Trusted Design

Infrastructure of Interest: Medium Confidence Command And Control

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with command and control (C2) infrastructure, facilitating malware communication, data exfiltration, and persistent threat actor operations. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 4.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Medusa Group

Score: 31.29
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

menuPass

Score: 29.84
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
MITREへのリンク →

INC Ransom

Score: 14.72
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gamaredon Group

Score: 68.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1036.002 - Right-to-Left Override
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

APT32

Score: 51.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 57.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

MuddyWater

Score: 45.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Wizard Spider

Score: 38.19
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Leviathan

Score: 26.73
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Velvet Ant

Score: 21.32
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583.005 - Botnet
  • T1684 - Social Engineering
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 47.52
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

GALLIUM

Score: 19.78
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
MITREへのリンク →

Volt Typhoon

Score: 82.40
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1164 - Re-opened Applications
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1552.008 - Chat Messages
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1570 - Lateral Tool Transfer
  • T1584.002 - DNS Server
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

Blue Mockingbird

Score: 15.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Naikon

Score: 5.79
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

Lazarus Group

Score: 57.04
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1569.002 - Service Execution
MITREへのリンク →

Lotus Blossom

Score: 20.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1505 - Server Software Component
  • T1569.002 - Service Execution
MITREへのリンク →

Sandworm Team

Score: 72.63
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1546.016 - Installer Packages
MITREへのリンク →

Earth Lusca

Score: 33.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1546.016 - Installer Packages
MITREへのリンク →

Indrik Spider

Score: 24.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1497.002 - User Activity Based Checks
  • T1552.008 - Chat Messages
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
MITREへのリンク →

TA2541

Score: 27.34
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Stealth Falcon

Score: 15.81
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1590.006 - Network Security Appliances
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Aquatic Panda

Score: 20.81
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

APT29

Score: 49.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1036.002 - Right-to-Left Override
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

OilRig

Score: 60.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1059.004 - Unix Shell
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Windshift

Score: 11.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 23.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1601.001 - Patch System Image
  • T1505 - Server Software Component
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

ToddyCat

Score: 11.71
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1506 - Web Session Cookie
MITREへのリンク →

Deep Panda

Score: 10.30
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.004 - Unix Shell
MITREへのリンク →

Threat Group-3390

Score: 37.37
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT42

Score: 29.01
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
MITREへのリンク →

Ember Bear

Score: 40.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Chimera

Score: 26.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackByte

Score: 40.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN13

Score: 36.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Magic Hound

Score: 55.75
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
MITREへのリンク →

APT41

Score: 76.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1596.003 - Digital Certificates
  • T1539 - Steal Web Session Cookie
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1578.003 - Delete Cloud Instance
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

FIN8

Score: 20.57
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Kimsuky

Score: 76.15
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 27.32
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 27.47
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

APT38

Score: 30.77
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 58.71
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1564.004 - NTFS File Attributes
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 24.70
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

APT5

Score: 25.41
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1578.003 - Delete Cloud Instance
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Tonto Team

Score: 12.69
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

Group5

Score: 3.53
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
MITREへのリンク →

PLATINUM

Score: 9.55
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

FIN4

Score: 6.94
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Sowbug

Score: 7.47
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

HEXANE

Score: 44.33
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT3

Score: 27.34
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1560.003 - Archive via Custom Method
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
MITREへのリンク →

Ke3chang

Score: 35.26
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1102.002 - Bidirectional Communication
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Akira

Score: 15.35
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1137.005 - Outlook Rules
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

HAFNIUM

Score: 37.03
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1059 - Command and Scripting Interpreter
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1552.008 - Chat Messages
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

LAPSUS$

Score: 40.94
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1584.003 - Virtual Private Server
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Contagious Interview

Score: 46.18
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1064 - Scripting
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
MITREへのリンク →

Inception

Score: 18.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 4.34
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Elderwood

Score: 3.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 11.80
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
MITREへのリンク →

APT18

Score: 4.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Sidewinder

Score: 25.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 19.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1064 - Scripting
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT33

