Trusted Design

Infrastructure of Interest: Medium Confidence Command And Control

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with command and control (C2) infrastructure, facilitating malware communication, data exfiltration, and persistent threat actor operations. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 4.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Medusa Group

Score: 31.29
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

menuPass

Score: 29.84
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

INC Ransom

Score: 14.72
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1569.002 - Service Execution
MITREへのリンク →

Gamaredon Group

Score: 68.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1568 - Dynamic Resolution
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT32

Score: 51.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 57.91
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MuddyWater

Score: 45.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Wizard Spider

Score: 38.19
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

Leviathan

Score: 26.73
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

Velvet Ant

Score: 21.32
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1040 - Network Sniffing
  • T1055 - Process Injection
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN7

Score: 47.52
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 19.78
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

Volt Typhoon

Score: 82.40
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1069 - Permission Groups Discovery
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1590.004 - Network Topology
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1590.006 - Network Security Appliances
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1590 - Gather Victim Network Information
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1012 - Query Registry
  • T1614 - System Location Discovery
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

Blue Mockingbird

Score: 15.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 5.79
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Lazarus Group

Score: 57.04
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Lotus Blossom

Score: 20.48
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1134 - Access Token Manipulation
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sandworm Team

Score: 72.63
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1584.004 - Server
MITREへのリンク →

Earth Lusca

Score: 33.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1584.004 - Server
MITREへのリンク →

Indrik Spider

Score: 24.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1059.001 - PowerShell
  • T1590 - Gather Victim Network Information
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1012 - Query Registry
  • T1584.004 - Server
MITREへのリンク →

TA2541

Score: 27.34
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1016.001 - Internet Connection Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Stealth Falcon

Score: 15.81
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1016 - System Network Configuration Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Aquatic Panda

Score: 20.81
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT29

Score: 49.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1568 - Dynamic Resolution
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1651 - Cloud Administration Command
MITREへのリンク →

OilRig

Score: 60.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1027.005 - Indicator Removal from Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Windshift

Score: 11.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

FIN6

Score: 23.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

ToddyCat

Score: 11.71
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Deep Panda

Score: 10.30
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1027.005 - Indicator Removal from Tools
MITREへのリンク →

Threat Group-3390

Score: 37.37
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
MITREへのリンク →

APT42

Score: 29.01
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Ember Bear

Score: 40.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Chimera

Score: 26.53
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1213.002 - Sharepoint
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 40.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1614.001 - System Language Discovery
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 36.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1069 - Permission Groups Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

Magic Hound

Score: 55.75
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1016.001 - Internet Connection Discovery
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT41

Score: 76.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1056.001 - Keylogging
  • T1568.002 - Domain Generation Algorithms
  • T1069 - Permission Groups Discovery
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1562.006 - Indicator Blocking
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN8

Score: 20.57
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Kimsuky

Score: 76.15
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1593.002 - Search Engines
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 27.32
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 27.47
Matched TTPs:
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT38

Score: 30.77
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1583.001 - Domains
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 58.71
Matched TTPs:
  • T1056.001 - Keylogging
  • T1213.002 - Sharepoint
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1039 - Data from Network Shared Drive
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.001 - Junk Data
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Darkhotel

Score: 24.70
Matched TTPs:
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT5

Score: 25.41
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.006 - Indicator Blocking
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Tonto Team

Score: 12.69
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Group5

Score: 3.53
Matched TTPs:
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
MITREへのリンク →

PLATINUM

Score: 9.55
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

FIN4

Score: 6.94
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Sowbug

Score: 7.47
Matched TTPs:
  • T1056.001 - Keylogging
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

HEXANE

Score: 44.33
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1583.002 - DNS Server
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

APT3

Score: 27.34
Matched TTPs:
  • T1056.001 - Keylogging
  • T1069 - Permission Groups Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Ke3chang

Score: 35.26
Matched TTPs:
  • T1056.001 - Keylogging
  • T1213.002 - Sharepoint
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1614.001 - System Language Discovery
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 15.35
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

HAFNIUM

Score: 37.03
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1590 - Gather Victim Network Information
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

LAPSUS$

Score: 40.94
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1005 - Data from Local System
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

Contagious Interview

Score: 46.18
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

Inception

Score: 18.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 4.34
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
MITREへのリンク →

Elderwood

Score: 3.96
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Transparent Tribe

Score: 11.80
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT18

Score: 4.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
MITREへのリンク →

Sidewinder

Score: 25.18
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Saint Bear

Score: 19.76
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1497 - Virtualization/Sandbox Evasion
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

