Pulse Detail-

APT3

Score: 43.71

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1089 - Disabling Security Tools
T1032 - Standard Cryptographic Protocol
T1562.012 - Disable or Modify Linux Audit System
T1546.005 - Trap
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1051 - Shared Webroot
T1583.006 - Web Services
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1059.011 - Lua
T1218.010 - Regsvr32
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Cobalt Group

Score: 50.75

Matched TTPs:

T1053.005 - Scheduled Task
T1568.002 - Domain Generation Algorithms
T1206 - Sudo Caching
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1586.002 - Email Accounts
T1684 - Social Engineering
T1518.002 - Backup Software Discovery
T1598.004 - Spearphishing Voice
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1052 - Exfiltration Over Physical Medium

MITREへのリンク →

Silence

Score: 34.11

Matched TTPs:

T1053.005 - Scheduled Task
T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1590.003 - Network Trust Dependencies
T1684 - Social Engineering
T1059.009 - Cloud API
T1546.005 - Trap
T1547.011 - Plist Modification
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1157 - Dylib Hijacking
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Chimera

Score: 55.67

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1587.003 - Digital Certificates
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1590.003 - Network Trust Dependencies
T1032 - Standard Cryptographic Protocol
T1155 - AppleScript
T1583.006 - Web Services
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1592.003 - Firmware
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1059.003 - Windows Command Shell
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Patchwork

Score: 42.23

Matched TTPs:

T1053.005 - Scheduled Task
T1557 - Adversary-in-the-Middle
T1568.002 - Domain Generation Algorithms
T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1001.003 - Protocol or Service Impersonation
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1008 - Fallback Channels

MITREへのリンク →

Daggerfly

Score: 20.47

Matched TTPs:

T1053.005 - Scheduled Task
T1583 - Acquire Infrastructure
T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1497.002 - User Activity Based Checks
T1573 - Encrypted Channel
T1174 - Password Filter DLL
T1570 - Lateral Tool Transfer
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN7

Score: 85.82

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1606.002 - SAML Tokens
T1206 - Sudo Caching
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1058 - Service Registry Permissions Weakness
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1205 - Traffic Signaling
T1009 - Binary Padding
T1011.001 - Exfiltration Over Bluetooth
T1055.013 - Process Doppelgänging
T1218.012 - Verclsid
T1584.005 - Botnet
T1608.005 - Link Target
T1583.006 - Web Services
T1564.002 - Hidden Users
T1057 - Process Discovery
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

TA2541

Score: 25.85

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1136.002 - Domain Account
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

GALLIUM

Score: 35.58

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1557.003 - DHCP Spoofing
T1546.005 - Trap
T1547.011 - Plist Modification
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1059.011 - Lua
T1174 - Password Filter DLL
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Sandworm Team

Score: 100.62

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1564.008 - Email Hiding Rules
T1109 - Component Firmware
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1063 - Security Software Discovery
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1032 - Standard Cryptographic Protocol
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1557.003 - DHCP Spoofing
T1546.005 - Trap
T1134.002 - Create Process with Token
T1045 - Software Packing
T1049 - System Network Connections Discovery
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1059.011 - Lua
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1166 - Setuid and Setgid
T1075 - Pass the Hash
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BlackByte

Score: 70.02

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1176.001 - Browser Extensions
T1059.010 - AutoHotKey & AutoIT
T1070.003 - Clear Command History
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1175 - Component Object Model and Distributed COM
T1606.001 - Web Cookies
T1134.001 - Token Impersonation/Theft
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice
T1102.002 - Bidirectional Communication
T1570 - Lateral Tool Transfer
T1166 - Setuid and Setgid
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

HEXANE

Score: 40.04

Matched TTPs:

T1053.005 - Scheduled Task
T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1499.003 - Application Exhaustion Flood
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1562 - Impair Defenses
T1070.006 - Timestomp
T1562.012 - Disable or Modify Linux Audit System
T1134.002 - Create Process with Token
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Mustang Panda

Score: 90.97

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1058 - Service Registry Permissions Weakness
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1136.001 - Local Account
T1055.013 - Process Doppelgänging
T1562.006 - Indicator Blocking
T1677 - Poisoned Pipeline Execution
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608 - Stage Capabilities
T1608.005 - Link Target
T1583.006 - Web Services
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1169 - Sudo
T1199 - Trusted Relationship
T1059.011 - Lua
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1591.004 - Identify Roles
T1565.002 - Transmitted Data Manipulation
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

Magic Hound

Score: 79.79

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1587.003 - Digital Certificates
T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1070.003 - Clear Command History
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1134.002 - Create Process with Token
T1045 - Software Packing
T1608.005 - Link Target
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1683 - Generate Content
T1187 - Forced Authentication
T1592.003 - Firmware
T1547.002 - Authentication Package
T1566.004 - Spearphishing Voice
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1547.008 - LSASS Driver

MITREへのリンク →

FIN13

Score: 55.87

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1596.003 - Digital Certificates
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1155 - AppleScript
T1546.005 - Trap
T1144 - Gatekeeper Bypass
T1051 - Shared Webroot
T1552.003 - Shell History
T1134.001 - Token Impersonation/Theft
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1686.001 - Cloud Firewall
T1569.002 - Service Execution

MITREへのリンク →

ToddyCat

Score: 22.37

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1590.003 - Network Trust Dependencies
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1009 - Binary Padding
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1166 - Setuid and Setgid
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 28.92

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1583 - Acquire Infrastructure
T1176.001 - Browser Extensions
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1546.005 - Trap
T1045 - Software Packing
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1591.004 - Identify Roles
T1505 - Server Software Component
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Molerats

Score: 16.94

Matched TTPs:

T1053.005 - Scheduled Task
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1685.002 - Disable or Modify Cloud Log
T1059.010 - AutoHotKey & AutoIT
T1562.012 - Disable or Modify Linux Audit System
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Storm-0501

Score: 40.45

Matched TTPs:

