Pulse Detail-

Mustang Panda

Score: 31.98

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1569.001 - Launchctl
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Kimsuky

Score: 61.42

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1683.001 - Written Content
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1218.012 - Verclsid
T1608.005 - Link Target
T1057 - Process Discovery
T1041 - Exfiltration Over C2 Channel
T1055.014 - VDSO Hijacking
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1690 - Prevent Command History Logging
T1656 - Impersonation
T1132.002 - Non-Standard Encoding
T1027.018 - Invisible Unicode
T1003.003 - NTDS

MITREへのリンク →

Sea Turtle

Score: 18.31

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1059.013 - Container CLI/API

MITREへのリンク →

Contagious Interview

Score: 42.96

Matched TTPs:

T1044 - File System Permissions Weakness
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1021.006 - Windows Remote Management
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1690 - Prevent Command History Logging
T1656 - Impersonation
T1221 - Template Injection
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Ember Bear

Score: 26.09

Matched TTPs:

T1564.008 - Email Hiding Rules
T1584.008 - Network Devices
T1195.001 - Compromise Software Dependencies and Development Tools
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1656 - Impersonation
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 36.67

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1193 - Spearphishing Attachment
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1218.010 - Regsvr32
T1075 - Pass the Hash
T1027.018 - Invisible Unicode

MITREへのリンク →

Volt Typhoon

Score: 34.16

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1176 - Software Extensions
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1057 - Process Discovery
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1065 - Uncommonly Used Port
T1574.002 - DLL Side-Loading

MITREへのリンク →

APT28

Score: 26.23

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1057 - Process Discovery
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

ZIRCONIUM

Score: 11.55

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1566.002 - Spearphishing Link
T1588.001 - Malware
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Leviathan

Score: 17.42

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1055.014 - VDSO Hijacking
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Daggerfly

Score: 3.95

Matched TTPs:

T1584.008 - Network Devices
T1027.018 - Invisible Unicode

MITREへのリンク →

GALLIUM

Score: 8.10

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

APT29

Score: 29.72

Matched TTPs:

T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1218.012 - Verclsid
T1218.005 - Mshta
T1608.005 - Link Target
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

FIN13

Score: 15.10

Matched TTPs:

T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1199 - Trusted Relationship

MITREへのリンク →

Dragonfly

Score: 26.96

Matched TTPs:

T1584.008 - Network Devices
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1193 - Spearphishing Attachment
T1219.001 - IDE Tunneling
T1657 - Financial Theft
T1041 - Exfiltration Over C2 Channel
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1157 - Dylib Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

Ke3chang

Score: 16.32

Matched TTPs:

T1584.008 - Network Devices
T1195.001 - Compromise Software Dependencies and Development Tools
T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Agrius

Score: 10.15

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1097 - Pass the Ticket
T1597 - Search Closed Sources

MITREへのリンク →

APT41

Score: 40.19

Matched TTPs:

T1584.008 - Network Devices
T1195.001 - Compromise Software Dependencies and Development Tools
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1041 - Exfiltration Over C2 Channel
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1218.010 - Regsvr32
T1002 - Data Compressed
T1564.003 - Hidden Window
T1574.002 - DLL Side-Loading

MITREへのリンク →

APT5

Score: 10.97

Matched TTPs:

T1584.008 - Network Devices
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling

MITREへのリンク →

menuPass

Score: 7.63

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Threat Group-3390

Score: 11.57

Matched TTPs:

T1584.008 - Network Devices
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

Wizard Spider

Score: 14.66

Matched TTPs:

T1584.008 - Network Devices
T1038 - DLL Search Order Hijacking
T1588.001 - Malware
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027.018 - Invisible Unicode

MITREへのリンク →

Axiom

Score: 11.52

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1157 - Dylib Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

HEXANE

Score: 22.03

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1065 - Uncommonly Used Port

MITREへのリンク →

Chimera

Score: 9.94

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1132.002 - Non-Standard Encoding

MITREへのリンク →

LazyScripter

Score: 10.43

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1091 - Replication Through Removable Media
T1218.012 - Verclsid
T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Cobalt Group

Score: 10.58

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1518.002 - Backup Software Discovery
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

OilRig

Score: 21.42

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1606.002 - SAML Tokens
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

