Trusted Design

Infostealers without borders: macOS, Python stealers, and platform abuse

概要

Infostealer threats are expanding beyond Windows, targeting macOS and leveraging cross-platform languages like Python. Recent campaigns use social engineering to deploy macOS-specific infostealers such as DigitStealer, MacSync, and AMOS. These stealers use fileless execution and native macOS utilities to harvest credentials and sensitive data. Python-based stealers are also on the rise, allowing attackers to quickly adapt and target diverse environments. Additionally, threat actors are abusing trusted platforms like WhatsApp and PDF converter tools to distribute malware such as Eternidade Stealer. These evolving threats blend into legitimate ecosystems and evade conventional defenses, posing significant risks to organizations across various operating systems and delivery channels.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 29.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1110.003 - Password Spraying
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1593.003 - Code Repositories
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 29.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 33.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 23.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1555 - Credentials from Password Stores
  • T1110.003 - Password Spraying
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Fox Kitten

Score: 30.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1110 - Brute Force
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1213.005 - Messaging Applications
MITREへのリンク →

CopyKittens

Score: 6.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1553.002 - Code Signing
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

Volt Typhoon

Score: 72.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1552 - Unsecured Credentials
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1654 - Log Enumeration
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 9.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Mustang Panda

Score: 92.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1003 - OS Credential Dumping
  • T1129 - Shared Modules
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1654 - Log Enumeration
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 20.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1048 - Exfiltration Over Alternative Protocol
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Chimera

Score: 31.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1110.003 - Password Spraying
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Gallmaker

Score: 8.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sea Turtle

Score: 37.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1588.004 - Digital Certificates
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 45.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1547.009 - Shortcut Modification
  • T1553.006 - Code Signing Policy Modification
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 28.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1202 - Indirect Command Execution
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1059.006 - Python
MITREへのリンク →

APT5

Score: 21.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1654 - Log Enumeration
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

Agrius

Score: 21.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1110.003 - Password Spraying
  • T1041 - Exfiltration Over C2 Channel
  • T1110 - Brute Force
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

GALLIUM

Score: 26.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1553.002 - Code Signing
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 71.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1542.003 - Bootkit
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1112 - Modify Registry
  • T1574.006 - Dynamic Linker Hijacking
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
  • T1008 - Fallback Channels
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 46.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1555 - Credentials from Password Stores
  • T1218.003 - CMSTP
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 83.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1584.008 - Network Devices
  • T1542.003 - Bootkit
  • T1025 - Data from Removable Media
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1110.003 - Password Spraying
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1001.001 - Junk Data
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Turla

Score: 68.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1553.006 - Code Signing Policy Modification
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1059.006 - Python
  • T1555.004 - Windows Credential Manager
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sowbug

Score: 9.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

BRONZE BUTLER

Score: 29.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 49.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1014 - Rootkit
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1059.006 - Python
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

Kimsuky

Score: 106.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1185 - Browser Session Hijacking
  • T1112 - Modify Registry
  • T1583.004 - Server
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1564.003 - Hidden Window
  • T1059.006 - Python
  • T1598 - Phishing for Information
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT3

Score: 21.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1041 - Exfiltration Over C2 Channel
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 20.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Ke3chang

Score: 34.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lotus Blossom

Score: 9.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 36.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1087 - Account Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 38.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Magic Hound

Score: 58.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 25.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1574.006 - Dynamic Linker Hijacking
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 19.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Akira

Score: 12.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

ToddyCat

Score: 11.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1564.003 - Hidden Window
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT38

Score: 45.13
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1565.003 - Runtime Data Manipulation
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Moonstone Sleet

Score: 42.07
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 62.76
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

Winter Vivern

Score: 23.17
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1059 - Command and Scripting Interpreter
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 22.86
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN10

Score: 6.08
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT32

Score: 59.67
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT37

Score: 26.49
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1059 - Command and Scripting Interpreter
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Lazarus Group

Score: 106.26
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1588.004 - Digital Certificates
  • T1542.003 - Bootkit
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1110.003 - Password Spraying
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Tropic Trooper

Score: 21.29
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 32.13
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 32.89
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1059.006 - Python
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Patchwork

Score: 24.74
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Stealth Falcon

Score: 14.84
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1555 - Credentials from Password Stores
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1041 - Exfiltration Over C2 Channel
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

