Trusted Design

Infostealers without borders: macOS, Python stealers, and platform abuse

概要

Infostealer threats are expanding beyond Windows, targeting macOS and leveraging cross-platform languages like Python. Recent campaigns use social engineering to deploy macOS-specific infostealers such as DigitStealer, MacSync, and AMOS. These stealers use fileless execution and native macOS utilities to harvest credentials and sensitive data. Python-based stealers are also on the rise, allowing attackers to quickly adapt and target diverse environments. Additionally, threat actors are abusing trusted platforms like WhatsApp and PDF converter tools to distribute malware such as Eternidade Stealer. These evolving threats blend into legitimate ecosystems and evade conventional defenses, posing significant risks to organizations across various operating systems and delivery channels.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 29.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 29.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 33.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 23.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1562 - Impair Defenses
  • T1027.016 - Junk Code Insertion
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 30.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

CopyKittens

Score: 6.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1103 - AppInit DLLs
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
MITREへのリンク →

Volt Typhoon

Score: 72.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1567 - Exfiltration Over Web Service
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 9.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 92.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1597.002 - Purchase Technical Data
  • T1003 - OS Credential Dumping
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1562.006 - Indicator Blocking
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 20.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1142 - Keychain
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Chimera

Score: 31.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1590.003 - Network Trust Dependencies
  • T1027.016 - Junk Code Insertion
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Gallmaker

Score: 8.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

Sea Turtle

Score: 37.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1596.001 - DNS/Passive DNS
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 45.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1050 - New Service
  • T1021 - Remote Services
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 28.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1558.005 - Ccache Files
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1574.010 - Services File Permissions Weakness
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT5

Score: 21.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

Agrius

Score: 21.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.016 - Junk Code Insertion
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

GALLIUM

Score: 26.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1103 - AppInit DLLs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 71.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1499.001 - OS Exhaustion Flood
  • T1584.008 - Network Devices
  • T1071.004 - DNS
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1059.009 - Cloud API
  • T1552.004 - Private Keys
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1055.015 - ListPlanting
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 46.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1518.002 - Backup Software Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 83.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1685.001 - Disable or Modify Windows Event Log
  • T1071.004 - DNS
  • T1552.005 - Cloud Instance Metadata API
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.016 - Junk Code Insertion
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1564.004 - NTFS File Attributes
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 68.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1021 - Remote Services
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1027.004 - Compile After Delivery
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Sowbug

Score: 9.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1597.002 - Purchase Technical Data
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

BRONZE BUTLER

Score: 29.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 49.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.001 - OS Exhaustion Flood
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1606 - Forge Web Credentials
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1027.004 - Compile After Delivery
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
MITREへのリンク →

Kimsuky

Score: 106.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1602.002 - Network Device Configuration Dump
  • T1059.009 - Cloud API
  • T1557.003 - DHCP Spoofing
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1553.004 - Install Root Certificate
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 21.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 20.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 34.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1102.002 - Bidirectional Communication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 9.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 36.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 38.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 58.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1036.009 - Break Process Trees
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 25.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1552.004 - Private Keys
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 19.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Akira

Score: 12.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 11.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1553.004 - Install Root Certificate
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT38

Score: 45.13
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1675 - ESXi Administration Command
  • T1120 - Peripheral Device Discovery
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Moonstone Sleet

Score: 42.07
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1057 - Process Discovery
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 62.76
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
MITREへのリンク →

Winter Vivern

Score: 23.17
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1055.013 - Process Doppelgänging
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 22.86
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN10

Score: 6.08
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT32

Score: 59.67
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT37

Score: 26.49
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1055.013 - Process Doppelgänging
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lazarus Group

Score: 106.26
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1596.001 - DNS/Passive DNS
  • T1071.004 - DNS
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1558.005 - Ccache Files
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1070.006 - Timestomp
  • T1027.016 - Junk Code Insertion
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Tropic Trooper

Score: 21.29
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 32.13
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 32.89
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Patchwork