T1053.005 - Scheduled Task
T1583 - Acquire Infrastructure
T1597.002 - Purchase Technical Data
T1685.004 - Disable or Modify Linux Audit System Log
T1140 - Deobfuscate/Decode Files or Information
T1560 - Archive Collected Data
T1535 - Unused/Unsupported Cloud Regions
T1155 - AppleScript
T1552.003 - Shell History
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1027 - Obfuscated Files or Information
T1027.014 - Polymorphic Code
T1102.002 - Bidirectional Communication
T1506 - Web Session Cookie
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

APT29

Score: 76.15

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1568.002 - Domain Generation Algorithms
T1584.008 - Network Devices
T1178 - SID-History Injection
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1202 - Indirect Command Execution
T1140 - Deobfuscate/Decode Files or Information
T1560 - Archive Collected Data
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1568 - Dynamic Resolution
T1138 - Application Shimming
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1683 - Generate Content
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery
T1223 - Compiled HTML File
T1070.009 - Clear Persistence
T1555.004 - Windows Credential Manager
T1547.013 - XDG Autostart Entries
T1608.006 - SEO Poisoning
T1547.008 - LSASS Driver

MITREへのリンク →

APT39

Score: 75.20

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1597.002 - Purchase Technical Data
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1499.002 - Service Exhaustion Flood
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1050 - New Service
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1547.011 - Plist Modification
T1055.013 - Process Doppelgänging
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1599 - Network Boundary Bridging
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1001.003 - Protocol or Service Impersonation
T1027.004 - Compile After Delivery
T1564.007 - VBA Stomping
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

FIN8

Score: 39.20

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1546.005 - Trap
T1027.017 - SVG Smuggling
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

Wizard Spider

Score: 76.09

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1584.008 - Network Devices
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1684 - Social Engineering
T1038 - DLL Search Order Hijacking
T1032 - Standard Cryptographic Protocol
T1589 - Gather Victim Identity Information
T1059.009 - Cloud API
T1155 - AppleScript
T1546.005 - Trap
T1003.001 - LSASS Memory
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1566.004 - Spearphishing Voice
T1166 - Setuid and Setgid
T1001.003 - Protocol or Service Impersonation
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1556.009 - Conditional Access Policies
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process

MITREへのリンク →

Higaisa

Score: 29.12

Matched TTPs:

T1053.005 - Scheduled Task
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1583.006 - Web Services
T1087.004 - Cloud Account
T1679 - Selective Exclusion
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1052 - Exfiltration Over Physical Medium
T1569.002 - Service Execution

MITREへのリンク →

APT41

Score: 91.52

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1584.008 - Network Devices
T1176.001 - Browser Extensions
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1546.005 - Trap
T1177 - LSASS Driver
T1045 - Software Packing
T1497.002 - User Activity Based Checks
T1041 - Exfiltration Over C2 Channel
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1157 - Dylib Hijacking
T1059.011 - Lua
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1002 - Data Compressed
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1001.003 - Protocol or Service Impersonation
T1030 - Data Transfer Size Limits
T1564.003 - Hidden Window
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1037.001 - Logon Script (Windows)
T1008 - Fallback Channels

MITREへのリンク →

Rancor

Score: 10.49

Matched TTPs:

T1053.005 - Scheduled Task
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1685.002 - Disable or Modify Cloud Log
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Earth Lusca

Score: 58.21

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1568.002 - Domain Generation Algorithms
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1557.003 - DHCP Spoofing
T1546.005 - Trap
T1045 - Software Packing
T1136.002 - Domain Account
T1218.012 - Verclsid
T1608.005 - Link Target
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1218.001 - Compiled HTML File
T1059.011 - Lua
T1562.011 - Spoof Security Alerting
T1027.004 - Compile After Delivery
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation

MITREへのリンク →

Ember Bear

Score: 57.55

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1564.008 - Email Hiding Rules
T1584.008 - Network Devices
T1178 - SID-History Injection
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1589 - Gather Victim Identity Information
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1136.002 - Domain Account
T1175 - Component Object Model and Distributed COM
T1051 - Shared Webroot
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence
T1519 - Emond
T1003.003 - NTDS

MITREへのリンク →

Machete

Score: 14.08

Matched TTPs:

T1053.005 - Scheduled Task
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1685.002 - Disable or Modify Cloud Log
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation

MITREへのリンク →

APT42

Score: 47.68

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1156 - Malicious Shell Modification
T1596.003 - Digital Certificates
T1109 - Component Firmware
T1110.002 - Password Cracking
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1583.001 - Domains
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1677 - Poisoned Pipeline Execution
T1175 - Component Object Model and Distributed COM
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1599 - Network Boundary Bridging
T1030 - Data Transfer Size Limits
T1506 - Web Session Cookie
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation

MITREへのリンク →

FIN10

Score: 13.29

Matched TTPs:

T1053.005 - Scheduled Task
T1557 - Adversary-in-the-Middle
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1622 - Debugger Evasion

MITREへのリンク →

Naikon

Score: 11.55

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1679 - Selective Exclusion
T1166 - Setuid and Setgid
T1506 - Web Session Cookie

MITREへのリンク →

RedCurl

Score: 52.24

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1583 - Acquire Infrastructure
T1587.003 - Digital Certificates
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1591.003 - Identify Business Tempo
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1608.004 - Drive-by Target
T1558.005 - Ccache Files
T1562.012 - Disable or Modify Linux Audit System
T1546.005 - Trap
T1612 - Build Image on Host
T1051 - Shared Webroot
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1574.010 - Services File Permissions Weakness
T1542.004 - ROMMONkit
T1059.011 - Lua
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation

MITREへのリンク →

Moonstone Sleet

Score: 45.28

Matched TTPs:

T1053.005 - Scheduled Task
T1557 - Adversary-in-the-Middle
T1132.001 - Standard Encoding
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1546.005 - Trap
T1134.002 - Create Process with Token
T1175 - Component Object Model and Distributed COM
T1057 - Process Discovery
T1679 - Selective Exclusion
T1059.011 - Lua
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1197 - BITS Jobs
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

