16.76

Matched TTPs:

T1114 - Email Collection
T1566.002 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1584.005 - Botnet
T1199 - Trusted Relationship

MITREへのリンク →

EXOTIC LILY

Score: 26.31

Matched TTPs:

T1114 - Email Collection
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1134.002 - Create Process with Token
T1149 - LC_MAIN Hijacking
T1690 - Prevent Command History Logging
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

TA578

Score: 5.30

Matched TTPs:

T1114 - Email Collection
T1608.005 - Link Target

MITREへのリンク →

Axiom

Score: 21.29

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1175 - Component Object Model and Distributed COM
T1049 - System Network Connections Discovery
T1562.013 - Disable or Modify Network Device Firewall
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

UNC3886

Score: 19.88

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 20.80

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1584.005 - Botnet
T1087.004 - Cloud Account
T1199 - Trusted Relationship

MITREへのリンク →

Salt Typhoon

Score: 19.45

Matched TTPs:

T1606.002 - SAML Tokens
T1497.001 - System Checks
T1583.005 - Botnet
T1553.002 - Code Signing
T1140 - Deobfuscate/Decode Files or Information
T1608.002 - Upload Tool
T1199 - Trusted Relationship

MITREへのリンク →

Play

Score: 13.40

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie

MITREへのリンク →

Aoqin Dragon

Score: 5.74

Matched TTPs:

T1606.002 - SAML Tokens
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 9.85

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1219.001 - IDE Tunneling
T1574.010 - Services File Permissions Weakness

MITREへのリンク →

FIN7

Score: 41.77

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1011.001 - Exfiltration Over Bluetooth
T1218.012 - Verclsid
T1584.005 - Botnet
T1608.005 - Link Target
T1564.002 - Hidden Users
T1057 - Process Discovery
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1547.002 - Authentication Package
T1065 - Uncommonly Used Port

MITREへのリンク →

FIN6

Score: 15.61

Matched TTPs:

T1063 - Security Software Discovery
T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive
T1505 - Server Software Component
T1547.008 - LSASS Driver

MITREへのリンク →

BlackTech

Score: 6.13

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

MuddyWater

Score: 33.56

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1518.002 - Backup Software Discovery
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1608.005 - Link Target
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1506 - Web Session Cookie

MITREへのリンク →

Confucius

Score: 11.44

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1087.004 - Cloud Account
T1218.010 - Regsvr32

MITREへのリンク →

Machete

Score: 4.09

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT1

Score: 15.92

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1053.002 - At

MITREへのリンク →

Windshift

Score: 8.51

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Cobalt Group

Score: 12.79

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1518.002 - Backup Software Discovery
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1506 - Web Session Cookie

MITREへのリンク →

Earth Lusca

Score: 27.08

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1562.004 - Disable or Modify System Firewall
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA577

Score: 4.11

Matched TTPs:

T1543.003 - Windows Service
T1024 - Custom Cryptographic Protocol

MITREへのリンク →

Patchwork

Score: 17.20

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

LazyScripter

Score: 12.62

Matched TTPs:

T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1098.007 - Additional Local or Domain Groups
T1136.002 - Domain Account
T1218.012 - Verclsid
T1608.005 - Link Target

MITREへのリンク →

Rocke

Score: 15.69

Matched TTPs:

T1497.001 - System Checks
T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1008 - Fallback Channels

MITREへのリンク →

CURIUM

Score: 22.58

Matched TTPs:

T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1098.007 - Additional Local or Domain Groups
T1183 - Image File Execution Options Injection
T1175 - Component Object Model and Distributed COM
T1087.004 - Cloud Account
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

admin@338

Score: 6.87

Matched TTPs:

T1598.003 - Spearphishing Link
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1218.010 - Regsvr32

MITREへのリンク →

BRONZE BUTLER

Score: 11.36

Matched TTPs:

T1598.003 - Spearphishing Link
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

RTM

Score: 5.92

Matched TTPs:

T1598.003 - Spearphishing Link
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Winter Vivern

Score: 22.17

Matched TTPs:

T1598.003 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1098.007 - Additional Local or Domain Groups
T1562.004 - Disable or Modify System Firewall
T1548 - Abuse Elevation Control Mechanism
T1175 - Component Object Model and Distributed COM
T1219.001 - IDE Tunneling
T1087.004 - Cloud Account
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Gorgon Group

Score: 5.35

Matched TTPs:

T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1199 - Trusted Relationship
T1597 - Search Closed Sources

MITREへのリンク →

Naikon

Score: 4.24

Matched TTPs:

T1598.003 - Spearphishing Link
T1590.006 - Network Security Appliances
T1506 - Web Session Cookie

MITREへのリンク →

APT12

Score: 4.77

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Ferocious Kitten

Score: 3.24

Matched TTPs:

T1598.003 - Spearphishing Link
T1098.007 - Additional Local or Domain Groups
T1199 - Trusted Relationship

MITREへのリンク →

SideCopy

Score: 15.46

Matched TTPs:

T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1218.012 - Verclsid
T1657 - Financial Theft
T1506 - Web Session Cookie
T1053.002 - At

MITREへのリンク →

APT37

Score: 6.53

Matched TTPs:

T1598.003 - Spearphishing Link
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Silence

Score: 6.30

Matched TTPs:

T1598.003 - Spearphishing Link
T1059.009 - Cloud API
T1547.011 - Plist Modification
T1199 - Trusted Relationship

MITREへのリンク →

IndigoZebra

Score: 7.92

Matched TTPs:

T1598.003 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1098.007 - Additional Local or Domain Groups
T1608.005 - Link Target
T1199 - Trusted Relationship

MITREへのリンク →

The White Company

Score: 4.27

Matched TTPs:

