Trusted Design

New Dohdoor malware campaign targets education and health care

概要

A malicious campaign by threat actor UAT-10027 has been targeting education and healthcare sectors in the United States since December 2025. The campaign utilizes a new backdoor called Dohdoor, which employs DNS-over-HTTPS for stealthy command-and-control communications and can download and execute payloads reflectively. The multi-stage attack chain likely begins with phishing emails, followed by PowerShell scripts, batch files, and DLL sideloading techniques. Dohdoor uses various evasion methods, including API obfuscation, encrypted communications, and EDR bypasses. The campaign's infrastructure leverages Cloudflare services for stealth. While some techniques overlap with North Korean APT groups, the targeting differs from their typical focus.

Created: 2026-02-27

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 24.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
MITREへのリンク →

menuPass

Score: 19.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Wizard Spider

Score: 20.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1038 - DLL Search Order Hijacking
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 9.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 19.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

CopyKittens

Score: 7.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 58.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1685.001 - Disable or Modify Windows Event Log
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1584.002 - DNS Server
  • T1591.004 - Identify Roles
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 9.90
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Mustang Panda

Score: 56.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 11.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Chimera

Score: 27.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1592.003 - Firmware
  • T1591.004 - Identify Roles
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Sea Turtle

Score: 28.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 24.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 12.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 13.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1591.004 - Identify Roles
MITREへのリンク →

Agrius

Score: 18.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

GALLIUM

Score: 20.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1547.011 - Plist Modification
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

APT41

Score: 64.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1547.006 - Kernel Modules and Extensions
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1591.004 - Identify Roles
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 37.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 43.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 44.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

Sowbug

Score: 3.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1219.001 - IDE Tunneling
  • T1591.004 - Identify Roles
MITREへのリンク →

BRONZE BUTLER

Score: 26.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 28.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

Kimsuky

Score: 70.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 18.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 11.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 24.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Lotus Blossom

Score: 9.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 26.49
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 38.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 50.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 11.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

INC Ransom

Score: 10.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Akira

Score: 11.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 7.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1591.004 - Identify Roles
MITREへのリンク →

Ember Bear

Score: 34.18
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
MITREへのリンク →

Indrik Spider

Score: 19.53
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1546.016 - Installer Packages
MITREへのリンク →

Contagious Interview

Score: 46.41
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 70.96
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 17.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Lazarus Group

Score: 54.33
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1016.001 - Internet Connection Discovery
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1569.002 - Service Execution
MITREへのリンク →

TA577

Score: 6.16
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 22.01
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

LAPSUS$

Score: 40.81
Matched TTPs:
  • T1216.001 - PubPrn
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

TA551

Score: 12.65
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN6

Score: 10.70
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

ZIRCONIUM

Score: 24.18
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1547.002 - Authentication Package
  • T1591.004 - Identify Roles
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 35.02
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 13.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 48.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 39.81
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Threat Group-3390

Score: 29.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Axiom

Score: 16.90
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 23.72
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

LazyScripter

Score: 20.07
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 10.33
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 38.23
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 20.96
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1159 - Launch Agent
MITREへのリンク →

APT18

Score: 6.42
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

FIN7

Score: 45.02
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 20.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Moses Staff

Score: 8.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 35.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1547.006 - Kernel Modules and Extensions
  • T1597 - Search Closed Sources
  • T1137.003 - Outlook Forms
  • T1591.004 - Identify Roles
  • T1519 - Emond
MITREへのリンク →

Scattered Spider

Score: 47.03
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.005 - Mshta
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Storm-0501

Score: 11.79
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sidewinder

Score: 17.05
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 10.09
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT32

Score: 34.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

CURIUM

Score: 19.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 15.20
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

Cinnamon Tempest

Score: 10.34
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Velvet Ant

Score: 14.23
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

RTM

Score: 6.79
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Tonto Team

Score: 7.74
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
MITREへのリンク →

Higaisa

Score: 10.65
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-1811

Score: 18.72
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
MITREへのリンク →

Evilnum

Score: 3.09
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 6.91
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 16.55
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

BackdoorDiplomacy

Score: 8.28
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT19

Score: 5.92
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 9.17
Matched TTPs:
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 11.42
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

admin@338

Score: 6.27
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

Gorgon Group

Score: 5.17
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

APT38

Score: 23.34
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 7.08
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 40.13
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 17.34
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 17.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 21.74
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Rocke

Score: 20.23
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1547.006 - Kernel Modules and Extensions
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1008 - Fallback Channels
MITREへのリンク →

TA2541

Score: 14.31
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 9.45
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 12.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 8.87
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 14.03
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 24.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1598 - Phishing for Information
MITREへのリンク →