APT32

Score: 91.68

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1110.001 - Password Guessing
T1597.002 - Purchase Technical Data
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1115 - Clipboard Data
T1608.004 - Drive-by Target
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1131 - Authentication Package
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1134.002 - Create Process with Token
T1055.013 - Process Doppelgänging
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1174 - Password Filter DLL
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process

MITREへのリンク →

Fox Kitten

Score: 41.80

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1177 - LSASS Driver
T1045 - Software Packing
T1055.013 - Process Doppelgänging
T1612 - Build Image on Host
T1051 - Shared Webroot
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1588.005 - Exploits

MITREへのリンク →

APT33

Score: 32.39

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1178 - SID-History Injection
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1546.005 - Trap
T1051 - Shared Webroot
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

OilRig

Score: 96.22

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1552.005 - Cloud Instance Metadata API
T1178 - SID-History Injection
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1562.009 - Safe Mode Boot
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1574.014 - AppDomainManager
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1562 - Impair Defenses
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1009 - Binary Padding
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1051 - Shared Webroot
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1592.002 - Software
T1570 - Lateral Tool Transfer
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1556.009 - Conditional Access Policies
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

APT38

Score: 68.68

Matched TTPs:

T1053.005 - Scheduled Task
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1568.002 - Domain Generation Algorithms
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1598.003 - Spearphishing Link
T1685.002 - Disable or Modify Cloud Log
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1684 - Social Engineering
T1503 - Credentials from Web Browsers
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1138 - Application Shimming
T1218.012 - Verclsid
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1174 - Password Filter DLL
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution

MITREへのリンク →

menuPass

Score: 42.27

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1596.003 - Digital Certificates
T1584.008 - Network Devices
T1178 - SID-History Injection
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1547.011 - Plist Modification
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1174 - Password Filter DLL
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

APT-C-36

Score: 8.20

Matched TTPs:

T1053.005 - Scheduled Task
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1199 - Trusted Relationship
T1059.011 - Lua
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN6

Score: 42.54

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1087.002 - Domain Account
T1063 - Security Software Discovery
T1598.003 - Spearphishing Link
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1505 - Server Software Component
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

LuminousMoth

Score: 33.27

Matched TTPs:

T1053.005 - Scheduled Task
T1557 - Adversary-in-the-Middle
T1109 - Component Firmware
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1089 - Disabling Security Tools
T1115 - Clipboard Data
T1058 - Service Registry Permissions Weakness
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1136.002 - Domain Account
T1584.005 - Botnet
T1087.004 - Cloud Account
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 125.34

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1132.001 - Standard Encoding
T1596.003 - Digital Certificates
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1558.005 - Ccache Files
T1059.010 - AutoHotKey & AutoIT
T1070.008 - Clear Mailbox Data
T1205 - Traffic Signaling
T1050 - New Service
T1070.006 - Timestomp
T1032 - Standard Cryptographic Protocol
T1009 - Binary Padding
T1557.001 - Name Resolution Poisoning and SMB Relay
T1547.011 - Plist Modification
T1134.002 - Create Process with Token
T1677 - Poisoned Pipeline Execution
T1218.012 - Verclsid
T1608.005 - Link Target
T1606.001 - Web Cookies
T1583.006 - Web Services
T1087.004 - Cloud Account
T1057 - Process Discovery
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1069.001 - Local Groups
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1174 - Password Filter DLL
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion
T1547.008 - LSASS Driver
T1569.002 - Service Execution
T1556 - Modify Authentication Process
T1216 - System Script Proxy Execution

MITREへのリンク →

BRONZE BUTLER

Score: 50.49

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1156 - Malicious Shell Modification
T1568.002 - Domain Generation Algorithms
T1087.002 - Domain Account
T1591.003 - Identify Business Tempo
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1546.005 - Trap
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1542.004 - ROMMONkit
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

Winter Vivern

Score: 34.94

Matched TTPs:

T1053.005 - Scheduled Task
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1587.003 - Digital Certificates
T1598.003 - Spearphishing Link
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1548 - Abuse Elevation Control Mechanism
T1055.013 - Process Doppelgänging
T1175 - Component Object Model and Distributed COM
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1218.001 - Compiled HTML File
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Dragonfly

Score: 59.72

Matched TTPs:

T1053.005 - Scheduled Task
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1584.008 - Network Devices
T1178 - SID-History Injection
T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1055.013 - Process Doppelgänging
T1175 - Component Object Model and Distributed COM
T1657 - Financial Theft
T1497.002 - User Activity Based Checks
T1041 - Exfiltration Over C2 Channel
T1059.001 - PowerShell
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1570 - Lateral Tool Transfer
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

MuddyWater

Score: 87.34

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1568.002 - Domain Generation Algorithms
T1178 - SID-History Injection
T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1547.012 - Print Processors
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1586.002 - Email Accounts
T1518.002 - Backup Software Discovery
T1562.012 - Disable or Modify Linux Audit System
T1546.005 - Trap
T1547.011 - Plist Modification
T1051 - Shared Webroot
T1218.012 - Verclsid
T1608.005 - Link Target
T1583.006 - Web Services
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gamaredon Group

Score: 104.24

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1552.005 - Cloud Instance Metadata API
T1087.002 - Domain Account
T1591.003 - Identify Business Tempo
T1562.009 - Safe Mode Boot
T1598.003 - Spearphishing Link
T1547.012 - Print Processors
T1590.003 - Network Trust Dependencies
T1058 - Service Registry Permissions Weakness
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1205 - Traffic Signaling
T1059.009 - Cloud API
T1045 - Software Packing
T1175 - Component Object Model and Distributed COM
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608 - Stage Capabilities
T1608.005 - Link Target
T1606.001 - Web Cookies
T1583.006 - Web Services
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1061 - Graphical User Interface
T1542.004 - ROMMONkit
T1059.011 - Lua
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Kimsuky

Score: 136.49

Matched TTPs:

