Trusted Design

Infrastructure of Interest: Medium Confidence InfoStealer

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with infostealer malware, designed to harvest sensitive data such as credentials, cookies, and financial information from compromised systems. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations involving data theft. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 68.15
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1052.001 - Exfiltration over USB
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Kimsuky

Score: 112.83
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1056.001 - Keylogging
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1071.003 - Mail Protocols
  • T1596 - Search Open Technical Databases
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1593.002 - Search Engines
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1027.010 - Command Obfuscation
  • T1550.002 - Pass the Hash
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 32.03
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT38

Score: 45.99
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1565.003 - Runtime Data Manipulation
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1217 - Browser Information Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Moonstone Sleet

Score: 42.14
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1217 - Browser Information Discovery
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
MITREへのリンク →

FIN8

Score: 21.22
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Ke3chang

Score: 44.24
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1213.002 - Sharepoint
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1119 - Automated Collection
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
MITREへのリンク →

FIN7

Score: 55.85
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1124 - System Time Discovery
MITREへのリンク →

HAFNIUM

Score: 49.68
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1213.002 - Sharepoint
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1119 - Automated Collection
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1590 - Gather Victim Network Information
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Winter Vivern

Score: 33.23
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1059 - Command and Scripting Interpreter
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT19

Score: 16.93
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN10

Score: 3.84
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

APT32

Score: 57.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT39

Score: 30.91
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
MITREへのリンク →

APT37

Score: 25.60
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Lazarus Group

Score: 78.30
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1124 - System Time Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Tropic Trooper

Score: 31.94
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1052.001 - Exfiltration over USB
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Threat Group-3390

Score: 40.79
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
MITREへのリンク →

Earth Lusca

Score: 38.13
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Magic Hound

Score: 70.57
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

ZIRCONIUM

Score: 38.53
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1598 - Phishing for Information
  • T1665 - Hide Infrastructure
  • T1124 - System Time Discovery
MITREへのリンク →

Chimera

Score: 39.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1213.002 - Sharepoint
  • T1119 - Automated Collection
  • T1007 - System Service Discovery
  • T1217 - Browser Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1550.002 - Pass the Hash
  • T1124 - System Time Discovery
MITREへのリンク →

Patchwork

Score: 26.08
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Stealth Falcon

Score: 22.10
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1555 - Credentials from Password Stores
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Volt Typhoon

Score: 106.67
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1592 - Gather Victim Host Information
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1069 - Permission Groups Discovery
  • T1594 - Search Victim-Owned Websites
  • T1497.001 - System Checks
  • T1588.006 - Vulnerabilities
  • T1007 - System Service Discovery
  • T1590.004 - Network Topology
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1217 - Browser Information Discovery
  • T1589.002 - Email Addresses
  • T1590.006 - Network Security Appliances
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1591 - Gather Victim Org Information
  • T1590 - Gather Victim Network Information
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1012 - Query Registry
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1124 - System Time Discovery
MITREへのリンク →

LuminousMoth

Score: 22.37
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
MITREへのリンク →

Aquatic Panda

Score: 26.62
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1550.002 - Pass the Hash
MITREへのリンク →

Gamaredon Group

Score: 69.75
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

GALLIUM

Score: 22.31
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1550.002 - Pass the Hash
MITREへのリンク →

Wizard Spider

Score: 33.99
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT41

Score: 78.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1568.002 - Domain Generation Algorithms
  • T1069 - Permission Groups Discovery
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1562.006 - Indicator Blocking
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1012 - Query Registry
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1550.002 - Pass the Hash
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

OilRig

Score: 68.49
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1555 - Credentials from Password Stores
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

HEXANE

Score: 53.44
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1583.002 - DNS Server
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1555 - Credentials from Password Stores
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Windshift

Score: 16.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

MuddyWater

Score: 52.86
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Dragonfly

Score: 44.77
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
MITREへのリンク →

Medusa Group

Score: 44.19
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1652 - Device Driver Discovery
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sandworm Team

Score: 92.85
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1588.006 - Vulnerabilities
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1590.001 - Domain Properties
MITREへのリンク →

