Trusted Design

OAuth redirection abuse enables phishing and malware delivery

概要

Microsoft has discovered phishing campaigns exploiting OAuth's redirection mechanisms to bypass conventional defenses. Attackers create malicious applications with redirect URIs pointing to malicious domains, then distribute phishing links prompting targets to authenticate. The attack abuses OAuth's error handling to redirect users from trusted providers to attacker-controlled sites for phishing or malware delivery. Campaigns targeted government and public sectors using e-signature, financial, and political lures. Some attacks led to malware downloads and endpoint compromise via PowerShell and DLL side-loading. Mitigation involves governing OAuth apps, limiting user consent, reviewing permissions, and implementing cross-domain detection across email, identity, and endpoint.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 31.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1114.002 - Remote Email Collection
  • T1550.001 - Application Access Token
MITREへのリンク →

menuPass

Score: 20.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1055.012 - Process Hollowing
MITREへのリンク →

Wizard Spider

Score: 34.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1518.002 - Backup Software Discovery
  • T1021 - Remote Services
  • T1585.002 - Email Accounts
  • T1547.004 - Winlogon Helper DLL
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Fox Kitten

Score: 18.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1110 - Brute Force
  • T1078 - Valid Accounts
MITREへのリンク →

CopyKittens

Score: 4.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 53.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1078.002 - Domain Accounts
  • T1584.004 - Server
  • T1596.005 - Scan Databases
MITREへのリンク →

APT1

Score: 22.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1114.002 - Remote Email Collection
  • T1584.001 - Domains
MITREへのリンク →

Mustang Panda

Score: 64.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1176.002 - IDE Extensions
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

Play

Score: 15.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
MITREへのリンク →

Chimera

Score: 40.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.004 - DNS
  • T1114.001 - Local Email Collection
  • T1574.001 - DLL
  • T1482 - Domain Trust Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1114.002 - Remote Email Collection
  • T1589.001 - Credentials
  • T1078.002 - Domain Accounts
  • T1556.001 - Domain Controller Authentication
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Sea Turtle

Score: 41.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 35.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1546.010 - AppInit DLLs
  • T1204.001 - Malicious Link
MITREへのリンク →

RedCurl

Score: 20.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1204.001 - Malicious Link
MITREへのリンク →

APT5

Score: 18.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078.002 - Domain Accounts
MITREへのリンク →

Agrius

Score: 19.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
MITREへのリンク →

GALLIUM

Score: 15.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

APT41

Score: 57.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 30.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 66.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1528 - Steal Application Access Token
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1114.002 - Remote Email Collection
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1204.001 - Malicious Link
  • T1550.001 - Application Access Token
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Turla

Score: 58.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1134.002 - Create Process with Token
  • T1547.004 - Winlogon Helper DLL
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Sowbug

Score: 4.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1083 - File and Directory Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 14.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 24.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 112.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1176.001 - Browser Extensions
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1185 - Browser Session Hijacking
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1111 - Multi-Factor Authentication Interception
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
  • T1584.001 - Domains
MITREへのリンク →

APT3

Score: 22.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN8

Score: 15.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1482 - Domain Trust Discovery
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1204.001 - Malicious Link
MITREへのリンク →

Ke3chang

Score: 26.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1114.002 - Remote Email Collection
MITREへのリンク →

Lotus Blossom

Score: 12.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1482 - Domain Trust Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN13

Score: 30.90
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1087 - Account Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1556 - Modify Authentication Process
MITREへのリンク →

Earth Lusca

Score: 33.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1482 - Domain Trust Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 71.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1114.001 - Local Email Collection
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1090 - Proxy
  • T1482 - Domain Trust Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1114.002 - Remote Email Collection
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1078.002 - Domain Accounts
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1584.001 - Domains
MITREへのリンク →

Aquatic Panda

Score: 18.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1574.001 - DLL
  • T1021 - Remote Services
  • T1087 - Account Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
MITREへのリンク →

INC Ransom

Score: 17.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Akira

Score: 17.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1482 - Domain Trust Discovery
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

ToddyCat

Score: 13.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1078.002 - Domain Accounts
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 38.36
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1021 - Remote Services
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 21.94
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1078.002 - Domain Accounts
  • T1136 - Create Account
  • T1584.004 - Server
MITREへのリンク →