T1053.005 - Scheduled Task
T1560.001 - Archive via Utility
T1156 - Malicious Shell Modification
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1109 - Component Firmware
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1583.005 - Botnet
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1205 - Traffic Signaling
T1009 - Binary Padding
T1602.002 - Network Device Configuration Dump
T1131 - Authentication Package
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1557.003 - DHCP Spoofing
T1546.005 - Trap
T1134.002 - Create Process with Token
T1051 - Shared Webroot
T1218.012 - Verclsid
T1552.003 - Shell History
T1608 - Stage Capabilities
T1608.005 - Link Target
T1583.006 - Web Services
T1087.004 - Cloud Account
T1057 - Process Discovery
T1497.002 - User Activity Based Checks
T1041 - Exfiltration Over C2 Channel
T1055.014 - VDSO Hijacking
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1597 - Search Closed Sources
T1059.011 - Lua
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1030 - Data Transfer Size Limits
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1197 - BITS Jobs
T1591.004 - Identify Roles
T1565.002 - Transmitted Data Manipulation
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1003.003 - NTDS
T1008 - Fallback Channels

MITREへのリンク →

Stealth Falcon

Score: 22.73

Matched TTPs:

T1053.005 - Scheduled Task
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1055.013 - Process Doppelgänging
T1583.006 - Web Services
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1570 - Lateral Tool Transfer
T1556.009 - Conditional Access Policies
T1556.005 - Reversible Encryption

MITREへのリンク →

BITTER

Score: 15.53

Matched TTPs:

T1053.005 - Scheduled Task
T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1683 - Generate Content
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Confucius

Score: 17.53

Matched TTPs:

T1053.005 - Scheduled Task
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.012 - Verclsid
T1608.005 - Link Target
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT37

Score: 47.61

Matched TTPs:

T1053.005 - Scheduled Task
T1557 - Adversary-in-the-Middle
T1485.001 - Lifecycle-Triggered Deletion
T1568.002 - Domain Generation Algorithms
T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1590.003 - Network Trust Dependencies
T1684 - Social Engineering
T1562.012 - Disable or Modify Linux Audit System
T1055.013 - Process Doppelgänging
T1583.006 - Web Services
T1679 - Selective Exclusion
T1059.011 - Lua
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

HAFNIUM

Score: 29.56

Matched TTPs:

T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1134.002 - Create Process with Token
T1175 - Component Object Model and Distributed COM
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

CopyKittens

Score: 7.52

Matched TTPs:

T1560.001 - Archive via Utility
T1583 - Acquire Infrastructure
T1045 - Software Packing
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship

MITREへのリンク →

Volt Typhoon

Score: 88.82

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1156 - Malicious Shell Modification
T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1213.002 - Sharepoint
T1685.001 - Disable or Modify Windows Event Log
T1562.009 - Safe Mode Boot
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1567 - Exfiltration Over Web Service
T1070.008 - Clear Mailbox Data
T1070.006 - Timestomp
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1535 - Unused/Unsupported Cloud Regions
T1546.005 - Trap
T1134.002 - Create Process with Token
T1045 - Software Packing
T1049 - System Network Connections Discovery
T1583.006 - Web Services
T1057 - Process Discovery
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1488 - Disk Content Wipe
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1569.002 - Service Execution

MITREへのリンク →

APT1

Score: 18.62

Matched TTPs:

T1560.001 - Archive via Utility
T1587.003 - Digital Certificates
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1546.005 - Trap
T1136.002 - Domain Account
T1583.006 - Web Services
T1199 - Trusted Relationship
T1591.004 - Identify Roles
T1622 - Debugger Evasion

MITREへのリンク →

Play

Score: 30.77

Matched TTPs:

T1560.001 - Archive via Utility
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1546.005 - Trap
T1552.003 - Shell History
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1142 - Keychain
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1166 - Setuid and Setgid
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gallmaker

Score: 9.09

Matched TTPs:

T1560.001 - Archive via Utility
T1206 - Sudo Caching
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1497.002 - User Activity Based Checks
T1059.011 - Lua

MITREへのリンク →

Sea Turtle

Score: 34.10

Matched TTPs:

T1560.001 - Archive via Utility
T1499.003 - Application Exhaustion Flood
T1587.003 - Digital Certificates
T1063 - Security Software Discovery
T1140 - Deobfuscate/Decode Files or Information
T1218 - System Binary Proxy Execution
T1555.003 - Credentials from Web Browsers
T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1556.005 - Reversible Encryption

MITREへのリンク →

APT5

Score: 33.47

Matched TTPs:

T1560.001 - Archive via Utility
T1596.003 - Digital Certificates
T1584.008 - Network Devices
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1677 - Poisoned Pipeline Execution
T1583.006 - Web Services
T1546.003 - Windows Management Instrumentation Event Subscription
T1497.002 - User Activity Based Checks
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1622 - Debugger Evasion

MITREへのリンク →

Agrius

Score: 25.47

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1176.001 - Browser Extensions
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1087.004 - Cloud Account
T1597 - Search Closed Sources
T1566.004 - Spearphishing Voice
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1622 - Debugger Evasion

MITREへのリンク →

APT28

Score: 96.39

Matched TTPs:

T1560.001 - Archive via Utility
T1156 - Malicious Shell Modification
T1583 - Acquire Infrastructure
T1596.003 - Digital Certificates
T1597.002 - Purchase Technical Data
T1685.001 - Disable or Modify Windows Event Log
T1552.005 - Cloud Instance Metadata API
T1206 - Sudo Caching
T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1583.005 - Botnet
T1058 - Service Registry Permissions Weakness
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1032 - Standard Cryptographic Protocol
T1131 - Authentication Package
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1547.011 - Plist Modification
T1175 - Component Object Model and Distributed COM
T1608.005 - Link Target
T1583.006 - Web Services
T1057 - Process Discovery
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1548.004 - Elevated Execution with Prompt
T1592.003 - Firmware
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1197 - BITS Jobs
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1564.004 - NTFS File Attributes
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 85.52

Matched TTPs:

T1560.001 - Archive via Utility
T1014 - Rootkit
T1552.005 - Cloud Instance Metadata API
T1606.002 - SAML Tokens
T1063 - Security Software Discovery
T1543.003 - Windows Service
T1003.007 - Proc Filesystem
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1131 - Authentication Package
T1059.009 - Cloud API
T1557.001 - Name Resolution Poisoning and SMB Relay
T1003.001 - LSASS Memory
T1045 - Software Packing
T1136.002 - Domain Account
T1612 - Build Image on Host
T1608.005 - Link Target
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1556.009 - Conditional Access Policies
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution

