Trusted Design

Infrastructure of Interest: Medium Confidence InfoStealer

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous patterns, behavioral analysis of malicious activity, and cross-referenced intelligence from endpoint telemetry and external sources. The IOCs included in this pulse are associated with infostealer malware, designed to harvest sensitive data such as credentials, cookies, and financial information from compromised systems. Use this data to enhance detection rules, block malicious infrastructure, or correlate with existing incident investigations involving data theft. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 68.15
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1136.003 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 112.83
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1596.003 - Digital Certificates
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1152 - Launchctl
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 32.03
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1685 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT38

Score: 45.99
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1675 - ESXi Administration Command
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1491 - Defacement
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Moonstone Sleet

Score: 42.14
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1491 - Defacement
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1057 - Process Discovery
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
MITREへのリンク →

FIN8

Score: 21.22
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Ke3chang

Score: 44.24
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1487 - Disk Structure Wipe
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

FIN7

Score: 55.85
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1578.001 - Create Snapshot
MITREへのリンク →

HAFNIUM

Score: 49.68
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1487 - Disk Structure Wipe
  • T1027.008 - Stripped Payloads
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1552.008 - Chat Messages
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Winter Vivern

Score: 33.23
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1055.013 - Process Doppelgänging
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT19

Score: 16.93
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN10

Score: 3.84
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT32

Score: 57.66
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
MITREへのリンク →

APT39

Score: 30.91
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT37

Score: 25.60
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lazarus Group

Score: 78.30
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1132.001 - Standard Encoding
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Tropic Trooper

Score: 31.94
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Threat Group-3390

Score: 40.79
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1115 - Clipboard Data
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Earth Lusca

Score: 38.13
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 70.57
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
MITREへのリンク →

ZIRCONIUM

Score: 38.53
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1608.006 - SEO Poisoning
  • T1578.001 - Create Snapshot
MITREへのリンク →

Chimera

Score: 39.03
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1491 - Defacement
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
  • T1578.001 - Create Snapshot
MITREへのリンク →

Patchwork

Score: 26.08
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Stealth Falcon

Score: 22.10
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Volt Typhoon

Score: 106.67
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1148 - HISTCONTROL
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1560.003 - Archive via Custom Method
  • T1114 - Email Collection
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1491 - Defacement
  • T1134.002 - Create Process with Token
  • T1164 - Re-opened Applications
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1570 - Lateral Tool Transfer
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 22.37
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Aquatic Panda

Score: 26.62
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
MITREへのリンク →

Gamaredon Group

Score: 69.75
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

GALLIUM

Score: 22.31
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1668 - Exclusive Control
MITREへのリンク →

Wizard Spider

Score: 33.99
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1668 - Exclusive Control
MITREへのリンク →

APT41

Score: 78.03
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1539 - Steal Web Session Cookie
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1578.003 - Delete Cloud Instance
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1668 - Exclusive Control
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

OilRig

Score: 68.49
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

HEXANE

Score: 53.44
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1562 - Impair Defenses
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Windshift

Score: 16.05
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

MuddyWater

Score: 52.86
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Dragonfly

Score: 44.77
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Medusa Group

Score: 44.19
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1036.008 - Masquerade File Type
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Sandworm Team

Score: 92.85
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1686.003 - Windows Host Firewall
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Storm-1811

Score: 14.66
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Sidewinder

Score: 30.73
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT3

Score: 31.82
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.003 - Digital Certificates
  • T1560.003 - Archive via Custom Method
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Ajax Security Team

Score: 4.86
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

APT28

Score: 92.61
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1552.005 - Cloud Instance Metadata API
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1585 - Establish Accounts
  • T1059.012 - Hypervisor CLI
  • T1668 - Exclusive Control
  • T1564.004 - NTFS File Attributes
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 30.63
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

menuPass

Score: 29.93
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT5

Score: 22.15
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.003 - Delete Cloud Instance
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
MITREへのリンク →

Tonto Team

Score: 9.14
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

Group5

Score: 3.53
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
MITREへのリンク →

PLATINUM

Score: 8.86
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN4

Score: 8.37
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT42

Score: 32.85
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
MITREへのリンク →

Sowbug

Score: 7.47
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

FIN13

Score: 48.83
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1053.006 - Systemd Timers
  • T1668 - Exclusive Control
MITREへのリンク →

LAPSUS$

Score: 59.86
Matched TTPs:
  • T1216.001 - PubPrn
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1584.003 - Virtual Private Server
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Akira