Contagious Interview

Score: 60.66
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1543.001 - Launch Agent
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 90.10
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1056.001 - Keylogging
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1041 - Exfiltration Over C2 Channel
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1590.001 - Domain Properties
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 34.12
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1114.002 - Remote Email Collection
  • T1550.004 - Web Session Cookie
MITREへのリンク →

Lazarus Group

Score: 68.75
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1583.001 - Domains
  • T1218 - System Binary Proxy Execution
  • T1547.009 - Shortcut Modification
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1134.002 - Create Process with Token
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA577

Score: 9.32
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 31.33
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1583.003 - Virtual Private Server
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT38

Score: 32.27
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Ajax Security Team

Score: 7.39
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 11.50
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tonto Team

Score: 7.80
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Threat Group-3390

Score: 34.38
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1055.012 - Process Hollowing
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

PLATINUM

Score: 9.11
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

FIN4

Score: 13.84
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
  • T1114.002 - Remote Email Collection
  • T1204.001 - Malicious Link
MITREへのリンク →

OilRig

Score: 51.75
Matched TTPs:
  • T1056.001 - Keylogging
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1556.002 - Password Filter DLL
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 31.74
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1656 - Impersonation
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

HEXANE

Score: 32.85
Matched TTPs:
  • T1056.001 - Keylogging
  • T1583.002 - DNS Server
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT32

Score: 42.29
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

ZIRCONIUM

Score: 25.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1583.001 - Domains
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 52.04
Matched TTPs:
  • T1584.008 - Network Devices
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 17.40
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1584.001 - Domains
MITREへのリンク →

Daggerfly

Score: 13.21
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

APT29

Score: 38.84
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1059.009 - Cloud API
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1528 - Steal Application Access Token
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1114.002 - Remote Email Collection
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 51.58
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1114.002 - Remote Email Collection
  • T1187 - Forced Authentication
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Axiom

Score: 27.25
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 19.25
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 14.44
Matched TTPs:
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Tropic Trooper

Score: 15.49
Matched TTPs:
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1547.004 - Winlogon Helper DLL
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT18

Score: 5.47
Matched TTPs:
  • T1071.004 - DNS
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

FIN7

Score: 45.67
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
MITREへのリンク →

Winter Vivern

Score: 24.23
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

LuminousMoth

Score: 22.07
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 15.14
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

Aoqin Dragon

Score: 5.74
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Moses Staff

Score: 8.52
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 19.13
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1562.004 - Disable or Modify System Firewall
  • T1059.009 - Cloud API
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Scattered Spider

Score: 62.99
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1087 - Account Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1556.006 - Multi-Factor Authentication
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1136 - Create Account
MITREへのリンク →

Storm-0501

Score: 22.51
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1059.009 - Cloud API
  • T1482 - Domain Trust Discovery
  • T1657 - Financial Theft
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 19.51
Matched TTPs:
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1134 - Access Token Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BlackTech

Score: 9.23
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 12.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Mofang

Score: 3.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Sidewinder

Score: 16.63
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 6.94
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Machete

Score: 8.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 14.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1584.001 - Domains
MITREへのリンク →

Evilnum

Score: 4.54
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 22.37
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Molerats

Score: 9.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1555.003 - Credentials from Web Browsers
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 7.97
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA2541

Score: 19.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 29.30
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1583.001 - Domains
  • T1482 - Domain Trust Discovery
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 21.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA505

Score: 22.24
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1078.002 - Domain Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 14.90
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1585.002 - Email Accounts
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 24.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 15.07
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
MITREへのリンク →

admin@338

Score: 5.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

WIRTE

Score: 4.47
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 48.69
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 6.71
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Inception

Score: 14.18
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA551

Score: 8.48
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
MITREへのリンク →

RTM

Score: 7.66
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Higaisa

Score: 9.92
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Gorgon Group

Score: 10.29
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1547.009 - Shortcut Modification
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
MITREへのリンク →

Naikon

Score: 4.90
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1078.002 - Domain Accounts
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT19

Score: 7.97
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1583.001 - Domains
  • T1588.002 - Tool
MITREへのリンク →