MITREへのリンク →

Sowbug

Score: 10.11

Matched TTPs:

T1560.001 - Archive via Utility
T1596.003 - Digital Certificates
T1597.002 - Purchase Technical Data
T1542.004 - ROMMONkit
T1591.004 - Identify Roles

MITREへのリンク →

UNC3886

Score: 60.20

Matched TTPs:

T1560.001 - Archive via Utility
T1583 - Acquire Infrastructure
T1606.002 - SAML Tokens
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1218 - System Binary Proxy Execution
T1009 - Binary Padding
T1021.006 - Windows Remote Management
T1546.005 - Trap
T1585.002 - Email Accounts
T1136.002 - Domain Account
T1583.006 - Web Services
T1546.003 - Windows Management Instrumentation Event Subscription
T1497.002 - User Activity Based Checks
T1606 - Forge Web Credentials
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1488 - Disk Content Wipe
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1546.002 - Screensaver
T1070.009 - Clear Persistence

MITREへのリンク →

Ke3chang

Score: 47.90

Matched TTPs:

T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1584.008 - Network Devices
T1178 - SID-History Injection
T1606.002 - SAML Tokens
T1176.001 - Browser Extensions
T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1583.006 - Web Services
T1087.004 - Cloud Account
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1059.011 - Lua
T1102.002 - Bidirectional Communication
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Lotus Blossom

Score: 19.79

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1109 - Component Firmware
T1176.001 - Browser Extensions
T1059.009 - Cloud API
T1199 - Trusted Relationship
T1570 - Lateral Tool Transfer
T1505 - Server Software Component
T1569.002 - Service Execution

MITREへのリンク →

Aquatic Panda

Score: 42.47

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1032 - Standard Cryptographic Protocol
T1589 - Gather Victim Identity Information
T1059.009 - Cloud API
T1546.005 - Trap
T1144 - Gatekeeper Bypass
T1136.002 - Domain Account
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1166 - Setuid and Setgid
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

INC Ransom

Score: 28.81

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1552.003 - Shell History
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Akira

Score: 23.39

Matched TTPs:

T1560.001 - Archive via Utility
T1137.005 - Outlook Rules
T1586.002 - Email Accounts
T1552.003 - Shell History
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1601 - Modify System Image
T1027 - Obfuscated Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Cinnamon Tempest

Score: 27.92

Matched TTPs:

T1047 - Windows Management Instrumentation
T1591.003 - Identify Business Tempo
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1045 - Software Packing
T1552.003 - Shell History
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1166 - Setuid and Setgid
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Medusa Group

Score: 69.83

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1568.002 - Domain Generation Algorithms
T1176.001 - Browser Extensions
T1547.012 - Print Processors
T1590.003 - Network Trust Dependencies
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1218.003 - CMSTP
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1552.003 - Shell History
T1608.005 - Link Target
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1566.004 - Spearphishing Voice
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1598 - Phishing for Information
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Leviathan

Score: 60.25

Matched TTPs:

T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1685.001 - Disable or Modify Windows Event Log
T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1050 - New Service
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1679 - Selective Exclusion
T1157 - Dylib Hijacking
T1027.014 - Polymorphic Code
T1488 - Disk Content Wipe
T1592.003 - Firmware
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1001.003 - Protocol or Service Impersonation
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Velvet Ant

Score: 26.54

Matched TTPs:

T1047 - Windows Management Instrumentation
T1089 - Disabling Security Tools
T1583.005 - Botnet
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1009 - Binary Padding
T1597 - Search Closed Sources
T1566.004 - Spearphishing Voice
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

Indrik Spider

Score: 30.88

Matched TTPs:

T1047 - Windows Management Instrumentation
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1003.007 - Proc Filesystem
T1059.009 - Cloud API
T1546.005 - Trap
T1051 - Shared Webroot
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1570 - Lateral Tool Transfer
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1498 - Network Denial of Service
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Windshift

Score: 25.72

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1583.006 - Web Services
T1679 - Selective Exclusion
T1059.011 - Lua
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Deep Panda

Score: 13.59

Matched TTPs:

T1047 - Windows Management Instrumentation
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1027.014 - Polymorphic Code

MITREへのリンク →

Threat Group-3390

Score: 58.98

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1596.003 - Digital Certificates
T1568.002 - Domain Generation Algorithms
T1584.008 - Network Devices
T1178 - SID-History Injection
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1115 - Clipboard Data
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1155 - AppleScript
T1546.005 - Trap
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

MoustachedBouncer

Score: 9.97

Matched TTPs:

T1156 - Malicious Shell Modification
T1055.003 - Thread Execution Hijacking
T1045 - Software Packing
T1497.002 - User Activity Based Checks

MITREへのリンク →

GOLD SOUTHFIELD

Score: 15.23

Matched TTPs:

T1156 - Malicious Shell Modification
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1497.002 - User Activity Based Checks
T1562.013 - Disable or Modify Network Device Firewall
T1573 - Encrypted Channel
T1601.001 - Patch System Image

MITREへのリンク →

Group5

Score: 5.60

Matched TTPs:

T1156 - Malicious Shell Modification
T1596.003 - Digital Certificates
T1070.009 - Clear Persistence

MITREへのリンク →

Dark Caracal

Score: 14.15

Matched TTPs:

T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1679 - Selective Exclusion
T1048 - Exfiltration Over Alternative Protocol
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.008 - LSASS Driver

MITREへのリンク →

APT19

Score: 24.99

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1583 - Acquire Infrastructure
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1059.009 - Cloud API
T1055.013 - Process Doppelgänging
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

Tropic Trooper

Score: 39.22

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1058 - Service Registry Permissions Weakness
T1059.010 - AutoHotKey & AutoIT
T1555.003 - Credentials from Web Browsers
T1003.001 - LSASS Memory
T1583.006 - Web Services
T1679 - Selective Exclusion
T1683 - Generate Content
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

