Trusted Design

Employee Monitoring and SimpleHelp Software Abused in Ransomware Operations

概要

Threat actors have been observed exploiting Net Monitor for Employees Professional and SimpleHelp software in ransomware operations. These legitimate tools were used for remote access, command execution, and persistence. The attackers disguised Net Monitor as Microsoft OneDrive and configured SimpleHelp with cryptocurrency-related keyword triggers. In one case, the attack led to an attempted deployment of Crazy ransomware. The intrusions involved initial access through compromised VPN accounts, followed by the installation of these tools for remote control and monitoring. The shared infrastructure and tactics suggest a single threat actor or group behind these activities, with objectives including cryptocurrency theft and ransomware deployment.

Created: 2026-03-14

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 44.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1589.003 - Employee Names
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sea Turtle

Score: 26.93
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 29.68
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
MITREへのリンク →

Indrik Spider

Score: 20.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 14.44
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
MITREへのリンク →

Contagious Interview

Score: 32.09
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
MITREへのリンク →

Sandworm Team

Score: 56.29
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1589.003 - Employee Names
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 12.67
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Inception

Score: 8.38
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 3.86
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 7.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 3.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT28

Score: 33.77
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

APT18

Score: 10.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

Leviathan

Score: 19.82
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sidewinder

Score: 12.66
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT39

Score: 17.70
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Lazarus Group

Score: 23.83
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1010 - Application Window Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 10.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

APT33

Score: 6.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 10.31
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 12.59
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Higaisa

Score: 3.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT19

Score: 3.24
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Fox Kitten

Score: 19.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 33.56
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

TA2541

Score: 14.49
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Malteiro

Score: 6.02
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Magic Hound

Score: 38.12
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-1811

Score: 14.56
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 10.96
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

Tropic Trooper

Score: 18.60
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Whitefly

Score: 3.22
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 21.24
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 8.55
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 25.00
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1610 - Deploy Container
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 7.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 36.22
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1556.002 - Password Filter DLL
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1555.004 - Windows Credential Manager
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 27.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Moonstone Sleet

Score: 16.16
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 45.57
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Daggerfly

Score: 4.17
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 15.19
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 32.97
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 26.41
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 26.97
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 22.55
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT41

Score: 32.50
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT5

Score: 14.89
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1070.004 - File Deletion
MITREへのリンク →

Wizard Spider

Score: 32.04
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1518.002 - Backup Software Discovery
  • T1021.006 - Windows Remote Management
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Axiom

Score: 26.74
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1563.002 - RDP Hijacking
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 24.31
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 36.47
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RedCurl

Score: 15.74
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1537 - Transfer Data to Cloud Account
  • T1070.004 - File Deletion
MITREへのリンク →

APT1

Score: 10.85
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

Chimera

Score: 26.72
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1021.006 - Windows Remote Management
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Winter Vivern

Score: 18.31
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 28.56
Matched TTPs:
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

LuminousMoth

Score: 13.30
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 12.80
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

Play

Score: 17.86
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 7.97
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Mustang Panda

Score: 23.44
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 32.59
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

FIN6

Score: 17.66
Matched TTPs:
  • T1213.006 - Databases
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 51.79
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1219.002 - Remote Desktop Software
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silent Librarian

Score: 12.42
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1589.003 - Employee Names
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 5.63
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 11.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
MITREへのリンク →

Patchwork

Score: 10.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HAFNIUM

Score: 17.64
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 22.37
Matched TTPs:
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

Aquatic Panda

Score: 12.48
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Poseidon Group

Score: 5.06
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Earth Lusca

Score: 25.09
Matched TTPs:
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027.003 - Steganography
  • T1018 - Remote System Discovery
MITREへのリンク →

Volt Typhoon

Score: 40.31
Matched TTPs:
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

admin@338

Score: 7.05
Matched TTPs:
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1556.002 - Password Filter DLL
MITREへのリンク →

LazyScripter

Score: 8.35
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SideCopy

Score: 6.99
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 31.05
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1134.003 - Make and Impersonate Token
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT42