Malteiro

Score: 5.45
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1657 - Financial Theft
MITREへのリンク →

SideCopy

Score: 13.83
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1584.001 - Domains
MITREへのリンク →

Andariel

Score: 12.17
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT37

Score: 8.58
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Silence

Score: 3.15
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

IndigoZebra

Score: 7.92
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1586.002 - Email Accounts
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

DarkHydrus

Score: 5.86
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1187 - Forced Authentication
MITREへのリンク →

Rancor

Score: 4.16
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
MITREへのリンク →

Cinnamon Tempest

Score: 12.63
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1078.002 - Domain Accounts
MITREへのリンク →

Velvet Ant

Score: 13.04
Matched TTPs:
  • T1574.001 - DLL
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

BackdoorDiplomacy

Score: 10.01
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
MITREへのリンク →

BlackByte

Score: 37.80
Matched TTPs:
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1482 - Domain Trust Discovery
  • T1583.003 - Virtual Private Server
  • T1480 - Execution Guardrails
  • T1491.001 - Internal Defacement
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1055.012 - Process Hollowing
  • T1486 - Data Encrypted for Impact
  • T1078.002 - Domain Accounts
MITREへのリンク →

LAPSUS$

Score: 49.95
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Rocke

Score: 15.04
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Medusa Group

Score: 28.78
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
MITREへのリンク →

Blue Mockingbird

Score: 11.25
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Stealth Falcon

Score: 7.65
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1041 - Exfiltration Over C2 Channel
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Leafminer

Score: 8.63
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1114.002 - Remote Email Collection
  • T1189 - Drive-by Compromise
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1218.010 - Regsvr32
MITREへのリンク →

Windigo

Score: 5.41
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Dark Caracal

Score: 5.59
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

DarkVishnya

Score: 3.37
Matched TTPs:
  • T1588.002 - Tool
  • T1110 - Brute Force
MITREへのリンク →

FIN5

Score: 4.80
Matched TTPs:
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1566.002 - Spearphishing Link
  • T1557 - Adversary-in-the-Middle
  • T1593 - Search Open Websites/Domains
  • T1185 - Browser Session Hijacking
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1505.003 - Web Shell
  • T1055.012 - Process Hollowing
  • T1589.002 - Email Addresses
  • T1102.001 - Dead Drop Resolver
  • T1027.012 - LNK Icon Smuggling
  • T1588.005 - Exploits
  • T1102.002 - Bidirectional Communication
  • T1562.004 - Disable or Modify System Firewall
  • T1204.001 - Malicious Link
  • T1566.001 - Spearphishing Attachment
  • T1584.001 - Domains
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1555.003 - Credentials from Web Browsers
  • T1114.002 - Remote Email Collection
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1176.001 - Browser Extensions
  • T1566 - Phishing
  • T1560.001 - Archive via Utility
  • T1041 - Exfiltration Over C2 Channel
  • T1598 - Phishing for Information
  • T1656 - Impersonation
  • T1593.001 - Social Media
  • T1111 - Multi-Factor Authentication Interception
  • T1587.001 - Malware
  • T1218.005 - Mshta
  • T1583.001 - Domains
  • T1586.002 - Email Accounts
  • T1056.001 - Keylogging
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1583 - Acquire Infrastructure
  • T1566.002 - Spearphishing Link
  • T1078.002 - Domain Accounts
  • T1486 - Data Encrypted for Impact
  • T1593 - Search Open Websites/Domains
  • T1591.002 - Business Relationships
  • T1203 - Exploitation for Client Execution
  • T1491.002 - External Defacement
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1505.003 - Web Shell
  • T1213.006 - Databases
  • T1589.002 - Email Addresses
  • T1102.002 - Bidirectional Communication
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1204.001 - Malicious Link
  • T1566.001 - Spearphishing Attachment
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1195 - Supply Chain Compromise
  • T1590.001 - Domain Properties
  • T1555.003 - Credentials from Web Browsers
  • T1499 - Endpoint Denial of Service
  • T1083 - File and Directory Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1584.005 - Botnet
  • T1592.002 - Software
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1586.001 - Social Media Accounts
  • T1583.001 - Domains
  • T1056.001 - Keylogging
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る