ZIRCONIUM

Score: 39.66

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1685.001 - Disable or Modify Windows Event Log
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1685.002 - Disable or Modify Cloud Log
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1562.012 - Disable or Modify Linux Audit System
T1608.005 - Link Target
T1087.004 - Cloud Account
T1679 - Selective Exclusion
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1027.004 - Compile After Delivery
T1197 - BITS Jobs
T1591.004 - Identify Roles
T1547.013 - XDG Autostart Entries
T1608.006 - SEO Poisoning

MITREへのリンク →

Storm-1811

Score: 37.26

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1543.003 - Windows Service
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1032 - Standard Cryptographic Protocol
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1599 - Network Boundary Bridging
T1486 - Data Encrypted for Impact
T1566.004 - Spearphishing Voice
T1030 - Data Transfer Size Limits
T1591.004 - Identify Roles
T1565.002 - Transmitted Data Manipulation
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Sidewinder

Score: 32.47

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1218.012 - Verclsid
T1657 - Financial Theft
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Carbanak

Score: 13.47

Matched TTPs:

T1583 - Acquire Infrastructure
T1176.001 - Browser Extensions
T1586.002 - Email Accounts
T1009 - Binary Padding
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

TA551

Score: 21.21

Matched TTPs:

T1583 - Acquire Infrastructure
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1134.002 - Create Process with Token
T1218.012 - Verclsid
T1027.014 - Polymorphic Code
T1562.011 - Spoof Security Alerting
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA505

Score: 43.87

Matched TTPs:

T1583 - Acquire Infrastructure
T1206 - Sudo Caching
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1685.002 - Disable or Modify Cloud Log
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1136.002 - Domain Account
T1138 - Application Shimming
T1051 - Shared Webroot
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1166 - Setuid and Setgid
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LazyScripter

Score: 25.54

Matched TTPs:

T1583 - Acquire Infrastructure
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA577

Score: 6.25

Matched TTPs:

T1132.001 - Standard Encoding
T1543.003 - Windows Service
T1591.004 - Identify Roles

MITREへのリンク →

Ajax Security Team

Score: 8.95

Matched TTPs:

T1596.003 - Digital Certificates
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1562.012 - Disable or Modify Linux Audit System
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Darkhotel

Score: 32.67

Matched TTPs:

T1596.003 - Digital Certificates
T1087.002 - Domain Account
T1591.003 - Identify Business Tempo
T1562.009 - Safe Mode Boot
T1598.003 - Spearphishing Link
T1058 - Service Registry Permissions Weakness
T1059.010 - AutoHotKey & AutoIT
T1064 - Scripting
T1583.006 - Web Services
T1564.002 - Hidden Users
T1679 - Selective Exclusion
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Tonto Team

Score: 20.59

Matched TTPs:

T1596.003 - Digital Certificates
T1597.002 - Purchase Technical Data
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

PLATINUM

Score: 16.79

Matched TTPs:

T1596.003 - Digital Certificates
T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1684 - Social Engineering
T1546.005 - Trap
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1686 - Disable or Modify System Firewall

MITREへのリンク →

FIN4

Score: 13.19

Matched TTPs:

T1596.003 - Digital Certificates
T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1574.010 - Services File Permissions Weakness
T1157 - Dylib Hijacking
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation

MITREへのリンク →

Poseidon Group

Score: 7.43

Matched TTPs:

T1597.002 - Purchase Technical Data
T1003.007 - Proc Filesystem
T1583.006 - Web Services
T1497.002 - User Activity Based Checks

MITREへのリンク →

Suckfly

Score: 4.97

Matched TTPs:

T1597.002 - Purchase Technical Data
T1157 - Dylib Hijacking
T1591.004 - Identify Roles

MITREへのリンク →

Axiom

Score: 40.57

Matched TTPs:

T1597.002 - Purchase Technical Data
T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1175 - Component Object Model and Distributed COM
T1049 - System Network Connections Discovery
T1562.013 - Disable or Modify Network Device Firewall
T1157 - Dylib Hijacking
T1114.002 - Remote Email Collection
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1189 - Drive-by Compromise
T1622 - Debugger Evasion
T1160 - Launch Daemon

MITREへのリンク →

Scattered Spider

Score: 80.37

Matched TTPs:

T1213.002 - Sharepoint
T1109 - Component Firmware
T1685.004 - Disable or Modify Linux Audit System Log
T1566.002 - Spearphishing Link
T1583.001 - Domains
T1535 - Unused/Unsupported Cloud Regions
T1019 - System Firmware
T1144 - Gatekeeper Bypass
T1045 - Software Packing
T1136.002 - Domain Account
T1051 - Shared Webroot
T1552.003 - Shell History
T1619 - Cloud Storage Object Discovery
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1030 - Data Transfer Size Limits
T1197 - BITS Jobs
T1564.003 - Hidden Window
T1565.002 - Transmitted Data Manipulation
T1498 - Network Denial of Service
T1027.002 - Software Packing
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1588.005 - Exploits

MITREへのリンク →

Contagious Interview

Score: 66.32

Matched TTPs:

T1044 - File System Permissions Weakness
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1131 - Authentication Package
T1021.006 - Windows Remote Management
T1045 - Software Packing
T1175 - Component Object Model and Distributed COM
T1064 - Scripting
T1552.003 - Shell History
T1608.005 - Link Target
T1087.004 - Cloud Account
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1030 - Data Transfer Size Limits
T1027.004 - Compile After Delivery
T1059.006 - Python
T1591.004 - Identify Roles
T1565.002 - Transmitted Data Manipulation
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1027.010 - Command Obfuscation
T1221 - Template Injection
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Evilnum

Score: 20.15

Matched TTPs:

T1109 - Component Firmware
T1568.002 - Domain Generation Algorithms
T1562.009 - Safe Mode Boot
T1543.003 - Windows Service
T1089 - Disabling Security Tools
T1562 - Impair Defenses
T1565.002 - Transmitted Data Manipulation
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Star Blizzard

Score: 19.56

Matched TTPs:

T1109 - Component Firmware
T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1657 - Financial Theft
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1168 - Local Job Scheduling

MITREへのリンク →

Mustard Tempest

Score: 16.82

Matched TTPs:

T1682 - Query Public AI Services
T1543.003 - Windows Service
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1557.003 - DHCP Spoofing
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Leafminer

Score: 20.56

Matched TTPs:

T1178 - SID-History Injection
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1546.005 - Trap
T1101 - Security Support Provider
T1051 - Shared Webroot
T1199 - Trusted Relationship
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

Salt Typhoon

Score: 20.92

Matched TTPs:

T1606.002 - SAML Tokens
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1608.002 - Upload Tool
T1009 - Binary Padding
T1199 - Trusted Relationship
T1498 - Network Denial of Service
T1556 - Modify Authentication Process

MITREへのリンク →

Aoqin Dragon

Score: 12.68

Matched TTPs:

T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1058 - Service Registry Permissions Weakness
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice

MITREへのリンク →

Cleaver

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1546.005 - Trap
T1199 - Trusted Relationship

MITREへのリンク →

Moses Staff

Score: 11.23

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TeamTNT

Score: 53.87

Matched TTPs:

T1606.002 - SAML Tokens
T1176.001 - Browser Extensions
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1009 - Binary Padding
T1560 - Archive Collected Data
T1071.003 - Mail Protocols
T1535 - Unused/Unsupported Cloud Regions
T1612 - Build Image on Host
T1051 - Shared Webroot
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1142 - Keychain
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1519 - Emond
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Malteiro

Score: 17.40

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.010 - AutoHotKey & AutoIT
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1552.003 - Shell History
T1102.002 - Bidirectional Communication
T1506 - Web Session Cookie
T1027.010 - Command Obfuscation

MITREへのリンク →

APT12

Score: 5.55

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Elderwood

Score: 7.15

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Transparent Tribe

Score: 10.80

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation

MITREへのリンク →

WIRTE

Score: 10.99

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1059.010 - AutoHotKey & AutoIT
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

RTM

Score: 12.58

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1679 - Selective Exclusion
T1565.002 - Transmitted Data Manipulation
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

CURIUM

Score: 25.41

Matched TTPs:

T1087.002 - Domain Account
T1566.002 - Spearphishing Link
T1598.003 - Spearphishing Link
T1115 - Clipboard Data
T1555.003 - Credentials from Web Browsers
T1557.003 - DHCP Spoofing
T1175 - Component Object Model and Distributed COM
T1087.004 - Cloud Account
T1497.002 - User Activity Based Checks
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

DarkHydrus

Score: 3.31

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship

MITREへのリンク →

PROMETHIUM

Score: 5.69

Matched TTPs:

T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1679 - Selective Exclusion
T1059.012 - Hypervisor CLI

MITREへのリンク →

Inception

Score: 22.53

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1562.012 - Disable or Modify Linux Audit System
T1612 - Build Image on Host
T1218.012 - Verclsid
T1583.006 - Web Services
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1027.010 - Command Obfuscation
T1159 - Launch Agent

MITREへのリンク →

EXOTIC LILY

Score: 14.15

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1134.002 - Create Process with Token
T1612 - Build Image on Host
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Saint Bear

Score: 24.27

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1134.002 - Create Process with Token
T1055.013 - Process Doppelgänging
T1064 - Scripting
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1030 - Data Transfer Size Limits
T1591.004 - Identify Roles

MITREへのリンク →

Whitefly

Score: 7.96

Matched TTPs:

T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA459

Score: 5.36

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1497.002 - User Activity Based Checks
T1218.010 - Regsvr32
T1027.010 - Command Obfuscation

MITREへのリンク →

Nomadic Octopus

Score: 6.38

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1497.002 - User Activity Based Checks
T1591.004 - Identify Roles
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gorgon Group

Score: 22.89

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1050 - New Service
T1059.009 - Cloud API
T1114.003 - Email Forwarding Rule
T1497.002 - User Activity Based Checks
T1679 - Selective Exclusion
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1591.004 - Identify Roles
T1027.010 - Command Obfuscation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

SideCopy

Score: 20.44

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1091 - Replication Through Removable Media
T1218.012 - Verclsid
T1657 - Financial Theft
T1506 - Web Session Cookie
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mofang

Score: 3.11

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link

MITREへのリンク →

Andariel

Score: 16.55

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1136.002 - Domain Account
T1583.006 - Web Services
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

admin@338

Score: 6.63

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1003.007 - Proc Filesystem
T1218.010 - Regsvr32
T1591.004 - Identify Roles

MITREへのリンク →

The White Company

Score: 6.44

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1070.009 - Clear Persistence

MITREへのリンク →

IndigoZebra

Score: 5.30

Matched TTPs:

T1087.002 - Domain Account
T1598.003 - Spearphishing Link
T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BlackTech

Score: 10.94

Matched TTPs:

T1087.002 - Domain Account
T1543.003 - Windows Service
T1598.003 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

DarkVishnya

Score: 9.21

Matched TTPs:

T1176.001 - Browser Extensions
T1583.005 - Botnet
T1586.002 - Email Accounts
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship

MITREへのリンク →

Silent Librarian

Score: 11.10

Matched TTPs:

T1566.002 - Spearphishing Link
T1134.002 - Create Process with Token
T1584.005 - Botnet
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

BackdoorDiplomacy

Score: 11.34

Matched TTPs:

T1089 - Disabling Security Tools
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1059.011 - Lua
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1574.014 - AppDomainManager
T1569.002 - Service Execution

MITREへのリンク →

Rocke

Score: 36.77

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1535 - Unused/Unsupported Cloud Regions
T1114.003 - Email Forwarding Rule
T1612 - Build Image on Host
T1583.006 - Web Services
T1679 - Selective Exclusion
T1597 - Search Closed Sources
T1059.011 - Lua
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

Volatile Cedar

Score: 8.14

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1002 - Data Compressed
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Threat Group-1314

Score: 5.18

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1166 - Setuid and Setgid
T1591.004 - Identify Roles