T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1506 - Web Session Cookie

MITREへのリンク →

Velvet Ant

Score: 12.00

Matched TTPs:

T1583.005 - Botnet
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1597 - Search Closed Sources
T1566.003 - Spearphishing via Service

MITREへのリンク →

DarkVishnya

Score: 6.41

Matched TTPs:

T1583.005 - Botnet
T1199 - Trusted Relationship
T1097 - Pass the Ticket

MITREへのリンク →

BlackByte

Score: 23.22

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1175 - Component Object Model and Distributed COM
T1606.001 - Web Cookies
T1087.004 - Cloud Account
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

BackdoorDiplomacy

Score: 6.51

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Medusa Group

Score: 23.91

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1059.009 - Cloud API
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

Storm-0501

Score: 10.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1097 - Pass the Ticket
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

Cinnamon Tempest

Score: 4.84

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1199 - Trusted Relationship

MITREへのリンク →

ToddyCat

Score: 8.93

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1055.004 - Asynchronous Procedure Call
T1506 - Web Session Cookie
T1547.008 - LSASS Driver

MITREへのリンク →

Volatile Cedar

Score: 8.19

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1562.004 - Disable or Modify System Firewall
T1002 - Data Compressed

MITREへのリンク →

INC Ransom

Score: 14.00

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1055.004 - Asynchronous Procedure Call
T1552.003 - Shell History
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

MoustachedBouncer

Score: 6.63

Matched TTPs:

T1055.003 - Thread Execution Hijacking
T1039 - Data from Network Shared Drive

MITREへのリンク →

Aquatic Panda

Score: 15.27

Matched TTPs:

T1562.004 - Disable or Modify System Firewall
T1059.009 - Cloud API
T1144 - Gatekeeper Bypass
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie

MITREへのリンク →

FIN5

Score: 6.12

Matched TTPs:

T1547.011 - Plist Modification
T1199 - Trusted Relationship
T1097 - Pass the Ticket

MITREへのリンク →

Stealth Falcon

Score: 7.06

Matched TTPs:

T1590.006 - Network Security Appliances
T1087.004 - Cloud Account
T1556.009 - Conditional Access Policies

MITREへのリンク →

Deep Panda

Score: 3.29

Matched TTPs:

T1177 - LSASS Driver

MITREへのリンク →

Equation

Score: 12.80

Matched TTPs:

T1589.003 - Employee Names
T1130 - Install Root Certificate
T1037.001 - Logon Script (Windows)

MITREへのリンク →

Windigo

Score: 3.06

Matched TTPs:

T1219.001 - IDE Tunneling
T1059.012 - Hypervisor CLI

MITREへのリンク →

Leafminer

Score: 3.91

Matched TTPs:

T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1059.012 - Hypervisor CLI

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

POLONIUM

Score: 5.26

Matched TTPs:

T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.002 - Authentication Package

MITREへのリンク →

Carbanak

Score: 3.25

Matched TTPs:

T1199 - Trusted Relationship
T1547.002 - Authentication Package

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70

Matched TTPs:

T1683.001 - Written Content
T1562.013 - Disable or Modify Network Device Firewall
T1053.002 - At
T1597 - Search Closed Sources
T1219.001 - IDE Tunneling
T1140 - Deobfuscate/Decode Files or Information
T1596.003 - Digital Certificates
T1008 - Fallback Channels
T1037 - Boot or Logon Initialization Scripts
T1547.002 - Authentication Package
T1552.003 - Shell History
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1598.003 - Spearphishing Link
T1055.014 - VDSO Hijacking
T1608.005 - Link Target
T1152 - Launchctl
T1583.005 - Botnet
T1057 - Process Discovery
T1134.002 - Create Process with Token
T1543.003 - Windows Service
T1506 - Web Session Cookie
T1114 - Email Collection
T1003.003 - NTDS
T1024 - Custom Cryptographic Protocol
T1033 - System Owner/User Discovery
T1087.004 - Cloud Account
T1606.002 - SAML Tokens
T1690 - Prevent Command History Logging
T1102.003 - One-Way Communication
T1197 - BITS Jobs
T1098.007 - Additional Local or Domain Groups
T1030 - Data Transfer Size Limits
T1059.009 - Cloud API
T1199 - Trusted Relationship
T1183 - Image File Execution Options Injection
T1566.002 - Spearphishing Link
T1218.012 - Verclsid

MITREへのリンク →

Sandworm Team

Score: 0.59

Matched TTPs:

T1219.001 - IDE Tunneling
T1140 - Deobfuscate/Decode Files or Information
T1596.003 - Digital Certificates
T1027 - Obfuscated Files or Information
T1193 - Spearphishing Attachment
T1547.002 - Authentication Package
T1091 - Replication Through Removable Media
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1583.005 - Botnet
T1134.002 - Create Process with Token
T1484.002 - Trust Modification
T1564.008 - Email Hiding Rules
T1543.003 - Windows Service
T1114 - Email Collection
T1033 - System Owner/User Discovery
T1087.004 - Cloud Account
T1606.002 - SAML Tokens
T1187 - Forced Authentication
T1102.003 - One-Way Communication
T1055.004 - Asynchronous Procedure Call
T1049 - System Network Connections Discovery
T1098.007 - Additional Local or Domain Groups
T1005 - Data from Local System
T1063 - Security Software Discovery
T1111 - Multi-Factor Authentication Interception
T1199 - Trusted Relationship
T1183 - Image File Execution Options Injection
T1562.004 - Disable or Modify System Firewall
T1075 - Pass the Hash
T1566.002 - Spearphishing Link

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Infrastructure of Interest: Medium Confidence Phishing

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