Score: 10.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 17.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 21.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1560.003 - Archive via Custom Method
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 13.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 10.49
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
MITREへのリンク →

Fox Kitten

Score: 28.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1588.005 - Exploits
MITREへのリンク →

Malteiro

Score: 9.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

Storm-1811

Score: 12.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Tropic Trooper

Score: 19.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Whitefly

Score: 4.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 8.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 35.45
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1519 - Emond
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

Moonstone Sleet

Score: 25.26
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA551

Score: 13.92
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
  • T1601.001 - Patch System Image
MITREへのリンク →

Turla

Score: 69.30
Matched TTPs:
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1059.004 - Unix Shell
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 45.47
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Daggerfly

Score: 9.67
Matched TTPs:
  • T1584.008 - Network Devices
  • T1120 - Peripheral Device Discovery
  • T1497.002 - User Activity Based Checks
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
MITREへのリンク →

Dragonfly

Score: 47.68
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 13.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
MITREへのリンク →

Axiom

Score: 17.69
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

UNC3886

Score: 34.02
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1059.004 - Unix Shell
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 20.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 16.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 17.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

Silent Librarian

Score: 13.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

ZIRCONIUM

Score: 17.54
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 16.51
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 21.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Patchwork

Score: 22.46
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1008 - Fallback Channels
MITREへのリンク →

Cobalt Group

Score: 19.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

admin@338

Score: 10.60
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 22.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

EXOTIC LILY

Score: 13.19
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
MITREへのリンク →

Molerats

Score: 3.19
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

RTM

Score: 4.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 20.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Confucius

Score: 8.78
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1087.004 - Cloud Account
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
MITREへのリンク →

TA459

Score: 3.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 4.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 6.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

SideCopy

Score: 20.26
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Nomadic Octopus

Score: 3.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

LazyScripter

Score: 16.54
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1601.001 - Patch System Image
MITREへのリンク →

Andariel

Score: 13.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 11.39
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Silence

Score: 13.82
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

IndigoZebra

Score: 3.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

APT1

Score: 16.68
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Mustard Tempest

Score: 6.21
Matched TTPs:
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Poseidon Group

Score: 6.58
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

DarkVishnya

Score: 9.80
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
MITREへのリンク →

Windigo

Score: 6.70
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1159 - Launch Agent
MITREへのリンク →

Rocke

Score: 17.32
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1008 - Fallback Channels
MITREへのリンク →

Storm-0501

Score: 15.38
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

BackdoorDiplomacy

Score: 6.51
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1601.001 - Patch System Image
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

RedEcho

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

Winnti Group

Score: 4.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
MITREへのリンク →

MoustachedBouncer

Score: 7.43
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1497.002 - User Activity Based Checks
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

FIN5

Score: 6.12
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Leafminer

Score: 4.01
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.70
Matched TTPs:
  • T1584.002 - DNS Server
  • T1059.009 - Cloud API
  • T1099 - Timestomp
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
  • T1562.009 - Safe Mode Boot
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1553.002 - Code Signing
  • T1039 - Data from Network Shared Drive
  • T1176 - Software Extensions
  • T1134.002 - Create Process with Token
  • T1570 - Lateral Tool Transfer
  • T1070.006 - Timestomp
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1003.007 - Proc Filesystem
  • T1552.008 - Chat Messages
  • T1584.003 - Virtual Private Server
  • T1547.005 - Security Support Provider
  • T1047 - Windows Management Instrumentation
  • T1159 - Launch Agent
  • T1497.002 - User Activity Based Checks
  • T1590.006 - Network Security Appliances
  • T1556.002 - Password Filter DLL
  • T1596.003 - Digital Certificates
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1164 - Re-opened Applications
  • T1574.002 - DLL Side-Loading
  • T1560.003 - Archive via Custom Method
MITREへのリンク →

