Trusted Design

Botnet Trojan delivered through ClickFix and EtherHiding

概要

A sophisticated phishing campaign impersonating Tesseract OCR was discovered, utilizing typosquatting and ClickFix techniques. The attack chain, named OCRFix, employed multi-stage malware deployments with heavy obfuscation and defense evasion techniques, including EtherHiding. The campaign used BNB Smart Chain TestNet to hide C2 domains through smart contracts. The malware delivery process involved three stages: a loader, a secondary loader for persistence, and a bot listener. The final payload connected to a bot control panel, allowing attackers to manage infected hosts and deploy additional malware. The campaign demonstrated a combination of simple initial access methods with complex delivery chains, highlighting the ongoing effectiveness of techniques like ClickFix and the importance of robust phishing defenses.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 105.98
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1585.002 - Email Accounts
  • T1593.002 - Search Engines
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1111 - Multi-Factor Authentication Interception
  • T1550.002 - Pass the Hash
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 29.08
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.004 - Digital Certificates
  • T1583.002 - DNS Server
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 48.14
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1090.003 - Multi-hop Proxy
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1585 - Establish Accounts
  • T1595.001 - Scanning IP Blocks
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 19.88
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1585.002 - Email Accounts
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Agrius

Score: 18.06
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Contagious Interview

Score: 56.54
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1585 - Establish Accounts
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 72.54
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Star Blizzard

Score: 23.38
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Lazarus Group

Score: 69.38
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1046 - Network Service Discovery
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Moonstone Sleet

Score: 31.09
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1591 - Gather Victim Org Information
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Volt Typhoon

Score: 67.19
Matched TTPs:
  • T1592 - Gather Victim Host Information
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT41

Score: 54.01
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA551

Score: 9.51
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1218.005 - Mshta
  • T1027.003 - Steganography
MITREへのリンク →

APT28

Score: 54.58
Matched TTPs:
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1221 - Template Injection
  • T1550.002 - Pass the Hash
MITREへのリンク →

ZIRCONIUM

Score: 28.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1665 - Hide Infrastructure
MITREへのリンク →

Leviathan

Score: 42.01
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Mustard Tempest

Score: 16.04
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
MITREへのリンク →

Daggerfly

Score: 7.19
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

GALLIUM

Score: 23.91
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT29

Score: 54.00
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1665 - Hide Infrastructure
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 31.05
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1090.001 - Internal Proxy
MITREへのリンク →

Dragonfly

Score: 47.45
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1598.002 - Spearphishing Attachment
  • T1564.002 - Hidden Users
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Ke3chang

Score: 20.88
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1018 - Remote System Discovery
MITREへのリンク →

APT5

Score: 11.41
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
MITREへのリンク →

menuPass

Score: 18.68
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Threat Group-3390

Score: 30.10
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Wizard Spider

Score: 26.41
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1555.004 - Windows Credential Manager
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Silent Librarian

Score: 18.82
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1588.004 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

EXOTIC LILY

Score: 20.89
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

Mustang Panda

Score: 58.67
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

UNC3886

Score: 26.30
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 18.85
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

BlackTech

Score: 10.18
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
MITREへのリンク →

Axiom

Score: 20.19
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 36.90
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
MITREへのリンク →

OilRig

Score: 44.64
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gamaredon Group

Score: 54.73
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1221 - Template Injection
MITREへのリンク →

Turla

Score: 49.28
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Salt Typhoon

Score: 10.38
Matched TTPs:
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 13.17
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 16.77
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1056.002 - GUI Input Capture
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
MITREへのリンク →

Moses Staff

Score: 9.99
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 37.04
Matched TTPs:
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1610 - Deploy Container
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN7

Score: 48.33
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
MITREへのリンク →

Scattered Spider

Score: 61.00
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
MITREへのリンク →

Storm-0501

Score: 23.06
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1036.004 - Masquerade Task or Service
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

MuddyWater

Score: 37.38
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518 - Software Discovery
MITREへのリンク →

Confucius

Score: 10.44
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

Sidewinder

Score: 15.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Elderwood

Score: 4.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 9.26
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN8

Score: 10.13
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

APT32

Score: 37.46
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT3

Score: 18.53
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1018 - Remote System Discovery
MITREへのリンク →

APT1

Score: 14.51
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT33

Score: 7.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Molerats

Score: 3.01
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Magic Hound

Score: 55.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windshift

Score: 10.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 9.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN4

Score: 9.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1056.002 - GUI Input Capture
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

