Trusted Design

Infrastructure of Interest: Medium Confidence FastFlux

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous DNS patterns, behavioral analysis of rapid IP rotation, and cross-referenced intelligence from global sinkhole data and network telemetry. The IOCs included in this pulse are associated with Fastflux networks, characterized by constantly changing IP addresses and DNS records to evade detection while maintaining resilient malicious infrastructure for phishing, malware delivery, or C2 operations. Use this data to enhance DNS-based detection rules, identify flux parent domains, and disrupt threat actor network resilience. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 37.72
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 74.12
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1152 - Launchctl
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 33.64
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1175 - Component Object Model and Distributed COM
  • T1218.010 - Regsvr32
  • T1685 - Disable or Modify Tools
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 42.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 20.06
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1552.008 - Chat Messages
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 13.39
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
MITREへのリンク →

Contagious Interview

Score: 42.36
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Sandworm Team

Score: 71.41
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Star Blizzard

Score: 18.36
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1102.003 - One-Way Communication
MITREへのリンク →

Volt Typhoon

Score: 66.54
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1553.002 - Code Signing
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1164 - Re-opened Applications
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1056.002 - GUI Input Capture
  • T1584.002 - DNS Server
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

Inception

Score: 12.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 4.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 5.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 14.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 13.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 52.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1139 - Bash History
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
MITREへのリンク →

APT18

Score: 5.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Leviathan

Score: 28.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Sidewinder

Score: 13.43
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

APT39

Score: 20.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1569.002 - Service Execution
MITREへのリンク →

Lazarus Group

Score: 40.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
MITREへのリンク →

Saint Bear

Score: 17.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT33

Score: 7.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 10.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 18.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Higaisa

Score: 10.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 7.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 17.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
MITREへのリンク →

Threat Group-3390

Score: 28.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 22.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Malteiro

Score: 4.37
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 53.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1021.008 - Direct Cloud VM Connections
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Storm-1811

Score: 8.49
Matched TTPs:
  • T1491.002 - External Defacement
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Blue Mockingbird

Score: 11.08
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 13.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

menuPass

Score: 21.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
MITREへのリンク →

Moses Staff

Score: 8.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 26.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1519 - Emond
MITREへのリンク →

Metador

Score: 4.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 34.20
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

APT32

Score: 35.34
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 21.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Andariel

Score: 16.02
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HAFNIUM

Score: 33.74
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1059 - Command and Scripting Interpreter
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
MITREへのリンク →

APT41

Score: 58.91
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

TA551

Score: 9.87
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
MITREへのリンク →

HEXANE

Score: 29.57
Matched TTPs:
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
MITREへのリンク →

APT29

Score: 47.33
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1036.002 - Right-to-Left Override
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Gamaredon Group

Score: 47.17
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1036.002 - Right-to-Left Override
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

Lotus Blossom

Score: 18.60
Matched TTPs:
  • T1099 - Timestomp
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1056.002 - GUI Input Capture
  • T1505 - Server Software Component
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 23.11
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 51.65
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1176 - Software Extensions
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 12.21
Matched TTPs:
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

ZIRCONIUM

Score: 22.33
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Daggerfly

Score: 7.19
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

GALLIUM

Score: 11.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

Dragonfly

Score: 42.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Ke3chang

Score: 19.23
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

APT5

Score: 10.94
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Wizard Spider

Score: 25.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Axiom

Score: 18.00
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Chimera

Score: 9.22
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
MITREへのリンク →

LazyScripter

Score: 16.45
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
MITREへのリンク →

Cobalt Group

Score: 11.15
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN7

Score: 35.87
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
MITREへのリンク →

UNC3886

Score: 20.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 18.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
MITREへのリンク →

Salt Typhoon

Score: 17.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 10.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Aoqin Dragon

Score: 4.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 6.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
MITREへのリンク →

Scattered Spider

Score: 43.70
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 16.21
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN6

Score: 12.66
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1505 - Server Software Component
MITREへのリンク →

Silent Librarian

Score: 12.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
MITREへのリンク →

CURIUM

Score: 20.05
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 14.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

admin@338

Score: 6.87
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 4.54
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 10.51
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 34.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

EXOTIC LILY

Score: 13.19
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
MITREへのリンク →

RTM

Score: 5.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 17.64
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 9.99
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 3.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 4.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
MITREへのリンク →