Kimsuky

Score: 0.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.003 - NTDS
  • T1059.009 - Cloud API
  • T1087.004 - Cloud Account
  • T1601.001 - Patch System Image
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1683.001 - Written Content
  • T1583.006 - Web Services
  • T1030 - Data Transfer Size Limits
  • T1547.002 - Authentication Package
  • T1134.002 - Create Process with Token
  • T1570 - Lateral Tool Transfer
  • T1219.001 - IDE Tunneling
  • T1091 - Replication Through Removable Media
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1008 - Fallback Channels
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1590.006 - Network Security Appliances
  • T1098.007 - Additional Local or Domain Groups
  • T1120 - Peripheral Device Discovery
  • T1583.005 - Botnet
  • T1598.003 - Spearphishing Link
  • T1596.003 - Digital Certificates
  • T1199 - Trusted Relationship
  • T1218.012 - Verclsid
  • T1506 - Web Session Cookie
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

APT41

Score: 0.65
Matched TTPs:
  • T1037.001 - Logon Script (Windows)
  • T1002 - Data Compressed
  • T1059.009 - Cloud API
  • T1539 - Steal Web Session Cookie
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1562.004 - Disable or Modify System Firewall
  • T1584.008 - Network Devices
  • T1570 - Lateral Tool Transfer
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1055.004 - Asynchronous Procedure Call
  • T1578.003 - Delete Cloud Instance
  • T1177 - LSASS Driver
  • T1008 - Fallback Channels
  • T1584.003 - Virtual Private Server
  • T1047 - Windows Management Instrumentation
  • T1027.007 - Dynamic API Resolution
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1590.006 - Network Security Appliances
  • T1097 - Pass the Ticket
  • T1120 - Peripheral Device Discovery
  • T1598.003 - Spearphishing Link
  • T1596.003 - Digital Certificates
  • T1199 - Trusted Relationship
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1560.003 - Archive via Custom Method
MITREへのリンク →

Sandworm Team

Score: 0.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1087.004 - Cloud Account
  • T1546.016 - Installer Packages
  • T1601.001 - Patch System Image
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1005 - Data from Local System
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1187 - Forced Authentication
  • T1091 - Replication Through Removable Media
  • T1055.004 - Asynchronous Procedure Call
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1193 - Spearphishing Attachment
  • T1075 - Pass the Hash
  • T1047 - Windows Management Instrumentation
  • T1497.002 - User Activity Based Checks
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1120 - Peripheral Device Discovery
  • T1583.005 - Botnet
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1596.003 - Digital Certificates
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Turla

Score: 0.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1099 - Timestomp
  • T1063 - Security Software Discovery
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
  • T1601.001 - Patch System Image
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1176 - Software Extensions
  • T1570 - Lateral Tool Transfer
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1556.009 - Conditional Access Policies
  • T1597 - Search Closed Sources
  • T1497.002 - User Activity Based Checks
  • T1590.006 - Network Security Appliances
  • T1612 - Build Image on Host
  • T1097 - Pass the Ticket
  • T1059.004 - Unix Shell
  • T1120 - Peripheral Device Discovery
  • T1136.002 - Domain Account
  • T1218.001 - Compiled HTML File
  • T1552.005 - Cloud Instance Metadata API
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1059.009 - Cloud API
  • T1099 - Timestomp
  • T1059.013 - Container CLI/API
  • T1087.004 - Cloud Account
  • T1562.009 - Safe Mode Boot
  • T1601.001 - Patch System Image
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1547.002 - Authentication Package
  • T1554 - Compromise Host Software Binary
  • T1570 - Lateral Tool Transfer
  • T1219.001 - IDE Tunneling
  • T1061 - Graphical User Interface
  • T1091 - Replication Through Removable Media
  • T1584.003 - Virtual Private Server
  • T1047 - Windows Management Instrumentation
  • T1542.004 - ROMMONkit
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1497.002 - User Activity Based Checks
  • T1612 - Build Image on Host
  • T1036.002 - Right-to-Left Override
  • T1098.007 - Additional Local or Domain Groups
  • T1120 - Peripheral Device Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1598.003 - Spearphishing Link
  • T1552.005 - Cloud Instance Metadata API
  • T1199 - Trusted Relationship
  • T1218.012 - Verclsid
  • T1506 - Web Session Cookie
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る