Storm-1811

Score: 14.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
MITREへのリンク →

Sidewinder

Score: 30.73
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

APT3

Score: 31.82
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1056.001 - Keylogging
  • T1069 - Permission Groups Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Ajax Security Team

Score: 4.86
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

APT28

Score: 92.61
Matched TTPs:
  • T1056.001 - Keylogging
  • T1213.002 - Sharepoint
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1595.002 - Vulnerability Scanning
  • T1596 - Search Open Technical Databases
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1213 - Data from Information Repositories
  • T1189 - Drive-by Compromise
  • T1550.002 - Pass the Hash
  • T1001.001 - Junk Data
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Darkhotel

Score: 30.63
Matched TTPs:
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

menuPass

Score: 29.93
Matched TTPs:
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
MITREへのリンク →

APT5

Score: 22.15
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Tonto Team

Score: 9.14
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1090.002 - External Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Group5

Score: 3.53
Matched TTPs:
  • T1056.001 - Keylogging
  • T1027.013 - Encrypted/Encoded File
MITREへのリンク →

PLATINUM

Score: 8.86
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN4

Score: 8.37
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
MITREへのリンク →

APT42

Score: 32.85
Matched TTPs:
  • T1056.001 - Keylogging
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Sowbug

Score: 7.47
Matched TTPs:
  • T1056.001 - Keylogging
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

FIN13

Score: 48.83
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1069 - Permission Groups Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1087 - Account Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1565 - Data Manipulation
  • T1550.002 - Pass the Hash
MITREへのリンク →

LAPSUS$

Score: 59.86
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1213.002 - Sharepoint
  • T1005 - Data from Local System
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1589.001 - Credentials
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

Akira

Score: 15.91
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Contagious Interview

Score: 69.51
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1593.003 - Code Repositories
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1543.001 - Launch Agent
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

Ember Bear

Score: 46.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1119 - Automated Collection
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1552.001 - Credentials In Files
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1550.002 - Pass the Hash
  • T1588.005 - Exploits
MITREへのリンク →

Inception

Score: 19.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 6.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 5.73
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 10.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 5.52
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Leviathan

Score: 36.41
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Saint Bear

Score: 23.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1059 - Command and Scripting Interpreter
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

APT33

Score: 18.61
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1555 - Credentials from Password Stores
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BITTER

Score: 14.02
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 26.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1069 - Permission Groups Discovery
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Higaisa

Score: 18.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1124 - System Time Discovery
MITREへのリンク →

Fox Kitten

Score: 34.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1217 - Browser Information Discovery
  • T1546.008 - Accessibility Features
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1110 - Brute Force
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1027.010 - Command Obfuscation
  • T1213.005 - Messaging Applications
MITREへのリンク →

TA2541

Score: 21.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1016.001 - Internet Connection Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Malteiro

Score: 18.00
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555 - Credentials from Password Stores
  • T1555.003 - Credentials from Web Browsers
  • T1657 - Financial Theft
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Blue Mockingbird

Score: 10.79
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
MITREへのリンク →

Whitefly

Score: 6.88
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Moses Staff

Score: 8.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 36.15
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Andariel

Score: 22.01
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA551

Score: 16.95
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT29

Score: 50.74
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1665 - Hide Infrastructure
MITREへのリンク →

Lotus Blossom

Score: 16.01
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1134 - Access Token Manipulation
MITREへのリンク →

Turla

Score: 68.35
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.003 - Mail Protocols
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

Mustard Tempest

Score: 12.52
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

Scattered Spider

Score: 74.22
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1217 - Browser Information Discovery
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1538 - Cloud Service Dashboard
  • T1213.005 - Messaging Applications
MITREへのリンク →

Daggerfly

Score: 7.80
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1082 - System Information Discovery
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
MITREへのリンク →

Agrius

Score: 17.74
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1119 - Automated Collection
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1041 - Exfiltration Over C2 Channel
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Silent Librarian

Score: 18.19
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

EXOTIC LILY

Score: 24.86
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1102 - Web Service
  • T1597 - Search Closed Sources
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