Score: 15.21
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1583.003 - Virtual Private Server
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Rocke

Score: 12.49
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BackdoorDiplomacy

Score: 9.05
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.86
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 35.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-0501

Score: 19.25
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.006 - Windows Remote Management
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1219.002 - Remote Desktop Software
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Cinnamon Tempest

Score: 7.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ToddyCat

Score: 8.75
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Volatile Cedar

Score: 4.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 25.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

MuddyWater

Score: 32.98
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Akira

Score: 21.69
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

DarkVishnya

Score: 4.24
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Carbanak

Score: 7.26
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Cobalt Group

Score: 13.92
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LAPSUS$

Score: 33.30
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

Deep Panda

Score: 7.39
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1059.001 - PowerShell
  • T1018 - Remote System Discovery
MITREへのリンク →

Tonto Team

Score: 7.58
Matched TTPs:
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 23.92
Matched TTPs:
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT3

Score: 12.31
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 13.34
Matched TTPs:
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Velvet Ant

Score: 13.60
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Lotus Blossom

Score: 9.27
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
MITREへのリンク →

Confucius

Score: 6.71
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 3.69
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1018 - Remote System Discovery
MITREへのリンク →

TA551

Score: 6.15
Matched TTPs:
  • T1218.005 - Mshta
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Thrip

Score: 4.58
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Gorgon Group

Score: 4.22
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN10

Score: 6.69
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Silence

Score: 9.17
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 11.01
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Stealth Falcon

Score: 4.42
Matched TTPs:
  • T1059.001 - PowerShell
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

FIN5

Score: 5.20
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
MITREへのリンク →

POLONIUM

Score: 4.67
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT37

Score: 7.70
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 4.77
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

Naikon

Score: 3.44
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Evilnum

Score: 5.09
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1018 - Remote System Discovery
  • T1588.002 - Tool
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1570 - Lateral Tool Transfer
  • T1589.003 - Employee Names
  • T1608.001 - Upload Malware
  • T1583 - Acquire Infrastructure
  • T1102.002 - Bidirectional Communication
  • T1584.005 - Botnet
  • T1592.002 - Software
  • T1105 - Ingress Tool Transfer
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1219 - Remote Access Tools
  • T1070.004 - File Deletion
  • T1078 - Valid Accounts
  • T1195 - Supply Chain Compromise
  • T1587.001 - Malware
  • T1486 - Data Encrypted for Impact
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Scattered Spider

Score: 0.64
Matched TTPs:
  • T1213.003 - Code Repositories
  • T1538 - Cloud Service Dashboard
  • T1018 - Remote System Discovery
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1070.008 - Clear Mailbox Data
  • T1059.001 - PowerShell
  • T1598.004 - Spearphishing Voice
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1598.003 - Spearphishing Link
  • T1219.002 - Remote Desktop Software
  • T1588.001 - Malware
  • T1136 - Create Account
  • T1589 - Gather Victim Identity Information
  • T1078 - Valid Accounts
  • T1204 - User Execution
  • T1486 - Data Encrypted for Impact
  • T1562.001 - Disable or Modify Tools
  • T1657 - Financial Theft
MITREへのリンク →

Turla

Score: 0.57
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1518.001 - Security Software Discovery
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1059.001 - PowerShell
  • T1570 - Lateral Tool Transfer
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1213.006 - Databases
  • T1025 - Data from Removable Media
  • T1588.001 - Malware
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1049 - System Network Connections Discovery
  • T1546.013 - PowerShell Profile
MITREへのリンク →

Kimsuky

Score: 0.56
Matched TTPs:
  • T1588.002 - Tool
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1518.001 - Security Software Discovery
  • T1007 - System Service Discovery
  • T1059.001 - PowerShell
  • T1218.005 - Mshta
  • T1589.003 - Employee Names
  • T1608.001 - Upload Malware
  • T1534 - Internal Spearphishing
  • T1656 - Impersonation
  • T1583 - Acquire Infrastructure
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1190 - Exploit Public-Facing Application
  • T1598.003 - Spearphishing Link
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1657 - Financial Theft
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る