Trusted Design

Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations

概要

Threat actors have been observed exploiting Net Monitor for Employees Professional and SimpleHelp software in ransomware operations. These legitimate tools were used for remote access, command execution, and persistence. The attackers disguised Net Monitor as Microsoft OneDrive and configured SimpleHelp with cryptocurrency-related keyword triggers. In one case, the attack led to an attempted deployment of Crazy ransomware. The intrusions involved initial access through compromised VPN accounts, followed by the installation of these tools for remote control and monitoring. The shared infrastructure and tactics suggest a single threat actor or group behind these activities, with objectives including cryptocurrency theft and ransomware deployment.

Created: 2026-03-14

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 44.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1565.002 - Transmitted Data Manipulation
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sea Turtle

Score: 26.93
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 29.68
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
MITREへのリンク →

Indrik Spider

Score: 20.18
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 14.44
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1134 - Access Token Manipulation
MITREへのリンク →

Contagious Interview

Score: 32.09
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1070.009 - Clear Persistence
MITREへのリンク →

Sandworm Team

Score: 56.29
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1546.008 - Accessibility Features
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 12.67
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Inception

Score: 8.38
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 3.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 7.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

APT28

Score: 33.77
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT18

Score: 10.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Leviathan

Score: 19.82
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 12.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 17.70
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lazarus Group

Score: 23.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1070.006 - Timestomp
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 10.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT33

Score: 6.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 10.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 12.59
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 3.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 3.24
Matched TTPs:
  • T1491.002 - External Defacement
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Fox Kitten

Score: 19.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 33.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

TA2541

Score: 14.49
Matched TTPs:
  • T1491.002 - External Defacement
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 6.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 38.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-1811

Score: 14.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 10.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tropic Trooper

Score: 18.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Whitefly

Score: 3.22
Matched TTPs:
  • T1491.002 - External Defacement
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 21.24
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 8.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 25.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1071.003 - Mail Protocols
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 7.06
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 36.22
Matched TTPs:
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 27.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Moonstone Sleet

Score: 16.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Turla

Score: 45.57
Matched TTPs:
  • T1014 - Rootkit
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 4.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 15.19
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 32.97
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 26.41
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 26.97
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 22.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT41

Score: 32.50
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT5

Score: 14.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1070.009 - Clear Persistence
MITREへのリンク →

Wizard Spider

Score: 32.04
Matched TTPs:
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1155 - AppleScript
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Axiom

Score: 26.74
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 24.31
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 36.47
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedCurl

Score: 15.74
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1542.004 - ROMMONkit
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT1

Score: 10.85
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
MITREへのリンク →

Chimera

Score: 26.72
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1155 - AppleScript
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winter Vivern

Score: 18.31
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 28.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

LuminousMoth

Score: 13.30
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 12.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 17.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 7.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Mustang Panda

Score: 23.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 32.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN6

Score: 17.66
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Scattered Spider

Score: 51.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silent Librarian

Score: 12.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 5.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 11.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Patchwork

Score: 10.96
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 17.64
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 22.37
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Aquatic Panda

Score: 12.48
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Poseidon Group

Score: 5.06
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Earth Lusca

Score: 25.09
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1562.011 - Spoof Security Alerting
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volt Typhoon

Score: 40.31
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

admin@338

Score: 7.05
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1574.014 - AppDomainManager
MITREへのリンク →

LazyScripter

Score: 8.35
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 6.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 31.05
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1134.001 - Token Impersonation/Theft
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 15.21
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1175 - Component Object Model and Distributed COM
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 12.49
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BackdoorDiplomacy

Score: 9.05
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Medusa Group

Score: 35.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-0501

Score: 19.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1155 - AppleScript
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1565.002 - Transmitted Data Manipulation
  • T1055.009 - Proc Memory
MITREへのリンク →

Cinnamon Tempest

Score: 7.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 8.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volatile Cedar

Score: 4.01
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 25.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MuddyWater

Score: 32.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Akira

Score: 21.69
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

DarkVishnya

Score: 4.24
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Carbanak

Score: 7.26
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Cobalt Group

Score: 13.92
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LAPSUS$

Score: 33.30
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Deep Panda

Score: 7.39
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1497.002 - User Activity Based Checks
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tonto Team

Score: 7.58
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 23.92
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT3

Score: 12.31
Matched TTPs:
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 13.34
Matched TTPs:
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

Velvet Ant

Score: 13.60
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lotus Blossom

Score: 9.27
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Confucius

Score: 6.71
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 3.69
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA551

Score: 6.15
Matched TTPs:
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Thrip

Score: 4.58
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Gorgon Group

Score: 4.22
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN10

Score: 6.69
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Silence

Score: 9.17
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN8

Score: 11.01
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Stealth Falcon

Score: 4.42
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

FIN5

Score: 5.20
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1134 - Access Token Manipulation
MITREへのリンク →

POLONIUM

Score: 4.67
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

APT37

Score: 7.70
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 4.77
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
MITREへのリンク →

Naikon

Score: 3.44
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

Evilnum

Score: 5.09
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1566.002 - Spearphishing Link
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1586.002 - Email Accounts
  • T1546.008 - Accessibility Features
  • T1005 - Data from Local System
  • T1187 - Forced Authentication
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1566.004 - Spearphishing Voice
  • T1219.001 - IDE Tunneling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1547.013 - XDG Autostart Entries
  • T1134 - Access Token Manipulation
  • T1091 - Replication Through Removable Media
  • T1157 - Dylib Hijacking
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1218.010 - Regsvr32
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Scattered Spider

Score: 0.64
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1565.002 - Transmitted Data Manipulation
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1134 - Access Token Manipulation
  • T1157 - Dylib Hijacking
  • T1583.001 - Domains
  • T1027 - Obfuscated Files or Information
  • T1498 - Network Denial of Service
  • T1547.005 - Security Support Provider
  • T1564.003 - Hidden Window
  • T1019 - System Firmware
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1027.002 - Software Packing
MITREへのリンク →

Turla

Score: 0.57
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1506 - Web Session Cookie
  • T1552.005 - Cloud Instance Metadata API
  • T1199 - Trusted Relationship
  • T1556.009 - Conditional Access Policies
  • T1176 - Software Extensions
  • T1055.004 - Asynchronous Procedure Call
  • T1136.002 - Domain Account
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1219.001 - IDE Tunneling
  • T1547.013 - XDG Autostart Entries
  • T1134 - Access Token Manipulation
  • T1014 - Rootkit
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Kimsuky

Score: 0.56
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1506 - Web Session Cookie
  • T1566.002 - Spearphishing Link
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1546.008 - Accessibility Features
  • T1555.003 - Credentials from Web Browsers
  • T1547.002 - Authentication Package
  • T1070.009 - Clear Persistence
  • T1219.001 - IDE Tunneling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1218.012 - Verclsid
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1552.003 - Shell History
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る