Score: 24.74
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Stealth Falcon

Score: 14.84
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1120 - Peripheral Device Discovery
  • T1562 - Impair Defenses
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

LuminousMoth

Score: 26.79
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1103 - AppInit DLLs
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 61.06
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1553.004 - Install Root Certificate
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 60.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1547.013 - XDG Autostart Entries
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

HEXANE

Score: 40.34
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1499.003 - Application Exhaustion Flood
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1562 - Impair Defenses
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1027.016 - Junk Code Insertion
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Windshift

Score: 16.72
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 51.07
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1654 - Log Enumeration
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Medusa Group

Score: 41.78
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1553.004 - Install Root Certificate
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Sandworm Team

Score: 78.66
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1557.003 - DHCP Spoofing
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 24.00
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sidewinder

Score: 29.44
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Ember Bear

Score: 45.76
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1027.016 - Junk Code Insertion
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1051 - Shared Webroot
  • T1102 - Web Service
  • T1097 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 20.17
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Contagious Interview

Score: 65.62
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1016 - System Network Configuration Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Star Blizzard

Score: 17.95
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Poseidon Group

Score: 5.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Tonto Team

Score: 8.87
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Suckfly

Score: 5.95
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1103 - AppInit DLLs
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackByte

Score: 34.98
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1102.002 - Bidirectional Communication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 27.29
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1102.002 - Bidirectional Communication
  • T1090.004 - Domain Fronting
MITREへのリンク →

Axiom

Score: 29.84
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Leviathan

Score: 45.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 18.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 7.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 7.29
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 21.49
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1578.001 - Create Snapshot
MITREへのリンク →

Transparent Tribe

Score: 9.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 6.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 20.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1134.002 - Create Process with Token
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BITTER

Score: 14.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 33.54
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 25.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1553.004 - Install Root Certificate
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

TA2541

Score: 14.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 14.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1562 - Impair Defenses
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Blue Mockingbird

Score: 14.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1001.001 - Junk Data
MITREへのリンク →

Mofang

Score: 3.26
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Whitefly

Score: 6.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 11.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 37.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1071.003 - Mail Protocols
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1142 - Keychain
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 5.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winnti Group

Score: 7.30
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1103 - AppInit DLLs
  • T1219.001 - IDE Tunneling
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 29.65
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1120 - Peripheral Device Discovery
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.004 - Private Keys
  • T1612 - Build Image on Host
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Daggerfly

Score: 17.32
Matched TTPs:
  • T1584.008 - Network Devices
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 48.69
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Silent Librarian

Score: 17.00
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1566.002 - Spearphishing Link
  • T1027.016 - Junk Code Insertion
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackTech

Score: 10.91
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1590.003 - Network Trust Dependencies
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Salt Typhoon

Score: 14.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Aoqin Dragon

Score: 10.95
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Cobalt Group

Score: 19.20
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 9.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

WIRTE

Score: 7.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 6.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 5.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 26.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1557.003 - DHCP Spoofing
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

DarkHydrus

Score: 9.04
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1531 - Account Access Removal
  • T1553.004 - Install Root Certificate
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

TA551

Score: 14.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 17.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PROMETHIUM

Score: 4.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1103 - AppInit DLLs
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Rancor

Score: 5.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 7.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

EXOTIC LILY

Score: 12.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 24.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1562 - Impair Defenses
  • T1055.013 - Process Doppelgänging
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 7.02
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 14.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1553.004 - Install Root Certificate
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 18.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1120 - Peripheral Device Discovery
  • T1590.003 - Network Trust Dependencies
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 12.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Naikon

Score: 3.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Molerats

Score: 9.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

admin@338

Score: 9.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 5.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

IndigoZebra

Score: 5.30
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 12.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1590.003 - Network Trust Dependencies
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 11.56
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 69.37
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1120 - Peripheral Device Discovery
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

Mustard Tempest

Score: 12.04
Matched TTPs:
  • T1115 - Clipboard Data
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Velvet Ant

Score: 17.07
Matched TTPs:
  • T1583.005 - Botnet
  • T1036.009 - Break Process Trees
  • T1219.001 - IDE Tunneling
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 6.41
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
MITREへのリンク →

