Pulse Detail-

HAFNIUM

Score: 17.98

Matched TTPs:

T1560.001 - Archive via Utility
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1203 - Exploitation for Client Execution

MITREへのリンク →

menuPass

Score: 17.51

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking

MITREへのリンク →

Wizard Spider

Score: 21.62

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1543.003 - Windows Service
T1038 - DLL Search Order Hijacking
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1556.009 - Conditional Access Policies

MITREへのリンク →

APT33

Score: 16.15

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1543.003 - Windows Service
T1583.005 - Botnet
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

Fox Kitten

Score: 16.22

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking

MITREへのリンク →

Volt Typhoon

Score: 39.48

Matched TTPs:

T1560.001 - Archive via Utility
T1685.001 - Disable or Modify Windows Event Log
T1176 - Software Extensions
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1547.005 - Security Support Provider
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1488 - Disk Content Wipe
T1546.016 - Installer Packages
T1159 - Launch Agent
T1569.002 - Service Execution

MITREへのリンク →

APT1

Score: 10.10

Matched TTPs:

T1560.001 - Archive via Utility
T1543.003 - Windows Service
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 36.72

Matched TTPs:

T1560.001 - Archive via Utility
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1218.012 - Verclsid
T1569.001 - Launchctl
T1608.005 - Link Target
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1565.002 - Transmitted Data Manipulation
T1159 - Launch Agent

MITREへのリンク →

Play

Score: 14.52

Matched TTPs:

T1560.001 - Archive via Utility
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking

MITREへのリンク →

Chimera

Score: 13.11

Matched TTPs:

T1560.001 - Archive via Utility
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1592.003 - Firmware

MITREへのリンク →

Sea Turtle

Score: 20.62

Matched TTPs:

T1560.001 - Archive via Utility
T1033 - System Owner/User Discovery
T1499.003 - Application Exhaustion Flood
T1497.001 - System Checks
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1157 - Dylib Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

APT39

Score: 17.67

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1543.003 - Windows Service
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package
T1569.002 - Service Execution

MITREへのリンク →

RedCurl

Score: 21.46

Matched TTPs:

T1560.001 - Archive via Utility
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1562.012 - Disable or Modify Linux Audit System
T1090 - Proxy
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1574.010 - Services File Permissions Weakness
T1542.004 - ROMMONkit

MITREへのリンク →

APT5

Score: 10.80

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling

MITREへのリンク →

Agrius

Score: 12.67

Matched TTPs:

T1560.001 - Archive via Utility
T1033 - System Owner/User Discovery
T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1597 - Search Closed Sources

MITREへのリンク →

GALLIUM

Score: 9.40

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

APT41

Score: 42.22

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1208 - Kerberoasting
T1027 - Obfuscated Files or Information
T1218.010 - Regsvr32
T1002 - Data Compressed
T1030 - Data Transfer Size Limits
T1564.003 - Hidden Window
T1037.001 - Logon Script (Windows)

MITREへのリンク →

MuddyWater

Score: 32.36

Matched TTPs:

T1560.001 - Archive via Utility
T1543.003 - Windows Service
T1140 - Deobfuscate/Decode Files or Information
T1562 - Impair Defenses
T1586.002 - Email Accounts
T1518.002 - Backup Software Discovery
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

APT28

Score: 38.21

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1592.003 - Firmware
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1146 - Clear Command History

MITREへのリンク →

Turla

Score: 38.85

Matched TTPs:

T1560.001 - Archive via Utility
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1176 - Software Extensions
T1590.006 - Network Security Appliances
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1556.009 - Conditional Access Policies
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1569.002 - Service Execution

MITREへのリンク →

Sowbug

Score: 5.93

Matched TTPs:

T1560.001 - Archive via Utility
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit

MITREへのリンク →

BRONZE BUTLER

Score: 16.76

Matched TTPs:

T1560.001 - Archive via Utility
T1558 - Steal or Forge Kerberos Tickets
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1542.004 - ROMMONkit
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