APT33

Score: 10.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BITTER

Score: 17.30
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1568 - Dynamic Resolution
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 21.18
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1069 - Permission Groups Discovery
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Higaisa

Score: 13.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT19

Score: 10.49
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Fox Kitten

Score: 28.67
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1110 - Brute Force
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1213.005 - Messaging Applications
MITREへのリンク →

Malteiro

Score: 9.19
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Storm-1811

Score: 12.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
MITREへのリンク →

Tropic Trooper

Score: 19.46
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Whitefly

Score: 4.54
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Moses Staff

Score: 8.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 35.45
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Moonstone Sleet

Score: 25.26
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1486 - Data Encrypted for Impact
  • T1569.002 - Service Execution
MITREへのリンク →

TA551

Score: 13.92
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Turla

Score: 69.30
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1027.005 - Indicator Removal from Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1584.004 - Server
  • T1090.001 - Internal Proxy
MITREへのリンク →

Scattered Spider

Score: 45.47
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

Daggerfly

Score: 9.67
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1082 - System Information Discovery
  • T1059.001 - PowerShell
  • T1012 - Query Registry
  • T1584.004 - Server
MITREへのリンク →

Dragonfly

Score: 47.68
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1071.002 - File Transfer Protocols
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 13.99
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1041 - Exfiltration Over C2 Channel
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Axiom

Score: 17.69
Matched TTPs:
  • T1583.002 - DNS Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

UNC3886

Score: 34.02
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1027.005 - Indicator Removal from Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 20.80
Matched TTPs:
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 16.27
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 17.41
Matched TTPs:
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1497.001 - System Checks
MITREへのリンク →

Silent Librarian

Score: 13.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

ZIRCONIUM

Score: 17.54
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
MITREへのリンク →

Star Blizzard

Score: 16.51
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

CURIUM

Score: 21.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
MITREへのリンク →

Patchwork

Score: 22.46
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.005 - Indicator Removal from Tools
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Cobalt Group

Score: 19.06
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

admin@338

Score: 10.60
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BRONZE BUTLER

Score: 22.34
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

EXOTIC LILY

Score: 13.19
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Molerats

Score: 3.19
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

RTM

Score: 4.16
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Winter Vivern

Score: 20.06
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
MITREへのリンク →

Confucius

Score: 8.78
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA459

Score: 3.17
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 4.69
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gorgon Group

Score: 6.15
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1588.002 - Tool
MITREへのリンク →

SideCopy

Score: 20.26
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1614 - System Location Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Nomadic Octopus

Score: 3.86
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1059.001 - PowerShell
MITREへのリンク →

LazyScripter

Score: 16.54
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Andariel

Score: 13.37
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 11.39
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Silence

Score: 13.82
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

IndigoZebra

Score: 3.24
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1588.002 - Tool
MITREへのリンク →

APT1

Score: 16.68
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Mustard Tempest

Score: 6.21
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
MITREへのリンク →

Poseidon Group

Score: 6.58
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

DarkVishnya

Score: 9.80
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
MITREへのリンク →

Windigo

Score: 6.70
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Rocke

Score: 17.32
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Storm-0501

Score: 15.38
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 6.51
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

RedEcho

Score: 4.80
Matched TTPs:
  • T1583.001 - Domains
  • T1568 - Dynamic Resolution
MITREへのリンク →

Winnti Group

Score: 4.33
Matched TTPs:
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
MITREへのリンク →

MoustachedBouncer

Score: 7.43
Matched TTPs:
  • T1659 - Content Injection
  • T1059.001 - PowerShell
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

FIN5

Score: 6.12
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1110 - Brute Force
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Leafminer

Score: 4.01
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.70
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1012 - Query Registry
  • T1590 - Gather Victim Network Information
  • T1584.003 - Virtual Private Server
  • T1590.004 - Network Topology
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1049 - System Network Connections Discovery
  • T1005 - Data from Local System
  • T1090.001 - Internal Proxy
  • T1010 - Application Window Discovery
  • T1497.001 - System Checks
  • T1584.005 - Botnet
  • T1069 - Permission Groups Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1190 - Exploit Public-Facing Application
  • T1059.001 - PowerShell
  • T1589.002 - Email Addresses
  • T1614 - System Location Discovery
  • T1047 - Windows Management Instrumentation
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1083 - File and Directory Discovery
  • T1589 - Gather Victim Identity Information
  • T1590.006 - Network Security Appliances
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Kimsuky