MITREへのリンク →

Orangeworm

Score: 3.12

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1556.005 - Reversible Encryption

MITREへのリンク →

SilverTerrier

Score: 10.62

Matched TTPs:

T1131 - Authentication Package
T1552.003 - Shell History
T1041 - Exfiltration Over C2 Channel
T1556.005 - Reversible Encryption

MITREへのリンク →

LAPSUS$

Score: 40.73

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1134.002 - Create Process with Token
T1019 - System Firmware
T1045 - Software Packing
T1136.002 - Domain Account
T1175 - Component Object Model and Distributed COM
T1619 - Cloud Storage Object Discovery
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1601 - Modify System Image
T1592.003 - Firmware
T1030 - Data Transfer Size Limits
T1564.003 - Hidden Window
T1588.005 - Exploits

MITREへのリンク →

FIN5

Score: 8.74

Matched TTPs:

T1547.011 - Plist Modification
T1055.013 - Process Doppelgänging
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1070.009 - Clear Persistence

MITREへのリンク →

Windigo

Score: 9.19

Matched TTPs:

T1045 - Software Packing
T1055.013 - Process Doppelgänging
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

POLONIUM

Score: 9.02

Matched TTPs:

T1045 - Software Packing
T1608.005 - Link Target
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

Metador

Score: 7.61

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Equation

Score: 8.67

Matched TTPs:

T1589.003 - Employee Names
T1037.001 - Logon Script (Windows)

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

Thrip

Score: 7.32

Matched TTPs:

T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1565.002 - Transmitted Data Manipulation
T1556 - Modify Authentication Process

MITREへのリンク →

Putter Panda

Score: 3.00

Matched TTPs:

T1679 - Selective Exclusion
T1597 - Search Closed Sources

MITREへのリンク →

APT18

Score: 6.93

Matched TTPs:

T1679 - Selective Exclusion
T1157 - Dylib Hijacking
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Kimsuky

Score: 0.70

Matched TTPs:

T1591.004 - Identify Roles
T1552.003 - Shell History
T1059.011 - Lua
T1027.004 - Compile After Delivery
T1601.001 - Patch System Image
T1622 - Debugger Evasion
T1055.014 - VDSO Hijacking
T1596.003 - Digital Certificates
T1003.003 - NTDS
T1597 - Search Closed Sources
T1543.003 - Windows Service
T1003.007 - Proc Filesystem
T1546.005 - Trap
T1027.010 - Command Obfuscation
T1030 - Data Transfer Size Limits
T1598.003 - Spearphishing Link
T1497.002 - User Activity Based Checks
T1556.005 - Reversible Encryption
T1583.006 - Web Services
T1131 - Authentication Package
T1087.004 - Cloud Account
T1565.002 - Transmitted Data Manipulation
T1087.002 - Domain Account
T1602.002 - Network Device Configuration Dump
T1057 - Process Discovery
T1070.009 - Clear Persistence
T1008 - Fallback Channels
T1684 - Social Engineering
T1679 - Selective Exclusion
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1134.002 - Create Process with Token
T1562.013 - Disable or Modify Network Device Firewall
T1560.001 - Archive via Utility
T1059.009 - Cloud API
T1506 - Web Session Cookie
T1059.010 - AutoHotKey & AutoIT
T1027.014 - Polymorphic Code
T1109 - Component Firmware
T1009 - Binary Padding
T1051 - Shared Webroot
T1091 - Replication Through Removable Media
T1041 - Exfiltration Over C2 Channel
T1608.005 - Link Target
T1608 - Stage Capabilities
T1547.013 - XDG Autostart Entries
T1557.003 - DHCP Spoofing
T1218.012 - Verclsid
T1176.001 - Browser Extensions
T1205 - Traffic Signaling
T1555.003 - Credentials from Web Browsers
T1156 - Malicious Shell Modification
T1570 - Lateral Tool Transfer
T1562.012 - Disable or Modify Linux Audit System
T1053.005 - Scheduled Task
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1583 - Acquire Infrastructure
T1197 - BITS Jobs
T1547.002 - Authentication Package

MITREへのリンク →

Lazarus Group

Score: 0.64

Matched TTPs:

T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution
T1591.004 - Identify Roles
T1622 - Debugger Evasion
T1596.003 - Digital Certificates
T1597 - Search Closed Sources
T1543.003 - Windows Service
T1047 - Windows Management Instrumentation
T1027.010 - Command Obfuscation
T1032 - Standard Cryptographic Protocol
T1174 - Password Filter DLL
T1598.003 - Spearphishing Link
T1497.002 - User Activity Based Checks
T1556.005 - Reversible Encryption
T1583.006 - Web Services
T1087.004 - Cloud Account
T1677 - Poisoned Pipeline Execution
T1087.002 - Domain Account
T1070.009 - Clear Persistence
T1057 - Process Discovery
T1557.001 - Name Resolution Poisoning and SMB Relay
T1679 - Selective Exclusion
T1590.003 - Network Trust Dependencies
T1606.002 - SAML Tokens
T1134.002 - Create Process with Token
T1050 - New Service
T1558.005 - Ccache Files
T1059.010 - AutoHotKey & AutoIT
T1070.006 - Timestomp
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1157 - Dylib Hijacking
T1132.001 - Standard Encoding
T1009 - Binary Padding
T1557 - Adversary-in-the-Middle
T1569.002 - Service Execution
T1608.005 - Link Target
T1547.013 - XDG Autostart Entries
T1218.012 - Verclsid
T1176.001 - Browser Extensions
T1205 - Traffic Signaling
T1055.005 - Thread Local Storage
T1547.011 - Plist Modification
T1570 - Lateral Tool Transfer
T1070.008 - Clear Mailbox Data
T1089 - Disabling Security Tools
T1556 - Modify Authentication Process
T1053.005 - Scheduled Task
T1199 - Trusted Relationship
T1606.001 - Web Cookies
T1583 - Acquire Infrastructure
T1547.008 - LSASS Driver
T1547.002 - Authentication Package
T1069.001 - Local Groups

MITREへのリンク →

How ClickFix Opens the Door to Stealthy StealC Information Stealer

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)