Trusted Design

OAuth redirection abuse enables phishing and malware delivery

概要

Microsoft has discovered phishing campaigns exploiting OAuth's redirection mechanisms to bypass conventional defenses. Attackers create malicious applications with redirect URIs pointing to malicious domains, then distribute phishing links prompting targets to authenticate. The attack abuses OAuth's error handling to redirect users from trusted providers to attacker-controlled sites for phishing or malware delivery. Campaigns targeted government and public sectors using e-signature, financial, and political lures. Some attacks led to malware downloads and endpoint compromise via PowerShell and DLL side-loading. Mitigation involves governing OAuth apps, limiting user consent, reviewing permissions, and implementing cross-domain detection across email, identity, and endpoint.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 31.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1059 - Command and Scripting Interpreter
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1204.003 - Malicious Image
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

menuPass

Score: 20.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1001 - Data Obfuscation
MITREへのリンク →

Wizard Spider

Score: 34.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1038 - DLL Search Order Hijacking
  • T1589 - Gather Victim Identity Information
  • T1183 - Image File Execution Options Injection
  • T1003.001 - LSASS Memory
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 11.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 18.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
MITREへのリンク →

CopyKittens

Score: 4.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 53.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1685.001 - Disable or Modify Windows Event Log
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1166 - Setuid and Setgid
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT1

Score: 22.00
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1204.003 - Malicious Image
  • T1053.002 - At
MITREへのリンク →

Mustang Panda

Score: 64.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 15.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
MITREへのリンク →

Chimera

Score: 40.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1587.003 - Digital Certificates
  • T1089 - Disabling Security Tools
  • T1504 - PowerShell Profile
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1204.003 - Malicious Image
  • T1592.003 - Firmware
  • T1166 - Setuid and Setgid
  • T1059.003 - Windows Command Shell
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Sea Turtle

Score: 41.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 35.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
  • T1564.007 - VBA Stomping
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedCurl

Score: 20.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 18.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1166 - Setuid and Setgid
MITREへのリンク →

Agrius

Score: 19.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
MITREへのリンク →

GALLIUM

Score: 15.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT41

Score: 57.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 30.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 66.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1104 - Multi-Stage Channels
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1204.003 - Malicious Image
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 58.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1014 - Rootkit
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1003.001 - LSASS Memory
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sowbug

Score: 4.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1219.001 - IDE Tunneling
MITREへのリンク →

BRONZE BUTLER

Score: 14.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 24.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 112.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1602.002 - Network Device Configuration Dump
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1204.003 - Malicious Image
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1132.002 - Non-Standard Encoding
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1053.002 - At
MITREへのリンク →

APT3

Score: 22.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 15.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1504 - PowerShell Profile
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 26.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1204.003 - Malicious Image
MITREへのリンク →

Lotus Blossom

Score: 12.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1504 - PowerShell Profile
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
MITREへのリンク →

FIN13

Score: 30.90
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1144 - Gatekeeper Bypass
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Earth Lusca

Score: 33.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1504 - PowerShell Profile
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 71.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1045 - Software Packing
  • T1504 - PowerShell Profile
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1204.003 - Malicious Image
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1166 - Setuid and Setgid
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

Aquatic Panda

Score: 18.41
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1589 - Gather Victim Identity Information
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
MITREへのリンク →

INC Ransom

Score: 17.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 17.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1504 - PowerShell Profile
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 13.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1166 - Setuid and Setgid
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 38.36
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 21.94
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1166 - Setuid and Setgid
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
MITREへのリンク →

Contagious Interview

Score: 60.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1059.006 - Python
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 90.10
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1596.003 - Digital Certificates
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1087.004 - Cloud Account
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 34.12
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1204.003 - Malicious Image
  • T1168 - Local Job Scheduling
MITREへのリンク →

Lazarus Group

Score: 68.75
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA577

Score: 9.32
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 31.33
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT38

Score: 32.27
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ajax Security Team

Score: 7.39
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

Darkhotel

Score: 11.50
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 7.80
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1218.010 - Regsvr32
MITREへのリンク →

Threat Group-3390

Score: 34.38
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1001 - Data Obfuscation
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

PLATINUM

Score: 9.11
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

FIN4

Score: 13.84
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
  • T1204.003 - Malicious Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 51.75
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.014 - AppDomainManager
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 31.74
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1599 - Network Boundary Bridging
  • T1030 - Data Transfer Size Limits
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

HEXANE

Score: 32.85
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1499.003 - Application Exhaustion Flood
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
MITREへのリンク →

APT32

Score: 42.29
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 25.57
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1098.007 - Additional Local or Domain Groups
  • T1562.012 - Disable or Modify Linux Audit System
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 52.04
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1050 - New Service
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 17.40
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Daggerfly

Score: 13.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 38.84
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1560 - Archive Collected Data
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1104 - Multi-Stage Channels
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1204.003 - Malicious Image
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 51.58
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1204.003 - Malicious Image
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Axiom

Score: 27.25
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LazyScripter

Score: 19.25
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 14.44
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 15.49
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1003.001 - LSASS Memory
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

APT18

Score: 5.47
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
MITREへのリンク →

FIN7

Score: 45.67
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 24.23
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 22.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 15.14
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

Aoqin Dragon

Score: 5.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Moses Staff

Score: 8.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 19.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1560 - Archive Collected Data
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
MITREへのリンク →