LuminousMoth

Score: 26.79
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1553.002 - Code Signing
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 61.06
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1564.003 - Hidden Window
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 60.54
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1555 - Credentials from Password Stores
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

HEXANE

Score: 40.34
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1583.002 - DNS Server
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1555 - Credentials from Password Stores
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1110.003 - Password Spraying
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Windshift

Score: 16.72
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 51.07
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1564.002 - Hidden Users
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1187 - Forced Authentication
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 41.78
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1564.003 - Hidden Window
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sandworm Team

Score: 78.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1583.004 - Server
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-1811

Score: 24.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 29.44
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Ember Bear

Score: 45.76
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1110.003 - Password Spraying
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1552.001 - Credentials In Files
  • T1654 - Log Enumeration
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 20.17
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 65.62
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1204.005 - Malicious Library
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1543.001 - Launch Agent
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Star Blizzard

Score: 17.95
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Poseidon Group

Score: 5.12
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
MITREへのリンク →

Tonto Team

Score: 8.87
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Suckfly

Score: 5.95
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1553.002 - Code Signing
  • T1078 - Valid Accounts
MITREへのリンク →

BlackByte

Score: 34.98
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1614.001 - System Language Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 27.29
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1484.002 - Trust Modification
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
  • T1614.001 - System Language Discovery
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Axiom

Score: 29.84
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Leviathan

Score: 45.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 18.46
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 7.97
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 7.29
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 21.49
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Transparent Tribe

Score: 9.55
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 6.30
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 20.40
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1589.002 - Email Addresses
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

BITTER

Score: 14.72
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 33.54
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Higaisa

Score: 25.02
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1564.003 - Hidden Window
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA2541

Score: 14.87
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Malteiro

Score: 14.84
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555 - Credentials from Password Stores
  • T1657 - Financial Theft
  • T1614.001 - System Language Discovery
MITREへのリンク →

Blue Mockingbird

Score: 14.23
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Mofang

Score: 3.26
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Whitefly

Score: 6.35
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 11.40
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 37.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1610 - Deploy Container
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1048 - Exfiltration Over Alternative Protocol
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 5.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Winnti Group

Score: 7.30
Matched TTPs:
  • T1014 - Rootkit
  • T1553.002 - Code Signing
  • T1083 - File and Directory Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 29.65
Matched TTPs:
  • T1014 - Rootkit
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1574.006 - Dynamic Linker Hijacking
  • T1102 - Web Service
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Daggerfly

Score: 17.32
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 48.69
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1110.003 - Password Spraying
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1027.006 - HTML Smuggling
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Silent Librarian

Score: 17.00
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1110.003 - Password Spraying
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

BlackTech

Score: 10.91
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Salt Typhoon

Score: 14.73
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Aoqin Dragon

Score: 10.95
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 19.20
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 9.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
MITREへのリンク →

WIRTE

Score: 7.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 6.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 5.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 26.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1583.004 - Server
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkHydrus

Score: 9.04
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1187 - Forced Authentication
  • T1564.003 - Hidden Window
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 14.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 17.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PROMETHIUM

Score: 4.49
Matched TTPs:
  • T1204.002 - Malicious File
  • T1553.002 - Code Signing
  • T1189 - Drive-by Compromise
MITREへのリンク →

Rancor

Score: 5.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 7.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
MITREへのリンク →

EXOTIC LILY

Score: 12.70
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 24.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1555 - Credentials from Password Stores
  • T1059 - Command and Scripting Interpreter
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 7.02
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 14.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SideCopy

Score: 18.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 12.00
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Naikon

Score: 3.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Molerats

Score: 9.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

admin@338

Score: 9.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 5.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

IndigoZebra

Score: 5.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 12.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1553.002 - Code Signing
  • T1106 - Native API
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 11.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 69.37
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1082 - System Information Discovery
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
  • T1538 - Cloud Service Dashboard
  • T1105 - Ingress Tool Transfer
  • T1213.005 - Messaging Applications
MITREへのリンク →

Mustard Tempest

Score: 12.04
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Velvet Ant

Score: 17.07
Matched TTPs:
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1083 - File and Directory Discovery
  • T1570 - Lateral Tool Transfer
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

DarkVishnya

Score: 6.41
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
  • T1110 - Brute Force
MITREへのリンク →

Windigo

Score: 9.36
Matched TTPs:
  • T1082 - System Information Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