Naikon

Score: 4.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 12.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1584.002 - DNS Server
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN4

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Tonto Team

Score: 7.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 6.53
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 5.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1547.011 - Plist Modification
MITREへのリンク →

IndigoZebra

Score: 4.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

APT1

Score: 10.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

APT38

Score: 22.26
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

Mustard Tempest

Score: 6.77
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Velvet Ant

Score: 13.13
Matched TTPs:
  • T1583.005 - Botnet
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 5.56
Matched TTPs:
  • T1583.005 - Botnet
  • T1097 - Pass the Ticket
MITREへのリンク →

Earth Lusca

Score: 32.71
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

BlackByte

Score: 19.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

APT42

Score: 19.06
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 16.94
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 5.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Medusa Group

Score: 25.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

Cinnamon Tempest

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
MITREへのリンク →

ToddyCat

Score: 8.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1506 - Web Session Cookie
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 7.34
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

RedEcho

Score: 4.80
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

LAPSUS$

Score: 35.89
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 4.74
Matched TTPs:
  • T1009 - Binary Padding
  • T1547.002 - Authentication Package
MITREへのリンク →

Aquatic Panda

Score: 10.58
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN5

Score: 5.27
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1097 - Pass the Ticket
MITREへのリンク →

APT3

Score: 14.00
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Stealth Falcon

Score: 7.06
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

Windigo

Score: 5.41
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 6.75
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Leafminer

Score: 3.06
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1003.003 - NTDS
  • T1683.001 - Written Content
  • T1183 - Image File Execution Options Injection
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1583.005 - Botnet
  • T1102.003 - One-Way Communication
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1030 - Data Transfer Size Limits
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1008 - Fallback Channels
  • T1134.002 - Create Process with Token
  • T1506 - Web Session Cookie
  • T1055.014 - VDSO Hijacking
  • T1566.002 - Spearphishing Link
  • T1037 - Boot or Logon Initialization Scripts
  • T1041 - Exfiltration Over C2 Channel
  • T1087.004 - Cloud Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.002 - SAML Tokens
  • T1218.012 - Verclsid
  • T1033 - System Owner/User Discovery
  • T1152 - Launchctl
MITREへのリンク →

Sandworm Team

Score: 0.67
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1183 - Image File Execution Options Injection
  • T1187 - Forced Authentication
  • T1193 - Spearphishing Attachment
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1583.005 - Botnet
  • T1102.003 - One-Way Communication
  • T1005 - Data from Local System
  • T1045 - Software Packing
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1075 - Pass the Hash
  • T1134.002 - Create Process with Token
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1562.004 - Disable or Modify System Firewall
  • T1218.010 - Regsvr32
  • T1566.002 - Spearphishing Link
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.002 - SAML Tokens
  • T1033 - System Owner/User Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1063 - Security Software Discovery
MITREへのリンク →

Volt Typhoon

Score: 0.63
Matched TTPs:
  • T1176 - Software Extensions
  • T1569.002 - Service Execution
  • T1099 - Timestomp
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1102.003 - One-Way Communication
  • T1584.002 - DNS Server
  • T1045 - Software Packing
  • T1552.008 - Chat Messages
  • T1219.001 - IDE Tunneling
  • T1148 - HISTCONTROL
  • T1553.002 - Code Signing
  • T1134.002 - Create Process with Token
  • T1546.016 - Installer Packages
  • T1049 - System Network Connections Discovery
  • T1056.002 - GUI Input Capture
  • T1164 - Re-opened Applications
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.002 - DLL Side-Loading
  • T1685.001 - Disable or Modify Windows Event Log
  • T1055.004 - Asynchronous Procedure Call
  • T1547.005 - Security Support Provider
MITREへのリンク →

APT41

Score: 0.56
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1584.008 - Network Devices
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1598.003 - Spearphishing Link
  • T1045 - Software Packing
  • T1030 - Data Transfer Size Limits
  • T1219.001 - IDE Tunneling
  • T1008 - Fallback Channels
  • T1539 - Steal Web Session Cookie
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1218.010 - Regsvr32
  • T1037.001 - Logon Script (Windows)
  • T1177 - LSASS Driver
  • T1564.003 - Hidden Window
  • T1041 - Exfiltration Over C2 Channel
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.002 - DLL Side-Loading
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る