Axiom

Score: 24.16
Matched TTPs:
  • T1583.002 - DNS Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Indrik Spider

Score: 22.90
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1552.001 - Credentials In Files
  • T1590 - Gather Victim Network Information
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1012 - Query Registry
MITREへのリンク →

UNC3886

Score: 25.41
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 19.41
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 25.66
Matched TTPs:
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN6

Score: 29.59
Matched TTPs:
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1005 - Data from Local System
  • T1555 - Credentials from Password Stores
  • T1555.003 - Credentials from Web Browsers
  • T1059 - Command and Scripting Interpreter
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
MITREへのリンク →

Evilnum

Score: 6.11
Matched TTPs:
  • T1497.001 - System Checks
  • T1555 - Credentials from Password Stores
MITREへのリンク →

Storm-0501

Score: 24.79
Matched TTPs:
  • T1588.006 - Vulnerabilities
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1057 - Process Discovery
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Star Blizzard

Score: 21.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 25.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
MITREへのリンク →

Cobalt Group

Score: 13.21
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

admin@338

Score: 10.60
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BRONZE BUTLER

Score: 30.49
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1124 - System Time Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

WIRTE

Score: 3.29
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
MITREへのリンク →

Molerats

Score: 6.01
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1057 - Process Discovery
MITREへのリンク →

RTM

Score: 5.92
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Confucius

Score: 12.18
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 4.69
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gorgon Group

Score: 6.92
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Naikon

Score: 4.24
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1588.002 - Tool
MITREへのリンク →

SideCopy

Score: 16.13
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
MITREへのリンク →

LazyScripter

Score: 17.75
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Silence

Score: 9.59
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
MITREへのリンク →

IndigoZebra

Score: 5.25
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

APT1

Score: 21.61
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1119 - Automated Collection
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1550.002 - Pass the Hash
MITREへのリンク →

The White Company

Score: 6.86
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

APT-C-36

Score: 4.01
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Gallmaker

Score: 3.16
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN5

Score: 12.07
Matched TTPs:
  • T1119 - Automated Collection
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
MITREへのリンク →

Poseidon Group

Score: 5.78
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Velvet Ant

Score: 12.00
Matched TTPs:
  • T1040 - Network Sniffing
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

DarkVishnya

Score: 6.41
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
  • T1110 - Brute Force
MITREへのリンク →

Windigo

Score: 10.80
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

BlackByte

Score: 37.40
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1614.001 - System Language Discovery
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Rocke

Score: 21.17
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

ToddyCat

Score: 9.37
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Cinnamon Tempest

Score: 7.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

BackdoorDiplomacy

Score: 8.80
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.62
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 15.42
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Leafminer

Score: 17.56
Matched TTPs:
  • T1555 - Credentials from Password Stores
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Winnti Group

Score: 4.33
Matched TTPs:
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1057 - Process Discovery
MITREへのリンク →

MoustachedBouncer

Score: 6.63
Matched TTPs:
  • T1659 - Content Injection
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1657 - Financial Theft
MITREへのリンク →

Deep Panda

Score: 4.80
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

POLONIUM

Score: 6.68
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Carbanak

Score: 4.67
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1591 - Gather Victim Org Information
  • T1518.001 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1557 - Adversary-in-the-Middle
  • T1071.003 - Mail Protocols
  • T1057 - Process Discovery
  • T1056.001 - Keylogging
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1656 - Impersonation
  • T1589.002 - Email Addresses
  • T1594 - Search Victim-Owned Websites
  • T1552.001 - Credentials In Files
  • T1593.001 - Social Media
  • T1596 - Search Open Technical Databases
  • T1657 - Financial Theft
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.001 - Dead Drop Resolver
  • T1007 - System Service Discovery
  • T1593.002 - Search Engines
  • T1585.002 - Email Accounts
  • T1583.001 - Domains
  • T1041 - Exfiltration Over C2 Channel
  • T1040 - Network Sniffing
  • T1593 - Search Open Websites/Domains
  • T1566 - Phishing
  • T1555.003 - Credentials from Web Browsers
  • T1550.002 - Pass the Hash
  • T1598 - Phishing for Information
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1588.005 - Exploits
  • T1583.006 - Web Services
  • T1016 - System Network Configuration Discovery
  • T1566.001 - Spearphishing Attachment
  • T1012 - Query Registry
  • T1190 - Exploit Public-Facing Application
  • T1608.001 - Upload Malware
  • T1005 - Data from Local System
MITREへのリンク →