Blue Mockingbird

Score: 9.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1547.006 - Kernel Modules and Extensions
  • T1591.004 - Identify Roles
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

IndigoZebra

Score: 4.38
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Nomadic Octopus

Score: 3.14
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1591.004 - Identify Roles
MITREへのリンク →

Windshift

Score: 8.06
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PLATINUM

Score: 3.95
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Silence

Score: 9.41
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Leafminer

Score: 10.97
Matched TTPs:
  • T1101 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 4.26
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
MITREへのリンク →

Andariel

Score: 12.60
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Inception

Score: 11.25
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 7.46
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 10.48
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Stealth Falcon

Score: 5.59
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

SilverTerrier

Score: 3.62
Matched TTPs:
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

FIN10

Score: 3.23
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

APT37

Score: 9.65
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 4.62
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 4.08
Matched TTPs:
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1193 - Spearphishing Attachment
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1049 - System Network Connections Discovery
  • T1566.002 - Spearphishing Link
  • T1111 - Multi-Factor Authentication Interception
  • T1606.002 - SAML Tokens
  • T1546.016 - Installer Packages
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1075 - Pass the Hash
  • T1547.002 - Authentication Package
  • T1033 - System Owner/User Discovery
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1557.003 - DHCP Spoofing
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.018 - Invisible Unicode
  • T1087.004 - Cloud Account
  • T1564.008 - Email Hiding Rules
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Kimsuky

Score: 0.70
Matched TTPs:
  • T1608 - Stage Capabilities
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1606.002 - SAML Tokens
  • T1560.001 - Archive via Utility
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1555.003 - Credentials from Web Browsers
  • T1030 - Data Transfer Size Limits
  • T1547.002 - Authentication Package
  • T1033 - System Owner/User Discovery
  • T1219.001 - IDE Tunneling
  • T1557.003 - DHCP Spoofing
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1098.007 - Additional Local or Domain Groups
  • T1059.010 - AutoHotKey & AutoIT
  • T1016.001 - Internet Connection Discovery
  • T1027.018 - Invisible Unicode
  • T1041 - Exfiltration Over C2 Channel
  • T1608.005 - Link Target
  • T1008 - Fallback Channels
  • T1087.004 - Cloud Account
  • T1218.012 - Verclsid
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1051 - Shared Webroot
  • T1591.004 - Identify Roles
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1037.001 - Logon Script (Windows)
  • T1560.001 - Archive via Utility
  • T1564.003 - Hidden Window
  • T1030 - Data Transfer Size Limits
  • T1547.006 - Kernel Modules and Extensions
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1574.002 - DLL Side-Loading
  • T1089 - Disabling Security Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1008 - Fallback Channels
  • T1002 - Data Compressed
  • T1584.008 - Network Devices
  • T1045 - Software Packing
  • T1048 - Exfiltration Over Alternative Protocol
  • T1199 - Trusted Relationship
  • T1539 - Steal Web Session Cookie
  • T1591.004 - Identify Roles
  • T1573 - Encrypted Channel
  • T1177 - LSASS Driver
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Volt Typhoon

Score: 0.57
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1560.001 - Archive via Utility
  • T1685.001 - Disable or Modify Windows Event Log
  • T1546.016 - Installer Packages
  • T1057 - Process Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1547.005 - Security Support Provider
  • T1574.002 - DLL Side-Loading
  • T1159 - Launch Agent
  • T1569.002 - Service Execution
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.006 - Timestomp
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1584.002 - DNS Server
  • T1556.002 - Password Filter DLL
  • T1591.004 - Identify Roles
MITREへのリンク →

Mustang Panda

Score: 0.56
Matched TTPs:
  • T1608 - Stage Capabilities
  • T1218.010 - Regsvr32
  • T1037 - Boot or Logon Initialization Scripts
  • T1566.002 - Spearphishing Link
  • T1612 - Build Image on Host
  • T1606.002 - SAML Tokens
  • T1560.001 - Archive via Utility
  • T1555.003 - Credentials from Web Browsers
  • T1169 - Sudo
  • T1055.005 - Thread Local Storage
  • T1219.001 - IDE Tunneling
  • T1091 - Replication Through Removable Media
  • T1089 - Disabling Security Tools
  • T1159 - Launch Agent
  • T1098.007 - Additional Local or Domain Groups
  • T1059.010 - AutoHotKey & AutoIT
  • T1016.001 - Internet Connection Discovery
  • T1027.018 - Invisible Unicode
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1591.004 - Identify Roles
  • T1569.001 - Launchctl
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る