UNC3886

Score: 29.65

Matched TTPs:

T1560.001 - Archive via Utility
T1606.002 - SAML Tokens
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1488 - Disk Content Wipe
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

Kimsuky

Score: 55.48

Matched TTPs:

T1560.001 - Archive via Utility
T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1583.005 - Botnet
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1552.003 - Shell History
T1608.005 - Link Target
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1030 - Data Transfer Size Limits
T1565.002 - Transmitted Data Manipulation
T1003.003 - NTDS

MITREへのリンク →

APT3

Score: 18.93

Matched TTPs:

T1560.001 - Archive via Utility
T1543.003 - Windows Service
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1578.002 - Create Cloud Instance

MITREへのリンク →

FIN8

Score: 10.18

Matched TTPs:

T1560.001 - Archive via Utility
T1543.003 - Windows Service
T1612 - Build Image on Host
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

Ke3chang

Score: 19.92

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1090 - Proxy
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Lotus Blossom

Score: 11.99

Matched TTPs:

T1560.001 - Archive via Utility
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1505 - Server Software Component
T1569.002 - Service Execution

MITREへのリンク →

FIN13

Score: 30.61

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1547.005 - Security Support Provider
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1134.001 - Token Impersonation/Theft
T1199 - Trusted Relationship
T1686.001 - Cloud Firewall
T1569.002 - Service Execution

MITREへのリンク →

Earth Lusca

Score: 23.83

Matched TTPs:

T1560.001 - Archive via Utility
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1136.002 - Domain Account
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Magic Hound

Score: 43.48

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1592.003 - Firmware
T1547.002 - Authentication Package
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Aquatic Panda

Score: 6.70

Matched TTPs:

T1560.001 - Archive via Utility
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources

MITREへのリンク →

INC Ransom

Score: 17.88

Matched TTPs:

T1560.001 - Archive via Utility
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1552.003 - Shell History
T1199 - Trusted Relationship
T1562.013 - Disable or Modify Network Device Firewall
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

Akira

Score: 16.81

Matched TTPs:

T1560.001 - Archive via Utility
T1137.005 - Outlook Rules
T1586.002 - Email Accounts
T1552.003 - Shell History
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

ToddyCat

Score: 11.89

Matched TTPs:

T1560.001 - Archive via Utility
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1219.001 - IDE Tunneling
T1203 - Exploitation for Client Execution
T1547.008 - LSASS Driver

MITREへのリンク →

Ember Bear

Score: 29.81

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1584.008 - Network Devices
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution
T1003.003 - NTDS

MITREへのリンク →

Indrik Spider

Score: 15.81

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1183 - Image File Execution Options Injection
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1546.016 - Installer Packages

MITREへのリンク →

Contagious Interview

Score: 46.27

Matched TTPs:

T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1547.005 - Security Support Provider
T1021.006 - Windows Remote Management
T1183 - Image File Execution Options Injection
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1030 - Data Transfer Size Limits
T1565.002 - Transmitted Data Manipulation
T1221 - Template Injection
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 57.25

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1583.005 - Botnet
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1075 - Pass the Hash
T1546.016 - Installer Packages

MITREへのリンク →

Star Blizzard

Score: 18.58

Matched TTPs:

T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection
T1657 - Financial Theft
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Inception

Score: 14.90

Matched TTPs:

T1491.002 - External Defacement
T1562.012 - Disable or Modify Linux Audit System
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

Dark Caracal

Score: 7.18

Matched TTPs:

T1491.002 - External Defacement
T1219.001 - IDE Tunneling
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Elderwood

Score: 6.30

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Darkhotel

Score: 7.62

Matched TTPs:

T1491.002 - External Defacement
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 9.33

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1115 - Clipboard Data
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT18

Score: 4.32

Matched TTPs:

T1491.002 - External Defacement
T1219.001 - IDE Tunneling
T1157 - Dylib Hijacking

MITREへのリンク →

Leviathan

Score: 32.97

Matched TTPs:

T1491.002 - External Defacement
T1685.001 - Disable or Modify Windows Event Log
T1543.003 - Windows Service
T1140 - Deobfuscate/Decode Files or Information
T1183 - Image File Execution Options Injection
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1157 - Dylib Hijacking
T1488 - Disk Content Wipe
T1592.003 - Firmware
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Sidewinder

Score: 21.76

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1590.006 - Network Security Appliances
T1090 - Proxy
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1657 - Financial Theft
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

Lazarus Group

Score: 38.52

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.008 - LSASS Driver
T1569.002 - Service Execution
T1216 - System Script Proxy Execution

MITREへのリンク →

Saint Bear

Score: 11.90

Matched TTPs:

T1491.002 - External Defacement
T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1030 - Data Transfer Size Limits

MITREへのリンク →

BITTER

Score: 8.58

Matched TTPs:

T1491.002 - External Defacement
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA505

Score: 14.51

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1562.012 - Disable or Modify Linux Audit System
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Higaisa

Score: 7.49

Matched TTPs:

T1491.002 - External Defacement
T1590.006 - Network Security Appliances
T1218.010 - Regsvr32
T1569.002 - Service Execution

MITREへのリンク →

APT19

Score: 5.68

Matched TTPs:

T1491.002 - External Defacement
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship
T1059.012 - Hypervisor CLI

MITREへのリンク →

Threat Group-3390

Score: 21.80

Matched TTPs:

T1491.002 - External Defacement
T1584.008 - Network Devices
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA2541

Score: 14.47

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources

MITREへのリンク →

Malteiro

Score: 8.84

Matched TTPs:

T1491.002 - External Defacement
T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1552.003 - Shell History

MITREへのリンク →

Storm-1811

Score: 25.06

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1486 - Data Encrypted for Impact
T1030 - Data Transfer Size Limits
T1578.002 - Create Cloud Instance
T1565.002 - Transmitted Data Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 7.76

Matched TTPs:

T1491.002 - External Defacement
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1505 - Server Software Component

MITREへのリンク →

Tropic Trooper

Score: 11.89

Matched TTPs:

T1491.002 - External Defacement
T1590.006 - Network Security Appliances
T1090 - Proxy
T1219.001 - IDE Tunneling
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

Mofang

Score: 3.04

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service

MITREへのリンク →

Moses Staff

Score: 9.82

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship

MITREへのリンク →

TeamTNT

Score: 23.49

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1497.001 - System Checks
T1091 - Replication Through Removable Media
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1009 - Binary Padding
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1597 - Search Closed Sources

MITREへのリンク →

Metador

Score: 7.57

Matched TTPs:

T1491.002 - External Defacement
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution

MITREへのリンク →

Putter Panda

Score: 3.39

Matched TTPs:

T1491.002 - External Defacement
T1597 - Search Closed Sources

MITREへのリンク →

OilRig

Score: 42.84

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1574.014 - AppDomainManager
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1562 - Impair Defenses
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1009 - Binary Padding
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1592.002 - Software
T1556.009 - Conditional Access Policies
T1547.008 - LSASS Driver

MITREへのリンク →

APT32

Score: 29.37

Matched TTPs:

T1491.002 - External Defacement
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1547.005 - Security Support Provider
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Moonstone Sleet

Score: 16.74

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1027 - Obfuscated Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

ZIRCONIUM

Score: 17.65

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1558 - Steal or Forge Kerberos Tickets
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1547.002 - Authentication Package

MITREへのリンク →

Mustard Tempest

Score: 12.76

Matched TTPs:

T1682 - Query Public AI Services
T1543.003 - Windows Service
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI

MITREへのリンク →

Daggerfly

Score: 7.19

Matched TTPs:

T1584.008 - Network Devices
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

APT29

Score: 25.38

Matched TTPs:

T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1218.012 - Verclsid
T1218.005 - Mshta
T1608.005 - Link Target
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Dragonfly

Score: 30.27

Matched TTPs:

T1584.008 - Network Devices
T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1657 - Financial Theft
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1578.002 - Create Cloud Instance
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Axiom

Score: 20.19

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1049 - System Network Connections Discovery
T1562.013 - Disable or Modify Network Device Firewall
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

HEXANE

Score: 26.84

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1091 - Replication Through Removable Media
T1562 - Impair Defenses
T1547.005 - Security Support Provider
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1159 - Launch Agent

MITREへのリンク →

LuminousMoth

Score: 17.00

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1584.005 - Botnet
T1199 - Trusted Relationship

MITREへのリンク →

Salt Typhoon

Score: 13.41

Matched TTPs:

T1606.002 - SAML Tokens
T1497.001 - System Checks
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1199 - Trusted Relationship

MITREへのリンク →

Aoqin Dragon

Score: 7.92

Matched TTPs:

T1606.002 - SAML Tokens
T1558 - Steal or Forge Kerberos Tickets
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

FIN7

Score: 34.70

Matched TTPs:

T1606.002 - SAML Tokens
T1543.003 - Windows Service
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1009 - Binary Padding
T1011.001 - Exfiltration Over Bluetooth
T1218.012 - Verclsid
T1584.005 - Botnet
T1608.005 - Link Target
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1547.002 - Authentication Package

MITREへのリンク →

Scattered Spider

Score: 54.27

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1566.002 - Spearphishing Link
T1583.001 - Domains
T1547.005 - Security Support Provider
T1019 - System Firmware
T1590.006 - Network Security Appliances
T1136.002 - Domain Account
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1218.005 - Mshta
T1619 - Cloud Storage Object Discovery
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1030 - Data Transfer Size Limits
T1564.003 - Hidden Window
T1565.002 - Transmitted Data Manipulation
T1027.002 - Software Packing

MITREへのリンク →

Storm-0501

Score: 17.24

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1218.005 - Mshta
T1027 - Obfuscated Files or Information
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

BlackTech

Score: 5.26

Matched TTPs:

T1543.003 - Windows Service
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Confucius

Score: 8.59

Matched TTPs:

T1543.003 - Windows Service
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

Machete

Score: 3.21

Matched TTPs:

T1543.003 - Windows Service
T1059.012 - Hypervisor CLI

MITREへのリンク →

Evilnum

Score: 7.04

Matched TTPs:

T1543.003 - Windows Service
T1562 - Impair Defenses
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

EXOTIC LILY

Score: 12.25

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1183 - Image File Execution Options Injection
T1612 - Build Image on Host
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Molerats

Score: 3.50

Matched TTPs:

T1543.003 - Windows Service
T1562.012 - Disable or Modify Linux Audit System

MITREへのリンク →

Windshift

Score: 10.67

Matched TTPs:

T1543.003 - Windows Service
T1558 - Steal or Forge Kerberos Tickets
T1059.012 - Hypervisor CLI
T1159 - Launch Agent
T1547.008 - LSASS Driver

MITREへのリンク →

Cobalt Group

Score: 10.51

Matched TTPs:

T1543.003 - Windows Service
T1586.002 - Email Accounts
T1518.002 - Backup Software Discovery
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

FIN4

Score: 7.00

Matched TTPs:

T1543.003 - Windows Service
T1574.010 - Services File Permissions Weakness
T1157 - Dylib Hijacking

MITREへのリンク →

Patchwork

Score: 11.37

Matched TTPs:

T1543.003 - Windows Service
T1566.002 - Spearphishing Link
T1562.012 - Disable or Modify Linux Audit System
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

LazyScripter

Score: 14.94

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target

MITREへのリンク →

APT42

Score: 19.77

Matched TTPs:

T1543.003 - Windows Service
T1091 - Replication Through Removable Media
T1583.001 - Domains
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1612 - Build Image on Host
T1199 - Trusted Relationship
T1030 - Data Transfer Size Limits

MITREへのリンク →

Rocke

Score: 11.75

Matched TTPs:

T1497.001 - System Checks
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1612 - Build Image on Host
T1597 - Search Closed Sources