Volt Typhoon

Score: 0.66
Matched TTPs:
  • T1518 - Software Discovery
  • T1112 - Modify Registry
  • T1596.005 - Scan Databases
  • T1555 - Credentials from Password Stores
  • T1591 - Gather Victim Org Information
  • T1057 - Process Discovery
  • T1056.001 - Keylogging
  • T1589.002 - Email Addresses
  • T1594 - Search Victim-Owned Websites
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1069 - Permission Groups Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016.001 - Internet Connection Discovery
  • T1007 - System Service Discovery
  • T1590 - Gather Victim Network Information
  • T1584.003 - Virtual Private Server
  • T1593 - Search Open Websites/Domains
  • T1217 - Browser Information Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1592 - Gather Victim Host Information
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1588.006 - Vulnerabilities
  • T1584.008 - Network Devices
  • T1124 - System Time Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1591.004 - Identify Roles
  • T1016 - System Network Configuration Discovery
  • T1012 - Query Registry
  • T1190 - Exploit Public-Facing Application
  • T1590.004 - Network Topology
  • T1590.006 - Network Security Appliances
  • T1005 - Data from Local System
  • T1497.001 - System Checks
  • T1033 - System Owner/User Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1082 - System Information Discovery
  • T1499 - Endpoint Denial of Service
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1056.001 - Keylogging
  • T1027.010 - Command Obfuscation
  • T1595.002 - Vulnerability Scanning
  • T1587.001 - Malware
  • T1589.002 - Email Addresses
  • T1594 - Search Victim-Owned Websites
  • T1140 - Deobfuscate/Decode Files or Information
  • T1486 - Data Encrypted for Impact
  • T1590.001 - Domain Properties
  • T1203 - Exploitation for Client Execution
  • T1585.002 - Email Accounts
  • T1213.006 - Databases
  • T1036 - Masquerading
  • T1583.001 - Domains
  • T1041 - Exfiltration Over C2 Channel
  • T1040 - Network Sniffing
  • T1593 - Search Open Websites/Domains
  • T1195 - Supply Chain Compromise
  • T1555.003 - Credentials from Web Browsers
  • T1592.002 - Software
  • T1049 - System Network Connections Discovery
  • T1588.006 - Vulnerabilities
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1608.001 - Upload Malware
  • T1005 - Data from Local System
  • T1033 - System Owner/User Discovery
  • T1078 - Valid Accounts
  • T1591.002 - Business Relationships
MITREへのリンク →

APT28

Score: 0.57
Matched TTPs:
  • T1090.002 - External Proxy
  • T1591 - Gather Victim Org Information
  • T1583.003 - Virtual Private Server
  • T1598.003 - Spearphishing Link
  • T1071.003 - Mail Protocols
  • T1057 - Process Discovery
  • T1056.001 - Keylogging
  • T1595.002 - Vulnerability Scanning
  • T1110 - Brute Force
  • T1596 - Search Open Technical Databases
  • T1140 - Deobfuscate/Decode Files or Information
  • T1213 - Data from Information Repositories
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1036 - Masquerading
  • T1001.001 - Junk Data
  • T1583.001 - Domains
  • T1040 - Network Sniffing
  • T1189 - Drive-by Compromise
  • T1027.013 - Encrypted/Encoded File
  • T1068 - Exploitation for Privilege Escalation
  • T1550.002 - Pass the Hash
  • T1119 - Automated Collection
  • T1598 - Phishing for Information
  • T1584.008 - Network Devices
  • T1211 - Exploitation for Defense Evasion
  • T1102.002 - Bidirectional Communication
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
  • T1583.006 - Web Services
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1213.002 - Sharepoint
  • T1005 - Data from Local System
  • T1025 - Data from Removable Media
  • T1078 - Valid Accounts
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る