Windigo

Score: 9.36
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1055.013 - Process Doppelgänging
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

APT42

Score: 23.16
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Cinnamon Tempest

Score: 10.95
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BackdoorDiplomacy

Score: 7.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Leafminer

Score: 13.71
Matched TTPs:
  • T1562 - Impair Defenses
  • T1027.016 - Junk Code Insertion
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1562 - Impair Defenses
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

LAPSUS$

Score: 47.65
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1596.004 - CDNs
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Deep Panda

Score: 8.43
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
  • T1553.004 - Install Root Certificate
MITREへのリンク →

FIN5

Score: 7.14
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

POLONIUM

Score: 6.68
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Carbanak

Score: 4.67
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1027.014 - Polymorphic Code
  • T1120 - Peripheral Device Discovery
  • T1608 - Stage Capabilities
  • T1213.006 - Databases
  • T1218.012 - Verclsid
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1654 - Log Enumeration
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.005 - Botnet
  • T1051 - Shared Webroot
  • T1553.004 - Install Root Certificate
  • T1008 - Fallback Channels
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.011 - Lua
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1547.002 - Authentication Package
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1557.003 - DHCP Spoofing
  • T1602.002 - Network Device Configuration Dump
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1552.003 - Shell History
  • T1606.002 - SAML Tokens
  • T1057 - Process Discovery
  • T1087.004 - Cloud Account
  • T1030 - Data Transfer Size Limits
  • T1003.003 - NTDS
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1103 - AppInit DLLs
  • T1608.005 - Link Target
MITREへのリンク →

Lazarus Group

Score: 0.70
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1546.016 - Installer Packages
  • T1578.001 - Create Snapshot
  • T1218.012 - Verclsid
  • T1070.006 - Timestomp
  • T1059.010 - AutoHotKey & AutoIT
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1087.002 - Domain Account
  • T1596.001 - DNS/Passive DNS
  • T1598.003 - Spearphishing Link
  • T1556 - Modify Authentication Process
  • T1055.005 - Thread Local Storage
  • T1134.002 - Create Process with Token
  • T1071.004 - DNS
  • T1590.003 - Network Trust Dependencies
  • T1070.008 - Clear Mailbox Data
  • T1547.002 - Authentication Package
  • T1050 - New Service
  • T1557 - Adversary-in-the-Middle
  • T1219.001 - IDE Tunneling
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1216 - System Script Proxy Execution
  • T1132.001 - Standard Encoding
  • T1606.001 - Web Cookies
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
  • T1157 - Dylib Hijacking
  • T1057 - Process Discovery
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1677 - Poisoned Pipeline Execution
  • T1027.016 - Junk Code Insertion
  • T1087.004 - Cloud Account
  • T1558.005 - Ccache Files
  • T1547.008 - LSASS Driver
  • T1055.015 - ListPlanting
  • T1491.002 - External Defacement
  • T1103 - AppInit DLLs
  • T1567.002 - Exfiltration to Cloud Storage
  • T1608.005 - Link Target
MITREへのリンク →

Mustang Panda

Score: 0.61
Matched TTPs:
  • T1136.001 - Local Account
  • T1569.001 - Launchctl
  • T1102 - Web Service
  • T1612 - Build Image on Host
  • T1169 - Sudo
  • T1120 - Peripheral Device Discovery
  • T1608 - Stage Capabilities
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1562.006 - Indicator Blocking
  • T1059.011 - Lua
  • T1159 - Launch Agent
  • T1596.001 - DNS/Passive DNS
  • T1598.003 - Spearphishing Link
  • T1556 - Modify Authentication Process
  • T1055.005 - Thread Local Storage
  • T1590.003 - Network Trust Dependencies
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1677 - Poisoned Pipeline Execution
  • T1597.002 - Purchase Technical Data
  • T1003 - OS Credential Dumping
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1566.002 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1567.002 - Exfiltration to Cloud Storage
  • T1608.005 - Link Target
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る