MITREへのリンク →

Silent Librarian

Score: 10.86

Matched TTPs:

T1566.002 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1584.005 - Botnet
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

CURIUM

Score: 15.69

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1183 - Image File Execution Options Injection
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1547.008 - LSASS Driver

MITREへのリンク →

Velvet Ant

Score: 11.40

Matched TTPs:

T1583.005 - Botnet
T1009 - Binary Padding
T1219.001 - IDE Tunneling
T1597 - Search Closed Sources
T1569.002 - Service Execution

MITREへのリンク →

DarkVishnya

Score: 6.48

Matched TTPs:

T1583.005 - Botnet
T1586.002 - Email Accounts
T1199 - Trusted Relationship

MITREへのリンク →

Strider

Score: 7.06

Matched TTPs:

T1574.014 - AppDomainManager
T1569.002 - Service Execution

MITREへのリンク →

Gamaredon Group

Score: 36.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1090 - Proxy
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1061 - Graphical User Interface
T1542.004 - ROMMONkit
T1547.002 - Authentication Package
T1203 - Exploitation for Client Execution

MITREへのリンク →

SideCopy

Score: 12.15

Matched TTPs:

T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1218.012 - Verclsid
T1657 - Financial Theft
T1159 - Launch Agent

MITREへのリンク →

BlackByte

Score: 19.54

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1009 - Binary Padding
T1590.006 - Network Security Appliances
T1134.001 - Token Impersonation/Theft
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

BackdoorDiplomacy

Score: 7.44

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1203 - Exploitation for Client Execution

MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.35

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Medusa Group

Score: 34.70

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1218.003 - CMSTP
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1552.003 - Shell History
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1598 - Phishing for Information
T1216 - System Script Proxy Execution

MITREへのリンク →

Cinnamon Tempest

Score: 6.27

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1552.003 - Shell History
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Winter Vivern

Score: 18.17

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1548 - Abuse Elevation Control Mechanism
T1090 - Proxy
T1219.001 - IDE Tunneling
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Volatile Cedar

Score: 5.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1002 - Data Compressed

MITREへのリンク →

Leafminer

Score: 8.63

Matched TTPs:

T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1059.012 - Hypervisor CLI

MITREへのリンク →

Stealth Falcon

Score: 9.81

Matched TTPs:

T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1556.009 - Conditional Access Policies

MITREへのリンク →

FIN6

Score: 20.35

Matched TTPs:

T1562 - Impair Defenses
T1562.012 - Disable or Modify Linux Audit System
T1612 - Build Image on Host
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1203 - Exploitation for Client Execution
T1505 - Server Software Component
T1547.008 - LSASS Driver

MITREへのリンク →

Carbanak

Score: 9.60

Matched TTPs:

T1586.002 - Email Accounts
T1009 - Binary Padding
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

TA551

Score: 4.53

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1218.012 - Verclsid

MITREへのリンク →

PLATINUM

Score: 6.62

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1203 - Exploitation for Client Execution
T1059.012 - Hypervisor CLI

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

LAPSUS$

Score: 28.30

Matched TTPs:

T1547.005 - Security Support Provider
T1562.012 - Disable or Modify Linux Audit System
T1019 - System Firmware
T1136.002 - Domain Account
T1619 - Cloud Storage Object Discovery
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1592.003 - Firmware
T1030 - Data Transfer Size Limits
T1564.003 - Hidden Window

MITREへのリンク →

APT38

Score: 16.35

Matched TTPs:

T1009 - Binary Padding
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

APT37

Score: 11.33

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

Ajax Security Team

Score: 4.58

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1547.008 - LSASS Driver

MITREへのリンク →

admin@338

Score: 4.26

Matched TTPs:

T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.010 - Regsvr32

MITREへのリンク →

Deep Panda

Score: 3.29

Matched TTPs:

T1177 - LSASS Driver

MITREへのリンク →

Andariel

Score: 9.56

Matched TTPs:

T1136.002 - Domain Account
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Windigo

Score: 5.81

Matched TTPs:

T1219.001 - IDE Tunneling
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

AppleJeus

Score: 5.81

Matched TTPs:

T1552.003 - Shell History
T1562.013 - Disable or Modify Network Device Firewall

MITREへのリンク →

Water Galura

Score: 4.86

Matched TTPs:

T1552.003 - Shell History
T1027 - Obfuscated Files or Information

MITREへのリンク →

POLONIUM

Score: 6.68

Matched TTPs:

T1608.005 - Link Target
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

Thrip

Score: 3.78

Matched TTPs:

T1199 - Trusted Relationship
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

RTM

Score: 4.69

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1059.012 - Hypervisor CLI

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1037.001 - Logon Script (Windows)

MITREへのリンク →

Sandworm Team

Score: 0.70

Matched TTPs:

T1157 - Dylib Hijacking
T1219.001 - IDE Tunneling
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1187 - Forced Authentication
T1606.002 - SAML Tokens
T1546.016 - Installer Packages
T1075 - Pass the Hash
T1218.010 - Regsvr32
T1558 - Steal or Forge Kerberos Tickets
T1547.002 - Authentication Package
T1583.005 - Botnet
T1199 - Trusted Relationship
T1543.003 - Windows Service
T1049 - System Network Connections Discovery
T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1027 - Obfuscated Files or Information
T1091 - Replication Through Removable Media
T1005 - Data from Local System

MITREへのリンク →

Kimsuky

Score: 0.68

Matched TTPs:

T1003.003 - NTDS
T1590.006 - Network Security Appliances
T1597 - Search Closed Sources
T1219.001 - IDE Tunneling
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1218.012 - Verclsid
T1606.002 - SAML Tokens
T1009 - Binary Padding
T1562.013 - Disable or Modify Network Device Firewall
T1560.001 - Archive via Utility
T1547.002 - Authentication Package
T1583.005 - Botnet
T1199 - Trusted Relationship
T1543.003 - Windows Service
T1608.005 - Link Target
T1055.014 - VDSO Hijacking
T1552.003 - Shell History
T1033 - System Owner/User Discovery
T1030 - Data Transfer Size Limits
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1565.002 - Transmitted Data Manipulation
T1091 - Replication Through Removable Media

MITREへのリンク →

Scattered Spider

Score: 0.66

Matched TTPs:

T1157 - Dylib Hijacking
T1590.006 - Network Security Appliances
T1597 - Search Closed Sources
T1219.001 - IDE Tunneling
T1218.005 - Mshta
T1136.002 - Domain Account
T1583.001 - Domains
T1019 - System Firmware
T1199 - Trusted Relationship
T1027.002 - Software Packing
T1619 - Cloud Storage Object Discovery
T1685.004 - Disable or Modify Linux Audit System Log
T1552.003 - Shell History
T1030 - Data Transfer Size Limits
T1564.003 - Hidden Window
T1566.002 - Spearphishing Link
T1565.002 - Transmitted Data Manipulation
T1027 - Obfuscated Files or Information
T1547.005 - Security Support Provider

MITREへのリンク →

Contagious Interview

Score: 0.57

Matched TTPs:

T1033 - System Owner/User Discovery
T1030 - Data Transfer Size Limits
T1608.005 - Link Target
T1597 - Search Closed Sources
T1221 - Template Injection
T1219.001 - IDE Tunneling
T1547.008 - LSASS Driver
T1183 - Image File Execution Options Injection
T1558 - Steal or Forge Kerberos Tickets
T1606.002 - SAML Tokens
T1547.005 - Security Support Provider
T1552.003 - Shell History
T1021.006 - Windows Remote Management
T1044 - File System Permissions Weakness
T1565.002 - Transmitted Data Manipulation
T1199 - Trusted Relationship
T1491.002 - External Defacement
T1091 - Replication Through Removable Media

MITREへのリンク →

(Don't) TrustConnect: It's a RAT in an RMM hat

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