TA2541

Score: 14.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Earth Lusca

Score: 39.55
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Storm-1811

Score: 22.35
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 11.30
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA505

Score: 16.47
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

LazyScripter

Score: 14.27
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

APT42

Score: 22.85
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

APT39

Score: 22.43
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Rocke

Score: 29.26
Matched TTPs:
  • T1070.002 - Clear Linux or Mac System Logs
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

CURIUM

Score: 22.26
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HAFNIUM

Score: 24.11
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1018 - Remote System Discovery
MITREへのリンク →

INC Ransom

Score: 20.63
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
MITREへのリンク →

Velvet Ant

Score: 12.24
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
MITREへのリンク →

BRONZE BUTLER

Score: 18.08
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Gorgon Group

Score: 4.21
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT38

Score: 25.08
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Darkhotel

Score: 10.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Winter Vivern

Score: 16.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1056.003 - Web Portal Capture
  • T1036.004 - Masquerade Task or Service
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

BlackByte

Score: 23.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Cinnamon Tempest

Score: 10.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Tropic Trooper

Score: 22.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1221 - Template Injection
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Malteiro

Score: 4.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
MITREへのリンク →

APT19

Score: 5.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

Higaisa

Score: 13.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1090.001 - Internal Proxy
MITREへのリンク →

SideCopy

Score: 12.15
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

BITTER

Score: 11.55
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 10.31
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

BackdoorDiplomacy

Score: 14.43
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
MITREへのリンク →

Medusa Group

Score: 35.00
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Fox Kitten

Score: 26.70
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1585 - Establish Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

ToddyCat

Score: 9.61
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1049 - System Network Connections Discovery
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

Akira

Score: 18.30
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

IndigoZebra

Score: 4.38
Matched TTPs:
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

LAPSUS$

Score: 47.65
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Carbanak

Score: 9.11
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

Tonto Team

Score: 6.01
Matched TTPs:
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN5

Score: 9.09
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Silence

Score: 6.56
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Leafminer

Score: 12.98
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

admin@338

Score: 4.70
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Lotus Blossom

Score: 13.04
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Stealth Falcon

Score: 5.09
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Naikon

Score: 6.87
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Chimera

Score: 23.13
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1556.001 - Domain Controller Authentication
  • T1111 - Multi-Factor Authentication Interception
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Aquatic Panda

Score: 9.95
Matched TTPs:
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1550.002 - Pass the Hash
MITREへのリンク →

Andariel

Score: 14.33
Matched TTPs:
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 5.23
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN6

Score: 14.52
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PROMETHIUM

Score: 3.86
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1189 - Drive-by Compromise
MITREへのリンク →

Inception

Score: 15.85
Matched TTPs:
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1518 - Software Discovery
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

DarkVishnya

Score: 5.14
Matched TTPs:
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1046 - Network Service Discovery
MITREへのリンク →

DarkHydrus

Score: 4.00
Matched TTPs:
  • T1588.002 - Tool
  • T1221 - Template Injection
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
MITREへのリンク →

APT37

Score: 10.98
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1587.001 - Malware
  • T1550.002 - Pass the Hash
  • T1598.003 - Spearphishing Link
  • T1594 - Search Victim-Owned Websites
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1588.005 - Exploits
  • T1657 - Financial Theft
  • T1562.004 - Disable or Modify System Firewall
  • T1585 - Establish Accounts
  • T1218.005 - Mshta
  • T1190 - Exploit Public-Facing Application
  • T1591 - Gather Victim Org Information
  • T1608.001 - Upload Malware
  • T1534 - Internal Spearphishing
  • T1583.006 - Web Services
  • T1585.002 - Email Accounts
  • T1566 - Phishing
  • T1593.001 - Social Media
  • T1583.004 - Server
  • T1583 - Acquire Infrastructure
  • T1656 - Impersonation
  • T1505.003 - Web Shell
  • T1027.012 - LNK Icon Smuggling
  • T1027 - Obfuscated Files or Information
  • T1071.002 - File Transfer Protocols
  • T1566.002 - Spearphishing Link
  • T1588.002 - Tool
  • T1552.001 - Credentials In Files
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1111 - Multi-Factor Authentication Interception
  • T1564.002 - Hidden Users
  • T1562.001 - Disable or Modify Tools
  • T1102.001 - Dead Drop Resolver
  • T1583.001 - Domains
  • T1140 - Deobfuscate/Decode Files or Information
  • T1593.002 - Search Engines
  • T1593 - Search Open Websites/Domains
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る