Score: 15.91
Matched TTPs:
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Contagious Interview

Score: 69.51
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
MITREへのリンク →

Ember Bear

Score: 46.61
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1487 - Disk Structure Wipe
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Inception

Score: 19.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 6.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 5.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 10.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 5.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 36.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Saint Bear

Score: 23.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1055.013 - Process Doppelgänging
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT33

Score: 18.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 14.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 26.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1560.003 - Archive via Custom Method
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 18.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1583.006 - Web Services
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1578.001 - Create Snapshot
MITREへのリンク →

Fox Kitten

Score: 34.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1491 - Defacement
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1601.001 - Patch System Image
  • T1588.005 - Exploits
MITREへのリンク →

TA2541

Score: 21.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Malteiro

Score: 18.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

Blue Mockingbird

Score: 10.79
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
MITREへのリンク →

Whitefly

Score: 6.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 8.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 36.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1519 - Emond
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

Andariel

Score: 22.01
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA551

Score: 16.95
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
MITREへのリンク →

APT29

Score: 50.74
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Lotus Blossom

Score: 16.01
Matched TTPs:
  • T1099 - Timestomp
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1505 - Server Software Component
MITREへのリンク →

Turla

Score: 68.35
Matched TTPs:
  • T1099 - Timestomp
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1131 - Authentication Package
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustard Tempest

Score: 12.52
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Scattered Spider

Score: 74.22
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1491 - Defacement
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
MITREへのリンク →

Daggerfly

Score: 7.80
Matched TTPs:
  • T1584.008 - Network Devices
  • T1120 - Peripheral Device Discovery
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Agrius

Score: 17.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1487 - Disk Structure Wipe
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
MITREへのリンク →

Silent Librarian

Score: 18.19
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

EXOTIC LILY

Score: 24.86
Matched TTPs:
  • T1114 - Email Collection
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1612 - Build Image on Host
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

Axiom

Score: 24.16
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Indrik Spider

Score: 22.90
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1552.008 - Chat Messages
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

UNC3886

Score: 25.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 19.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 25.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
MITREへのリンク →

FIN6

Score: 29.59
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1584.003 - Virtual Private Server
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1601.001 - Patch System Image
  • T1505 - Server Software Component
MITREへのリンク →

Evilnum

Score: 6.11
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1562 - Impair Defenses
MITREへのリンク →

Storm-0501

Score: 24.79
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

Star Blizzard

Score: 21.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 25.30
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

Cobalt Group

Score: 13.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

admin@338

Score: 10.60
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 30.49
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

WIRTE

Score: 3.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
MITREへのリンク →

Molerats

Score: 6.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1583.006 - Web Services
MITREへのリンク →

RTM

Score: 5.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Confucius

Score: 12.18
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 4.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 6.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Naikon

Score: 4.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

SideCopy

Score: 16.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

LazyScripter

Score: 17.75
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

Silence

Score: 9.59
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
MITREへのリンク →

IndigoZebra

Score: 5.25
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT1

Score: 21.61
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

The White Company

Score: 6.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT-C-36

Score: 4.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

Gallmaker

Score: 3.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

FIN5

Score: 12.07
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
MITREへのリンク →

Poseidon Group

Score: 5.78
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
MITREへのリンク →

Velvet Ant

Score: 12.00
Matched TTPs:
  • T1583.005 - Botnet
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 6.41
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
MITREへのリンク →

Windigo

Score: 10.80
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1584.003 - Virtual Private Server
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

BlackByte

Score: 37.40
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 21.17
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1008 - Fallback Channels
MITREへのリンク →

ToddyCat

Score: 9.37
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
MITREへのリンク →

Cinnamon Tempest

Score: 7.83
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

BackdoorDiplomacy

Score: 8.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1601.001 - Patch System Image
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 15.42
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 17.56
Matched TTPs:
  • T1562 - Impair Defenses
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Winnti Group

Score: 4.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1219.001 - IDE Tunneling
  • T1583.006 - Web Services
MITREへのリンク →

