Trusted Design

New Dohdoor malware campaign targets education and health care

概要

A malicious campaign by threat actor UAT-10027 has been targeting education and healthcare sectors in the United States since December 2025. The campaign utilizes a new backdoor called Dohdoor, which employs DNS-over-HTTPS for stealthy command-and-control communications and can download and execute payloads reflectively. The multi-stage attack chain likely begins with phishing emails, followed by PowerShell scripts, batch files, and DLL sideloading techniques. Dohdoor uses various evasion methods, including API obfuscation, encrypted communications, and EDR bypasses. The campaign's infrastructure leverages Cloudflare services for stealth. While some techniques overlap with North Korean APT groups, the targeting differs from their typical focus.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 24.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1059.003 - Windows Command Shell
MITREへのリンク →

menuPass

Score: 19.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Wizard Spider

Score: 20.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1518.002 - Backup Software Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
  • T1555.004 - Windows Credential Manager
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 9.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Fox Kitten

Score: 19.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

CopyKittens

Score: 7.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 58.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1614 - System Location Discovery
  • T1059.003 - Windows Command Shell
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 9.90
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Mustang Panda

Score: 56.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

Play

Score: 11.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Chimera

Score: 27.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.004 - DNS
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1589.001 - Credentials
  • T1059.003 - Windows Command Shell
  • T1556.001 - Domain Controller Authentication
MITREへのリンク →

Sea Turtle

Score: 28.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 24.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.004 - DNS
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 12.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

APT5

Score: 13.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Agrius

Score: 18.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
MITREへのリンク →

GALLIUM

Score: 20.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT41

Score: 64.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1496.001 - Compute Hijacking
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1059.003 - Windows Command Shell
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 37.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 43.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Turla

Score: 44.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sowbug

Score: 3.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1083 - File and Directory Discovery
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BRONZE BUTLER

Score: 26.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 28.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Kimsuky

Score: 70.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT3

Score: 18.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN8

Score: 11.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

Ke3chang

Score: 24.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Lotus Blossom

Score: 9.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 26.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 38.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1583.004 - Server
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 50.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1591.001 - Determine Physical Locations
  • T1204.001 - Malicious Link
MITREへのリンク →

Aquatic Panda

Score: 11.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
MITREへのリンク →

INC Ransom

Score: 10.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Akira

Score: 11.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

ToddyCat

Score: 7.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Ember Bear

Score: 34.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Indrik Spider

Score: 19.53
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1584.004 - Server
MITREへのリンク →

Contagious Interview

Score: 46.41
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 70.96
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1590.001 - Domain Properties
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 17.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Lazarus Group

Score: 54.33
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA577

Score: 6.16
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 22.01
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

LAPSUS$

Score: 40.81
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

TA551

Score: 12.65
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
MITREへのリンク →

FIN6

Score: 10.70
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

ZIRCONIUM

Score: 24.18
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 35.02
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 13.21
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

APT29

Score: 48.65
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 39.81
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Threat Group-3390

Score: 29.20
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Axiom

Score: 16.90
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 23.72
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
MITREへのリンク →

LazyScripter

Score: 20.07
Matched TTPs:
  • T1071.004 - DNS
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 10.33
Matched TTPs:
  • T1071.004 - DNS
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

OilRig

Score: 38.23
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1555.004 - Windows Credential Manager
  • T1204.001 - Malicious Link
MITREへのリンク →

Tropic Trooper

Score: 20.96
Matched TTPs:
  • T1071.004 - DNS
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1518 - Software Discovery
MITREへのリンク →

APT18

Score: 6.42
Matched TTPs:
  • T1071.004 - DNS
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

FIN7

Score: 45.02
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

LuminousMoth

Score: 20.62
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 8.52
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 35.59
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1204.003 - Malicious Image
  • T1059.003 - Windows Command Shell
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Scattered Spider

Score: 47.03
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1021.007 - Cloud Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

Storm-0501

Score: 11.79
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Sidewinder

Score: 17.05
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 10.09
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

APT32

Score: 34.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

CURIUM

Score: 19.42
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Patchwork

Score: 15.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Cinnamon Tempest

Score: 10.34
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Velvet Ant

Score: 14.23
Matched TTPs:
  • T1574.001 - DLL
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

RTM

Score: 6.79
Matched TTPs:
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Tonto Team

Score: 7.74
Matched TTPs:
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Higaisa

Score: 10.65
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1090.001 - Internal Proxy
MITREへのリンク →

Storm-1811

Score: 18.72
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Evilnum

Score: 3.09
Matched TTPs:
  • T1574.001 - DLL
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 6.91
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 16.55
Matched TTPs:
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1614 - System Location Discovery
  • T1518 - Software Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 8.28
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