APT42

Score: 23.16
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
MITREへのリンク →

Cinnamon Tempest

Score: 10.95
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BackdoorDiplomacy

Score: 7.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Leafminer

Score: 13.71
Matched TTPs:
  • T1555 - Credentials from Password Stores
  • T1110.003 - Password Spraying
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1555 - Credentials from Password Stores
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1659 - Content Injection
MITREへのリンク →

LAPSUS$

Score: 47.65
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1593.003 - Code Repositories
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1552.008 - Chat Messages
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

Deep Panda

Score: 8.43
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN5

Score: 7.14
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

POLONIUM

Score: 6.68
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Carbanak

Score: 4.67
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1480.001 - Environmental Keying
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1102.001 - Dead Drop Resolver
  • T1557 - Adversary-in-the-Middle
  • T1016 - System Network Configuration Discovery
  • T1176.001 - Browser Extensions
  • T1583.004 - Server
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1583 - Acquire Infrastructure
  • T1027.010 - Command Obfuscation
  • T1553.002 - Code Signing
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1589.002 - Email Addresses
  • T1564.003 - Hidden Window
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1185 - Browser Session Hijacking
  • T1566 - Phishing
  • T1588.002 - Tool
  • T1598.003 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1218.010 - Regsvr32
  • T1059.006 - Python
  • T1534 - Internal Spearphishing
  • T1564.002 - Hidden Users
  • T1587.001 - Malware
  • T1656 - Impersonation
  • T1082 - System Information Discovery
  • T1560.001 - Archive via Utility
  • T1218.005 - Mshta
  • T1588.005 - Exploits
  • T1027.012 - LNK Icon Smuggling
  • T1552.001 - Credentials In Files
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1591 - Gather Victim Org Information
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
MITREへのリンク →

Lazarus Group

Score: 0.70
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1491.001 - Internal Defacement
  • T1010 - Application Window Discovery
  • T1090.001 - Internal Proxy
  • T1106 - Native API
  • T1529 - System Shutdown/Reboot
  • T1553.002 - Code Signing
  • T1203 - Exploitation for Client Execution
  • T1583.006 - Web Services
  • T1027.013 - Encrypted/Encoded File
  • T1588.004 - Digital Certificates
  • T1218 - System Binary Proxy Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1589.002 - Email Addresses
  • T1566.001 - Spearphishing Attachment
  • T1027.009 - Embedded Payloads
  • T1110.003 - Password Spraying
  • T1204.002 - Malicious File
  • T1584.004 - Server
  • T1124 - System Time Discovery
  • T1202 - Indirect Command Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1588.002 - Tool
  • T1001.003 - Protocol or Service Impersonation
  • T1105 - Ingress Tool Transfer
  • T1033 - System Owner/User Discovery
  • T1070 - Indicator Removal
  • T1547.009 - Shortcut Modification
  • T1542.003 - Bootkit
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1078 - Valid Accounts
  • T1218.005 - Mshta
  • T1566.003 - Spearphishing via Service
  • T1189 - Drive-by Compromise
  • T1591 - Gather Victim Org Information
  • T1036.003 - Rename Legitimate Utilities
  • T1083 - File and Directory Discovery
  • T1027.007 - Dynamic API Resolution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1008 - Fallback Channels
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 0.61
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1557 - Adversary-in-the-Middle
  • T1016 - System Network Configuration Discovery
  • T1518 - Software Discovery
  • T1106 - Native API
  • T1129 - Shared Modules
  • T1654 - Log Enumeration
  • T1553.002 - Code Signing
  • T1203 - Exploitation for Client Execution
  • T1176.002 - IDE Extensions
  • T1583.006 - Web Services
  • T1588.004 - Digital Certificates
  • T1608 - Stage Capabilities
  • T1041 - Exfiltration Over C2 Channel
  • T1566.001 - Spearphishing Attachment
  • T1678 - Delay Execution
  • T1204.002 - Malicious File
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1598.003 - Spearphishing Link
  • T1001.003 - Protocol or Service Impersonation
  • T1105 - Ingress Tool Transfer
  • T1070 - Indicator Removal
  • T1587.001 - Malware
  • T1102 - Web Service
  • T1082 - System Information Discovery
  • T1560.001 - Archive via Utility
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1219.001 - IDE Tunneling
  • T1083 - File and Directory Discovery
  • T1027.007 - Dynamic API Resolution
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る