MoustachedBouncer

Score: 6.63
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

Deep Panda

Score: 4.80
Matched TTPs:
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

POLONIUM

Score: 6.68
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Carbanak

Score: 4.67
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1008 - Fallback Channels
  • T1003.007 - Proc Filesystem
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1037 - Boot or Logon Initialization Scripts
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1059.010 - AutoHotKey & AutoIT
  • T1051 - Shared Webroot
  • T1098.007 - Additional Local or Domain Groups
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1683.001 - Written Content
  • T1583.006 - Web Services
  • T1668 - Exclusive Control
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1055.014 - VDSO Hijacking
  • T1552.003 - Shell History
  • T1596.003 - Digital Certificates
  • T1102.003 - One-Way Communication
  • T1087.004 - Cloud Account
  • T1608.005 - Link Target
  • T1584.003 - Virtual Private Server
  • T1183 - Image File Execution Options Injection
  • T1601.001 - Patch System Image
  • T1030 - Data Transfer Size Limits
  • T1583.005 - Botnet
  • T1059.009 - Cloud API
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
  • T1152 - Launchctl
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1059.011 - Lua
  • T1114 - Email Collection
  • T1590.006 - Network Security Appliances
  • T1131 - Authentication Package
  • T1057 - Process Discovery
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1197 - BITS Jobs
  • T1003.003 - NTDS
  • T1690 - Prevent Command History Logging
MITREへのリンク →

Volt Typhoon

Score: 0.66
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1552.008 - Chat Messages
  • T1685.001 - Disable or Modify Windows Event Log
  • T1003.007 - Proc Filesystem
  • T1560.003 - Archive via Custom Method
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1099 - Timestomp
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.002 - DLL Side-Loading
  • T1547.005 - Security Support Provider
  • T1059.010 - AutoHotKey & AutoIT
  • T1148 - HISTCONTROL
  • T1491 - Defacement
  • T1159 - Launch Agent
  • T1583.006 - Web Services
  • T1055.004 - Asynchronous Procedure Call
  • T1562.009 - Safe Mode Boot
  • T1578.001 - Create Snapshot
  • T1686.003 - Windows Host Firewall
  • T1596.003 - Digital Certificates
  • T1102.003 - One-Way Communication
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1059.009 - Cloud API
  • T1070.006 - Timestomp
  • T1065 - Uncommonly Used Port
  • T1199 - Trusted Relationship
  • T1562 - Impair Defenses
  • T1049 - System Network Connections Discovery
  • T1570 - Lateral Tool Transfer
  • T1553.002 - Code Signing
  • T1114 - Email Collection
  • T1557 - Adversary-in-the-Middle
  • T1590.006 - Network Security Appliances
  • T1057 - Process Discovery
  • T1039 - Data from Network Shared Drive
  • T1164 - Re-opened Applications
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1558 - Steal or Forge Kerberos Tickets
  • T1187 - Forced Authentication
  • T1063 - Security Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1075 - Pass the Hash
  • T1562.004 - Disable or Modify System Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1564.008 - Email Hiding Rules
  • T1193 - Spearphishing Attachment
  • T1098.007 - Additional Local or Domain Groups
  • T1055.004 - Asynchronous Procedure Call
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1686.003 - Windows Host Firewall
  • T1598.003 - Spearphishing Link
  • T1596.003 - Digital Certificates
  • T1102.003 - One-Way Communication
  • T1005 - Data from Local System
  • T1087.004 - Cloud Account
  • T1584.003 - Virtual Private Server
  • T1183 - Image File Execution Options Injection
  • T1601.001 - Patch System Image
  • T1583.005 - Botnet
  • T1219.001 - IDE Tunneling
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1049 - System Network Connections Discovery
  • T1059.011 - Lua
  • T1114 - Email Collection
  • T1557 - Adversary-in-the-Middle
  • T1111 - Multi-Factor Authentication Interception
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT28

Score: 0.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1585 - Establish Accounts
  • T1564.004 - NTFS File Attributes
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.004 - Disable or Modify System Firewall
  • T1566.003 - Spearphishing via Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.011 - Plist Modification
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1098.007 - Additional Local or Domain Groups
  • T1583.006 - Web Services
  • T1668 - Exclusive Control
  • T1598.003 - Spearphishing Link
  • T1596.003 - Digital Certificates
  • T1552.005 - Cloud Instance Metadata API
  • T1608.005 - Link Target
  • T1487 - Disk Structure Wipe
  • T1584.003 - Virtual Private Server
  • T1574.007 - Path Interception by PATH Environment Variable
  • T1583.005 - Botnet
  • T1219.001 - IDE Tunneling
  • T1152 - Launchctl
  • T1199 - Trusted Relationship
  • T1491.002 - External Defacement
  • T1542.004 - ROMMONkit
  • T1175 - Component Object Model and Distributed COM
  • T1131 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1057 - Process Discovery
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る