APT19

Score: 5.92
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 9.17
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 11.42
Matched TTPs:
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

admin@338

Score: 6.27
Matched TTPs:
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Gorgon Group

Score: 5.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT38

Score: 23.34
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 7.08
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gamaredon Group

Score: 40.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

TA505

Score: 17.34
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

Winter Vivern

Score: 17.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 21.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Rocke

Score: 20.23
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1496.001 - Compute Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA2541

Score: 14.31
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 9.45
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 12.62
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1059.003 - Windows Command Shell
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 8.87
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

APT42

Score: 14.03
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Medusa Group

Score: 24.92
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1059.003 - Windows Command Shell
  • T1650 - Acquire Access
MITREへのリンク →

Blue Mockingbird

Score: 9.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1496.001 - Compute Hijacking
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

IndigoZebra

Score: 4.38
Matched TTPs:
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

Nomadic Octopus

Score: 3.14
Matched TTPs:
  • T1036 - Masquerading
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Windshift

Score: 8.06
Matched TTPs:
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

PLATINUM

Score: 3.95
Matched TTPs:
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Silence

Score: 9.41
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Leafminer

Score: 10.97
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 4.26
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Andariel

Score: 12.60
Matched TTPs:
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Inception

Score: 11.25
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 7.46
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 10.48
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Stealth Falcon

Score: 5.59
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

FIN10

Score: 3.23
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.003 - Windows Command Shell
MITREへのリンク →

APT37

Score: 9.65
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 4.62
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Machete

Score: 4.08
Matched TTPs:
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1588.002 - Tool
  • T1195 - Supply Chain Compromise
  • T1486 - Data Encrypted for Impact
  • T1078 - Valid Accounts
  • T1090 - Proxy
  • T1036 - Masquerading
  • T1102.002 - Bidirectional Communication
  • T1583.001 - Domains
  • T1592.002 - Software
  • T1505.003 - Web Shell
  • T1598.003 - Spearphishing Link
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1590.001 - Domain Properties
  • T1204.001 - Malicious Link
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1608.001 - Upload Malware
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1491.002 - External Defacement
  • T1584.005 - Botnet
  • T1499 - Endpoint Denial of Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.004 - Server
  • T1583.004 - Server
  • T1587.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Kimsuky

Score: 0.70
Matched TTPs:
  • T1588.002 - Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1102.002 - Bidirectional Communication
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1598.003 - Spearphishing Link
  • T1591 - Gather Victim Org Information
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1083 - File and Directory Discovery
  • T1608.001 - Upload Malware
  • T1583 - Acquire Infrastructure
  • T1102.001 - Dead Drop Resolver
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1560.003 - Archive via Custom Method
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1552.001 - Credentials In Files
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
  • T1218.005 - Mshta
  • T1583.004 - Server
  • T1557 - Adversary-in-the-Middle
  • T1059.003 - Windows Command Shell
  • T1587.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1588.002 - Tool
  • T1071.004 - DNS
  • T1546.008 - Accessibility Features
  • T1486 - Data Encrypted for Impact
  • T1078 - Valid Accounts
  • T1090 - Proxy
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1213.003 - Code Repositories
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1071.002 - File Transfer Protocols
  • T1083 - File and Directory Discovery
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1218.001 - Compiled HTML File
  • T1496.001 - Compute Hijacking
  • T1595.003 - Wordlist Scanning
  • T1574.001 - DLL
  • T1059.003 - Windows Command Shell
  • T1596.005 - Scan Databases
MITREへのリンク →

Volt Typhoon

Score: 0.57
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1090 - Proxy
  • T1505.003 - Web Shell
  • T1591 - Gather Victim Org Information
  • T1010 - Application Window Discovery
  • T1584.008 - Network Devices
  • T1090.001 - Internal Proxy
  • T1584.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1518 - Software Discovery
  • T1584.005 - Botnet
  • T1614 - System Location Discovery
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.004 - Server
  • T1070.007 - Clear Network Connection History and Configurations
  • T1059.003 - Windows Command Shell
  • T1596.005 - Scan Databases
  • T1589 - Gather Victim Identity Information
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1588.002 - Tool
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
  • T1083 - File and Directory Discovery
  • T1608.001 - Upload Malware
  • T1678 - Delay Execution
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1518 - Software Discovery
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1574.001 - DLL
  • T1557 - Adversary-in-the-Middle
  • T1059.003 - Windows Command Shell
  • T1102 - Web Service
  • T1587.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る