Trusted Design

PureRAT: Attacker Now Using AI to Build Toolset

概要

A Vietnamese threat actor is employing AI to develop code for an ongoing phishing campaign delivering PureRAT malware and other payloads. The attacks begin with phishing emails disguised as job opportunities, potentially targeting work computers. The attacker's use of AI is evidenced by detailed comments and numbered steps in scripts, as well as instructions in debug messages. The attack chain involves malicious archives, sideloaded DLLs, and batch scripts likely authored using AI. The attacker appears to be continually refining their methods and may be selling access to compromised organizations. This case demonstrates how AI can lower the barrier to entry for less skilled attackers, helping them write code and build attack toolkits.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 57.58
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1562.006 - Indicator Blocking
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 70.79
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1683.001 - Written Content
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 27.08
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

LAPSUS$

Score: 39.47
Matched TTPs:
  • T1216.001 - PubPrn
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1601 - Modify System Image
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Contagious Interview

Score: 56.92
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 29.86
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 53.08
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
MITREへのリンク →

Inception

Score: 10.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 8.14
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 6.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Darkhotel

Score: 10.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 6.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT28

Score: 29.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT18

Score: 5.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Leviathan

Score: 25.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sidewinder

Score: 20.76
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

APT39

Score: 16.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Lazarus Group

Score: 38.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1027.016 - Junk Code Insertion
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 12.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
MITREへのリンク →

APT33

Score: 14.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1027.016 - Junk Code Insertion
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 16.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 19.37
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Higaisa

Score: 9.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

APT19

Score: 7.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 22.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1588.005 - Exploits
MITREへのリンク →

Threat Group-3390

Score: 21.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 16.37
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Malteiro

Score: 7.58
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 41.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 27.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1196 - Control Panel Items
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 7.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Tropic Trooper

Score: 18.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
MITREへのリンク →

Mofang

Score: 3.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
MITREへのリンク →

Whitefly

Score: 4.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 11.75
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Moses Staff

Score: 8.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 25.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1560 - Archive Collected Data
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
MITREへのリンク →

Metador

Score: 8.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1203 - Exploitation for Client Execution
  • T1591.004 - Identify Roles
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 31.26
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1009 - Binary Padding
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1591.004 - Identify Roles
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 29.14
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Moonstone Sleet

Score: 24.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 39.42
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1591.004 - Identify Roles
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

TA551

Score: 12.33
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Daggerfly

Score: 4.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 9.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

APT29

Score: 51.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1560 - Archive Collected Data
  • T1027.016 - Junk Code Insertion
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1555.004 - Windows Credential Manager
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 20.90
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Dragonfly

Score: 24.11
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ke3chang

Score: 18.07
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Agrius

Score: 13.10
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

APT5

Score: 10.16
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1591.004 - Identify Roles
MITREへのリンク →

Wizard Spider

Score: 23.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Axiom

Score: 20.19
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 22.86
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1027.016 - Junk Code Insertion
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Indrik Spider

Score: 13.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

UNC3886

Score: 34.30
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1591.004 - Identify Roles
MITREへのリンク →

LuminousMoth

Score: 15.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 14.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 16.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Aoqin Dragon

Score: 5.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 8.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1591.004 - Identify Roles
MITREへのリンク →

Turla

Score: 35.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN7

Score: 33.16
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Scattered Spider

Score: 58.11
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
MITREへのリンク →

Storm-0501

Score: 18.31
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1560 - Archive Collected Data
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN6

Score: 19.89
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1547.008 - LSASS Driver
MITREへのリンク →

BlackTech

Score: 5.26
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 37.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Confucius

Score: 10.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 4.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 5.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN8

Score: 12.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

APT3

Score: 15.64
Matched TTPs:
  • T1543.003 - Windows Service
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1591.004 - Identify Roles
MITREへのリンク →

APT1

Score: 8.00
Matched TTPs:
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

ZIRCONIUM

Score: 18.04
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
MITREへのリンク →

EXOTIC LILY

Score: 9.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 3.01
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Windshift

Score: 10.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 14.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Earth Lusca