Scattered Spider

Score: 62.99
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1087.004 - Cloud Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027.005 - Indicator Removal from Tools
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1498 - Network Denial of Service
MITREへのリンク →

Storm-0501

Score: 22.51
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1560 - Archive Collected Data
  • T1504 - PowerShell Profile
  • T1552.003 - Shell History
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

FIN6

Score: 19.51
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1547.008 - LSASS Driver
MITREへのリンク →

BlackTech

Score: 9.23
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 12.80
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mofang

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 16.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 6.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 8.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 14.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Evilnum

Score: 4.54
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 22.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 9.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 7.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA2541

Score: 19.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 29.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1098.007 - Additional Local or Domain Groups
  • T1504 - PowerShell Profile
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 21.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 22.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1166 - Setuid and Setgid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 14.90
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 24.34
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1087.004 - Cloud Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 15.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

admin@338

Score: 5.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

WIRTE

Score: 4.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Gamaredon Group

Score: 48.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 6.71
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 14.18
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

TA551

Score: 8.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

RTM

Score: 7.66
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Higaisa

Score: 9.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

Gorgon Group

Score: 10.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1001 - Data Obfuscation
MITREへのリンク →

Naikon

Score: 4.90
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1166 - Setuid and Setgid
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

APT19

Score: 7.97
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Ferocious Kitten

Score: 3.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

Malteiro

Score: 5.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 13.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1053.002 - At
MITREへのリンク →

Andariel

Score: 12.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 8.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 3.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

IndigoZebra

Score: 7.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

DarkHydrus

Score: 5.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1531 - Account Access Removal
MITREへのリンク →

Rancor

Score: 4.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →

Cinnamon Tempest

Score: 12.63
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
MITREへのリンク →

Velvet Ant

Score: 13.04
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 10.01
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

BlackByte

Score: 37.80
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1504 - PowerShell Profile
  • T1175 - Component Object Model and Distributed COM
  • T1562.010 - Downgrade Attack
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1001 - Data Obfuscation
  • T1027 - Obfuscated Files or Information
  • T1166 - Setuid and Setgid
MITREへのリンク →

LAPSUS$

Score: 49.95
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Rocke

Score: 15.04
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1008 - Fallback Channels
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 28.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
MITREへのリンク →

Blue Mockingbird

Score: 11.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1505 - Server Software Component
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Stealth Falcon

Score: 7.65
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1087.004 - Cloud Account
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 8.63
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1204.003 - Malicious Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Deep Panda

Score: 7.80
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Windigo

Score: 5.41
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Dark Caracal

Score: 5.59
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

DarkVishnya

Score: 3.37
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
MITREへのリンク →

FIN5

Score: 4.80
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1602.002 - Network Device Configuration Dump
  • T1183 - Image File Execution Options Injection
  • T1027.014 - Polymorphic Code
  • T1091 - Replication Through Removable Media
  • T1690 - Prevent Command History Logging
  • T1003.003 - NTDS
  • T1562.012 - Disable or Modify Linux Audit System
  • T1053.002 - At
  • T1199 - Trusted Relationship
  • T1134.002 - Create Process with Token
  • T1608 - Stage Capabilities
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1009 - Binary Padding
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1197 - BITS Jobs
  • T1030 - Data Transfer Size Limits
  • T1102.003 - One-Way Communication
  • T1555.003 - Credentials from Web Browsers
  • T1132.002 - Non-Standard Encoding
  • T1140 - Deobfuscate/Decode Files or Information
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1213.006 - Databases
  • T1608.005 - Link Target
  • T1204.003 - Malicious Image
  • T1041 - Exfiltration Over C2 Channel
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1037 - Boot or Logon Initialization Scripts
  • T1008 - Fallback Channels
  • T1024 - Custom Cryptographic Protocol
  • T1218.012 - Verclsid
  • T1033 - System Owner/User Discovery
  • T1055.014 - VDSO Hijacking
  • T1001 - Data Obfuscation
  • T1098.007 - Additional Local or Domain Groups
  • T1219.001 - IDE Tunneling
  • T1560.001 - Archive via Utility
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1573 - Encrypted Channel
  • T1183 - Image File Execution Options Injection
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1111 - Multi-Factor Authentication Interception
  • T1193 - Spearphishing Attachment
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
  • T1598.003 - Spearphishing Link
  • T1055.004 - Asynchronous Procedure Call
  • T1564.008 - Email Hiding Rules
  • T1547.002 - Authentication Package
  • T1027 - Obfuscated Files or Information
  • T1075 - Pass the Hash
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1102.003 - One-Way Communication
  • T1049 - System Network Connections Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1140 - Deobfuscate/Decode Files or Information
  • T1187 - Forced Authentication
  • T1484.002 - Trust Modification
  • T1166 - Setuid and Setgid
  • T1596.003 - Digital Certificates
  • T1157 - Dylib Hijacking
  • T1543.003 - Windows Service
  • T1045 - Software Packing
  • T1087.004 - Cloud Account
  • T1005 - Data from Local System
  • T1546.016 - Installer Packages
  • T1218.010 - Regsvr32
  • T1033 - System Owner/User Discovery
  • T1098.007 - Additional Local or Domain Groups
  • T1219.001 - IDE Tunneling
  • T1063 - Security Software Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る