Trusted Design

Infrastructure of Interest: Medium Confidence FastFlux

概要

These indicators of compromise (IOCs) were identified through LevelBlue Labs' proprietary collection and threat hunting processes, leveraging AI-driven heuristics to detect anomalous DNS patterns, behavioral analysis of rapid IP rotation, and cross-referenced intelligence from global sinkhole data and network telemetry. The IOCs included in this pulse are associated with Fastflux networks, characterized by constantly changing IP addresses and DNS records to evade detection while maintaining resilient malicious infrastructure for phishing, malware delivery, or C2 operations. Use this data to enhance DNS-based detection rules, identify flux parent domains, and disrupt threat actor network resilience. These indicators have been assigned a medium confidence level regarding their maliciousness. They are therefore subject to further review, and feedback is greatly appreciated.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 37.72
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 74.12
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1596 - Search Open Technical Databases
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1593.002 - Search Engines
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 33.64
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1583.003 - Virtual Private Server
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 42.66
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 20.06
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1590 - Gather Victim Network Information
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 13.39
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1041 - Exfiltration Over C2 Channel
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 42.36
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
MITREへのリンク →

Sandworm Team

Score: 71.41
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1590.001 - Domain Properties
MITREへのリンク →

Star Blizzard

Score: 18.36
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1593 - Search Open Websites/Domains
MITREへのリンク →

Volt Typhoon

Score: 66.54
Matched TTPs:
  • T1592 - Gather Victim Host Information
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1590.004 - Network Topology
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1590.006 - Network Security Appliances
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1590 - Gather Victim Network Information
  • T1593 - Search Open Websites/Domains
  • T1090.003 - Multi-hop Proxy
  • T1614 - System Location Discovery
  • T1584.004 - Server
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

Inception

Score: 12.87
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dark Caracal

Score: 4.66
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 5.73
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 14.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 13.56
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT28

Score: 52.62
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1557.004 - Evil Twin
  • T1595.002 - Vulnerability Scanning
  • T1596 - Search Open Technical Databases
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
MITREへのリンク →

APT18

Score: 5.64
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1083 - File and Directory Discovery
MITREへのリンク →

Leviathan

Score: 28.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1585.002 - Email Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Sidewinder

Score: 13.43
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT39

Score: 20.55
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1090.001 - Internal Proxy
MITREへのリンク →

Lazarus Group

Score: 40.02
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1090.001 - Internal Proxy
MITREへのリンク →

Saint Bear

Score: 17.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

APT33

Score: 7.00
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BITTER

Score: 10.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 18.23
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1568.001 - Fast Flux DNS
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Higaisa

Score: 10.33
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT19

Score: 7.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 17.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1110 - Brute Force
MITREへのリンク →

Threat Group-3390

Score: 28.23
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 22.50
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1016.001 - Internet Connection Discovery
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Malteiro

Score: 4.37
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Magic Hound

Score: 53.67
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1016.002 - Wi-Fi Discovery
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
MITREへのリンク →

Storm-1811

Score: 8.49
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1583.001 - Domains
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
MITREへのリンク →

Blue Mockingbird

Score: 11.08
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tropic Trooper

Score: 13.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

menuPass

Score: 21.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1568.001 - Fast Flux DNS
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
MITREへのリンク →

Moses Staff

Score: 8.97
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

TeamTNT

Score: 26.97
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Metador

Score: 4.05
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 34.20
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

APT32

Score: 35.34
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Moonstone Sleet

Score: 21.66
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Andariel

Score: 16.02
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HAFNIUM

Score: 33.74
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1590 - Gather Victim Network Information
MITREへのリンク →

APT41

Score: 58.91
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA551

Score: 9.87
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1566.001 - Spearphishing Attachment
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
MITREへのリンク →

HEXANE

Score: 29.57
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT29

Score: 47.33
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1568 - Dynamic Resolution
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1665 - Hide Infrastructure
MITREへのリンク →

Gamaredon Group

Score: 47.17
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1568.001 - Fast Flux DNS
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1568 - Dynamic Resolution
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Lotus Blossom

Score: 18.60
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1090.003 - Multi-hop Proxy
  • T1134 - Access Token Manipulation
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 23.11
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Turla

Score: 51.65
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1584.003 - Virtual Private Server
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN8

Score: 12.21
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

ZIRCONIUM

Score: 22.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1090.003 - Multi-hop Proxy
  • T1102.002 - Bidirectional Communication
  • T1665 - Hide Infrastructure
MITREへのリンク →

Daggerfly

Score: 7.19
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

GALLIUM

Score: 11.99
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Dragonfly

Score: 42.83
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1071.002 - File Transfer Protocols
  • T1210 - Exploitation of Remote Services
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Ke3chang

Score: 19.23
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

APT5

Score: 10.94
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Wizard Spider

Score: 25.63
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Axiom

Score: 18.00
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Chimera

Score: 9.22
Matched TTPs:
  • T1071.004 - DNS
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

LazyScripter

Score: 16.45
Matched TTPs:
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

Cobalt Group

Score: 11.15
Matched TTPs:
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1218.003 - CMSTP
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

FIN7

Score: 35.87
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

UNC3886

Score: 20.12
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 18.51
Matched TTPs:
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Salt Typhoon

Score: 17.32
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Play

Score: 10.03
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Aoqin Dragon

Score: 4.89
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 6.79
Matched TTPs:
  • T1587.001 - Malware
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
MITREへのリンク →

Scattered Spider

Score: 43.70
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

Storm-0501

Score: 16.21
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1021.007 - Cloud Services
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

FIN6

Score: 12.66
Matched TTPs:
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1134 - Access Token Manipulation
MITREへのリンク →