Score: 24.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 14.03
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LazyScripter

Score: 13.05
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

APT42

Score: 15.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 16.32
Matched TTPs:
  • T1497.001 - System Checks
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

Silent Librarian

Score: 13.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1027.016 - Junk Code Insertion
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Star Blizzard

Score: 18.83
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 14.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 20.71
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1591.004 - Identify Roles
MITREへのリンク →

Volt Typhoon

Score: 40.82
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

BRONZE BUTLER

Score: 15.51
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Gorgon Group

Score: 5.17
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

APT38

Score: 21.69
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 30.78
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1203 - Exploitation for Client Execution
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Winter Vivern

Score: 14.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BlackByte

Score: 19.84
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
MITREへのリンク →

Cinnamon Tempest

Score: 11.13
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

SideCopy

Score: 12.58
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

BackdoorDiplomacy

Score: 9.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 27.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

ToddyCat

Score: 13.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1203 - Exploitation for Client Execution
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 14.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Akira

Score: 16.76
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Carbanak

Score: 6.71
Matched TTPs:
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Velvet Ant

Score: 9.57
Matched TTPs:
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Chimera

Score: 15.65
Matched TTPs:
  • T1027.016 - Junk Code Insertion
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Leafminer

Score: 11.05
Matched TTPs:
  • T1027.016 - Junk Code Insertion
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

MoustachedBouncer

Score: 4.44
Matched TTPs:
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 6.63
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Aquatic Panda

Score: 11.92
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

Andariel

Score: 12.60
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

admin@338

Score: 3.75
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

Naikon

Score: 3.99
Matched TTPs:
  • T1588.001 - Malware
  • T1506 - Web Session Cookie
MITREへのリンク →

PROMETHIUM

Score: 3.86
Matched TTPs:
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN10

Score: 3.23
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Silence

Score: 5.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
  • T1601.001 - Patch System Image
MITREへのリンク →

PLATINUM

Score: 6.53
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 3.59
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

APT37

Score: 7.25
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1197 - BITS Jobs
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1683.001 - Written Content
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1126 - Network Share Connection Removal
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1608.005 - Link Target
  • T1543.003 - Windows Service
  • T1588.001 - Malware
  • T1219.001 - IDE Tunneling
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1037 - Boot or Logon Initialization Scripts
  • T1102.003 - One-Way Communication
  • T1566.002 - Spearphishing Link
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1030 - Data Transfer Size Limits
  • T1003.003 - NTDS
  • T1601.001 - Patch System Image
MITREへのリンク →

Scattered Spider

Score: 0.57
Matched TTPs:
  • T1197 - BITS Jobs
  • T1027 - Obfuscated Files or Information
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
  • T1019 - System Firmware
  • T1051 - Shared Webroot
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1588.005 - Exploits
  • T1219.001 - IDE Tunneling
  • T1027.002 - Software Packing
  • T1564.003 - Hidden Window
  • T1583.001 - Domains
  • T1045 - Software Packing
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1547.005 - Security Support Provider
  • T1030 - Data Transfer Size Limits
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
  • T1136.001 - Local Account
  • T1562.006 - Indicator Blocking
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
  • T1218.010 - Regsvr32
  • T1608.005 - Link Target
  • T1543.003 - Windows Service
  • T1219.001 - IDE Tunneling
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1037 - Boot or Logon Initialization Scripts
  • T1569.001 - Launchctl
  • T1102.003 - One-Way Communication
  • T1566.002 - Spearphishing Link
  • T1169 - Sudo
MITREへのリンク →

Contagious Interview

Score: 0.56
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
  • T1597 - Search Closed Sources
  • T1606.002 - SAML Tokens
  • T1044 - File System Permissions Weakness
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1126 - Network Share Connection Removal
  • T1221 - Template Injection
  • T1608.005 - Link Target
  • T1219.001 - IDE Tunneling
  • T1547.008 - LSASS Driver
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1102.003 - One-Way Communication
  • T1547.005 - Security Support Provider
  • T1030 - Data Transfer Size Limits
  • T1601.001 - Patch System Image
  • T1491.002 - External Defacement
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る