Score: 0.65
Matched TTPs:
  • T1585.002 - Email Accounts
  • T1102.001 - Dead Drop Resolver
  • T1056.001 - Keylogging
  • T1583.001 - Domains
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1007 - System Service Discovery
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1557 - Adversary-in-the-Middle
  • T1656 - Impersonation
  • T1071.002 - File Transfer Protocols
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1190 - Exploit Public-Facing Application
  • T1593.002 - Search Engines
  • T1040 - Network Sniffing
  • T1589.002 - Email Addresses
  • T1059.001 - PowerShell
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1112 - Modify Registry
  • T1027.010 - Command Obfuscation
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1518.001 - Security Software Discovery
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1534 - Internal Spearphishing
  • T1082 - System Information Discovery
  • T1588.005 - Exploits
MITREへのリンク →

APT41

Score: 0.65
Matched TTPs:
  • T1213.003 - Code Repositories
  • T1203 - Exploitation for Client Execution
  • T1102.001 - Dead Drop Resolver
  • T1056.001 - Keylogging
  • T1012 - Query Registry
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1049 - System Network Connections Discovery
  • T1005 - Data from Local System
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1562.006 - Indicator Blocking
  • T1071.002 - File Transfer Protocols
  • T1069 - Permission Groups Discovery
  • T1055 - Process Injection
  • T1190 - Exploit Public-Facing Application
  • T1059.001 - PowerShell
  • T1480.001 - Environmental Keying
  • T1047 - Windows Management Instrumentation
  • T1596.005 - Scan Databases
  • T1083 - File and Directory Discovery
  • T1595.003 - Wordlist Scanning
  • T1568.002 - Domain Generation Algorithms
  • T1546.008 - Accessibility Features
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1003.002 - Security Account Manager
  • T1016 - System Network Configuration Discovery
  • T1110 - Brute Force
  • T1569.002 - Service Execution
  • T1082 - System Information Discovery
MITREへのリンク →

Sandworm Team

Score: 0.62
Matched TTPs:
  • T1585.002 - Email Accounts
  • T1203 - Exploitation for Client Execution
  • T1056.001 - Keylogging
  • T1583.001 - Domains
  • T1102.002 - Bidirectional Communication
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1005 - Data from Local System
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1584.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1059.001 - PowerShell
  • T1040 - Network Sniffing
  • T1589.002 - Email Addresses
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1499 - Endpoint Denial of Service
  • T1195 - Supply Chain Compromise
  • T1047 - Windows Management Instrumentation
  • T1083 - File and Directory Discovery
  • T1591.002 - Business Relationships
  • T1595.002 - Vulnerability Scanning
  • T1027.010 - Command Obfuscation
  • T1213.006 - Databases
  • T1041 - Exfiltration Over C2 Channel
  • T1219 - Remote Access Tools
  • T1082 - System Information Discovery
MITREへのリンク →

Turla

Score: 0.59
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1584.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1007 - System Service Discovery
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1005 - Data from Local System
  • T1027.005 - Indicator Removal from Tools
  • T1090.001 - Internal Proxy
  • T1588.001 - Malware
  • T1068 - Exploitation for Privilege Escalation
  • T1055 - Process Injection
  • T1059.001 - PowerShell
  • T1555.004 - Windows Credential Manager
  • T1025 - Data from Removable Media
  • T1083 - File and Directory Discovery
  • T1112 - Modify Registry
  • T1027.010 - Command Obfuscation
  • T1213.006 - Databases
  • T1057 - Process Discovery
  • T1584.006 - Web Services
  • T1518.001 - Security Software Discovery
  • T1016 - System Network Configuration Discovery
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1110 - Brute Force
  • T1082 - System Information Discovery
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1016.001 - Internet Connection Discovery
  • T1583.001 - Domains
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1005 - Data from Local System
  • T1497.001 - System Checks
  • T1583.003 - Virtual Private Server
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1027.004 - Compile After Delivery
  • T1059.001 - PowerShell
  • T1025 - Data from Removable Media
  • T1608.001 - Upload Malware
  • T1102.003 - One-Way Communication
  • T1047 - Windows Management Instrumentation
  • T1083 - File and Directory Discovery
  • T1001 - Data Obfuscation
  • T1112 - Modify Registry
  • T1027.010 - Command Obfuscation
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1518.001 - Security Software Discovery
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1534 - Internal Spearphishing
  • T1082 - System Information Discovery
  • T1568 - Dynamic Resolution
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る