Silent Librarian

Score: 12.63
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
MITREへのリンク →

CURIUM

Score: 20.05
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Patchwork

Score: 14.91
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

admin@338

Score: 6.87
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 4.54
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 10.51
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 34.01
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 13.19
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RTM

Score: 5.92
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Winter Vivern

Score: 17.64
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 9.99
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 3.84
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gorgon Group

Score: 4.50
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Naikon

Score: 4.24
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

SideCopy

Score: 12.69
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1614 - System Location Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

FIN4

Score: 3.62
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1090.003 - Multi-hop Proxy
MITREへのリンク →

Tonto Team

Score: 7.86
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 6.53
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Silence

Score: 5.45
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
MITREへのリンク →

IndigoZebra

Score: 4.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1583.006 - Web Services
MITREへのリンク →

APT1

Score: 10.34
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT38

Score: 22.26
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Mustard Tempest

Score: 6.77
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

Velvet Ant

Score: 13.13
Matched TTPs:
  • T1040 - Network Sniffing
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
MITREへのリンク →

DarkVishnya

Score: 5.56
Matched TTPs:
  • T1040 - Network Sniffing
  • T1110 - Brute Force
MITREへのリンク →

Earth Lusca

Score: 32.71
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

BlackByte

Score: 19.62
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT42

Score: 19.06
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Rocke

Score: 16.94
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

BackdoorDiplomacy

Score: 5.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Medusa Group

Score: 25.62
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Cinnamon Tempest

Score: 3.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
MITREへのリンク →

ToddyCat

Score: 8.74
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 7.34
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

RedEcho

Score: 4.80
Matched TTPs:
  • T1583.001 - Domains
  • T1568 - Dynamic Resolution
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

LAPSUS$

Score: 35.89
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

Carbanak

Score: 4.74
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Aquatic Panda

Score: 10.58
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

FIN5

Score: 5.27
Matched TTPs:
  • T1090.002 - External Proxy
  • T1110 - Brute Force
MITREへのリンク →

APT3

Score: 14.00
Matched TTPs:
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Stealth Falcon

Score: 7.06
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1546.008 - Accessibility Features
MITREへのリンク →

Windigo

Score: 5.41
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

POLONIUM

Score: 6.75
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Leafminer

Score: 3.06
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1534 - Internal Spearphishing
  • T1016 - System Network Configuration Discovery
  • T1112 - Modify Registry
  • T1040 - Network Sniffing
  • T1583.001 - Domains
  • T1593.002 - Search Engines
  • T1566.001 - Spearphishing Attachment
  • T1589.002 - Email Addresses
  • T1587.001 - Malware
  • T1656 - Impersonation
  • T1218.005 - Mshta
  • T1608.001 - Upload Malware
  • T1596 - Search Open Technical Databases
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1583 - Acquire Infrastructure
  • T1518.001 - Security Software Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1557 - Adversary-in-the-Middle
  • T1071.002 - File Transfer Protocols
  • T1588.005 - Exploits
  • T1593 - Search Open Websites/Domains
  • T1102.001 - Dead Drop Resolver
  • T1190 - Exploit Public-Facing Application
  • T1585.002 - Email Accounts
  • T1598.003 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1083 - File and Directory Discovery
MITREへのリンク →

Sandworm Team

Score: 0.67
Matched TTPs:
  • T1592.002 - Software
  • T1090 - Proxy
  • T1499 - Endpoint Denial of Service
  • T1040 - Network Sniffing
  • T1583.001 - Domains
  • T1486 - Data Encrypted for Impact
  • T1584.005 - Botnet
  • T1566.001 - Spearphishing Attachment
  • T1589.002 - Email Addresses
  • T1590.001 - Domain Properties
  • T1083 - File and Directory Discovery
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1041 - Exfiltration Over C2 Channel
  • T1213.006 - Databases
  • T1583 - Acquire Infrastructure
  • T1595.002 - Vulnerability Scanning
  • T1195 - Supply Chain Compromise
  • T1584.004 - Server
  • T1593 - Search Open Websites/Domains
  • T1190 - Exploit Public-Facing Application
  • T1585.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1598.003 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1591.002 - Business Relationships
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Volt Typhoon

Score: 0.63
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1584.003 - Virtual Private Server
  • T1090 - Proxy
  • T1016 - System Network Configuration Discovery
  • T1112 - Modify Registry
  • T1590.004 - Network Topology
  • T1584.005 - Botnet
  • T1589.002 - Email Addresses
  • T1592 - Gather Victim Host Information
  • T1590 - Gather Victim Network Information
  • T1614 - System Location Discovery
  • T1016.001 - Internet Connection Discovery
  • T1090.003 - Multi-hop Proxy
  • T1090.001 - Internal Proxy
  • T1596.005 - Scan Databases
  • T1584.004 - Server
  • T1593 - Search Open Websites/Domains
  • T1584.008 - Network Devices
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
MITREへのリンク →

APT41

Score: 0.56
Matched TTPs:
  • T1090 - Proxy
  • T1546.008 - Accessibility Features
  • T1016 - System Network Configuration Discovery
  • T1112 - Modify Registry
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1566.001 - Spearphishing Attachment
  • T1656 - Impersonation
  • T1568.002 - Domain Generation Algorithms
  • T1480.001 - Environmental Keying
  • T1595.003 - Wordlist Scanning
  • T1595.002 - Vulnerability Scanning
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1596.005 - Scan Databases
  • T1071.002 - File Transfer Protocols
  • T1102.001 - Dead Drop Resolver
  • T1190 - Exploit Public-Facing Application
  • T1213.003 - Code Repositories
  • T1049 - System Network Connections Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る