APT39

Score: 13.44

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1157 - Dylib Hijacking
T1027.018 - Invisible Unicode

MITREへのリンク →

Tropic Trooper

Score: 7.30

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1218.010 - Regsvr32

MITREへのリンク →

APT18

Score: 5.47

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1219.001 - IDE Tunneling
T1157 - Dylib Hijacking

MITREへのリンク →

FIN7

Score: 31.46

Matched TTPs:

T1195.001 - Compromise Software Dependencies and Development Tools
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1218.012 - Verclsid
T1584.005 - Botnet
T1608.005 - Link Target
T1057 - Process Discovery
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1065 - Uncommonly Used Port
T1027.018 - Invisible Unicode

MITREへのリンク →

Moonstone Sleet

Score: 14.68

Matched TTPs:

T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1057 - Process Discovery
T1027 - Obfuscated Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

Indrik Spider

Score: 7.66

Matched TTPs:

T1606.002 - SAML Tokens
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

Lazarus Group

Score: 21.22

Matched TTPs:

T1606.002 - SAML Tokens
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1218.012 - Verclsid
T1608.005 - Link Target
T1057 - Process Discovery
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

UNC3886

Score: 15.81

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 11.42

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1219.001 - IDE Tunneling
T1584.005 - Botnet
T1199 - Trusted Relationship
T1027.018 - Invisible Unicode

MITREへのリンク →

Salt Typhoon

Score: 8.95

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1608.002 - Upload Tool
T1199 - Trusted Relationship

MITREへのリンク →

Play

Score: 8.94

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking

MITREへのリンク →

Aoqin Dragon

Score: 5.74

Matched TTPs:

T1606.002 - SAML Tokens
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 4.75

Matched TTPs:

T1606.002 - SAML Tokens
T1219.001 - IDE Tunneling
T1027.018 - Invisible Unicode

MITREへのリンク →

Moses Staff

Score: 6.18

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship

MITREへのリンク →

Turla

Score: 22.03

Matched TTPs:

T1606.002 - SAML Tokens
T1176 - Software Extensions
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1027.018 - Invisible Unicode

MITREへのリンク →

TeamTNT

Score: 15.14

Matched TTPs:

T1606.002 - SAML Tokens
T1036.009 - Break Process Trees
T1091 - Replication Through Removable Media
T1071.003 - Mail Protocols
T1219.001 - IDE Tunneling
T1597 - Search Closed Sources

MITREへのリンク →

Scattered Spider

Score: 40.47

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1566.002 - Spearphishing Link
T1547.005 - Security Support Provider
T1019 - System Firmware
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1218.005 - Mshta
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027.005 - Indicator Removal from Tools
T1027 - Obfuscated Files or Information
T1564.003 - Hidden Window
T1027.002 - Software Packing

MITREへのリンク →

Storm-0501

Score: 16.41

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1218.005 - Mshta
T1097 - Pass the Ticket
T1027 - Obfuscated Files or Information

MITREへのリンク →

Sidewinder

Score: 12.57

Matched TTPs:

T1566.002 - Spearphishing Link
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1657 - Financial Theft
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Silent Librarian

Score: 8.58

Matched TTPs:

T1566.002 - Spearphishing Link
T1584.005 - Botnet
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

APT32

Score: 20.58

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 35.88

Matched TTPs:

T1566.002 - Spearphishing Link
T1036.009 - Break Process Trees
T1024 - Custom Cryptographic Protocol
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1098.002 - Additional Email Delegate Permissions
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Star Blizzard

Score: 19.21

Matched TTPs:

T1566.002 - Spearphishing Link
T1024 - Custom Cryptographic Protocol
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1657 - Financial Theft
T1102.003 - One-Way Communication
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

CURIUM

Score: 10.37

Matched TTPs:

T1566.002 - Spearphishing Link
T1555.003 - Credentials from Web Browsers
T1218.001 - Compiled HTML File
T1547.008 - LSASS Driver

MITREへのリンク →

Patchwork

Score: 7.46

Matched TTPs:

T1566.002 - Spearphishing Link
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

HAFNIUM

Score: 14.93

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1059 - Command and Scripting Interpreter
T1219.001 - IDE Tunneling
T1608.005 - Link Target

MITREへのリンク →

Rocke

Score: 10.33

Matched TTPs:

T1036.009 - Break Process Trees
T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1059.013 - Container CLI/API

MITREへのリンク →

INC Ransom

Score: 11.32

Matched TTPs:

T1036.009 - Break Process Trees
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

Velvet Ant

Score: 6.54

Matched TTPs:

T1036.009 - Break Process Trees
T1219.001 - IDE Tunneling
T1597 - Search Closed Sources

MITREへのリンク →

LAPSUS$

Score: 29.27

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1547.005 - Security Support Provider
T1019 - System Firmware
T1193 - Spearphishing Attachment
T1045 - Software Packing
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1065 - Uncommonly Used Port
T1564.003 - Hidden Window
T1132.002 - Non-Standard Encoding

MITREへのリンク →

IndigoZebra

Score: 5.53

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1608.005 - Link Target
T1199 - Trusted Relationship

MITREへのリンク →

TA577

Score: 4.03

Matched TTPs:

T1024 - Custom Cryptographic Protocol
T1027.018 - Invisible Unicode

MITREへのリンク →

TA2541

Score: 10.33

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027.018 - Invisible Unicode

MITREへのリンク →

Earth Lusca

Score: 15.97

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1218.001 - Compiled HTML File
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustard Tempest

Score: 3.33

Matched TTPs:

T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode

MITREへのリンク →

Gamaredon Group

Score: 21.22

Matched TTPs:

T1091 - Replication Through Removable Media
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1059.013 - Container CLI/API
T1027.018 - Invisible Unicode

MITREへのリンク →

SideCopy

Score: 7.94

Matched TTPs:

T1091 - Replication Through Removable Media
T1218.012 - Verclsid
T1657 - Financial Theft

MITREへのリンク →

TA505

Score: 8.32

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackByte

Score: 10.77

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

BITTER

Score: 6.41

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Saint Bear

Score: 8.64

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 11.19

Matched TTPs:

T1091 - Replication Through Removable Media
T1690 - Prevent Command History Logging
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 6.44

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1132.002 - Non-Standard Encoding

MITREへのリンク →

BackdoorDiplomacy

Score: 6.18

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1588.001 - Malware
T1199 - Trusted Relationship

MITREへのリンク →

BlackTech

Score: 5.17

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Medusa Group

Score: 12.96

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

Fox Kitten

Score: 19.64

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1097 - Pass the Ticket
T1157 - Dylib Hijacking
T1656 - Impersonation

MITREへのリンク →

Cinnamon Tempest

Score: 6.08

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

ToddyCat

Score: 5.29

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 4.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

Winter Vivern

Score: 9.85

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1219.001 - IDE Tunneling
T1588.001 - Malware
T1218.001 - Compiled HTML File
T1027.018 - Invisible Unicode

MITREへのリンク →

Volatile Cedar

Score: 7.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1002 - Data Compressed

MITREへのリンク →

MuddyWater

Score: 20.38

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1518.002 - Backup Software Discovery
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1027.018 - Invisible Unicode

MITREへのリンク →

Akira

Score: 10.10

Matched TTPs:

T1137.005 - Outlook Rules
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information

MITREへのリンク →

Deep Panda

Score: 5.05

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver

MITREへのリンク →

Tonto Team

Score: 3.26

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32

MITREへのリンク →

APT38

Score: 18.81

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1493 - Transmitted Data Manipulation
T1027.018 - Invisible Unicode

MITREへのリンク →

APT3

Score: 7.44

Matched TTPs:

T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

CopyKittens

Score: 3.19

Matched TTPs:

T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

Windigo

Score: 3.64

Matched TTPs:

T1045 - Software Packing
T1219.001 - IDE Tunneling

MITREへのリンク →

POLONIUM

Score: 6.63

Matched TTPs:

T1045 - Software Packing
T1608.005 - Link Target
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Inception

Score: 5.98

Matched TTPs:

T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Dark Caracal

Score: 3.82

Matched TTPs:

T1219.001 - IDE Tunneling
T1547.008 - LSASS Driver

MITREへのリンク →

Confucius

Score: 8.51

Matched TTPs:

T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

BRONZE BUTLER

Score: 5.44

Matched TTPs:

T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.010 - Regsvr32

MITREへのリンク →

Aquatic Panda

Score: 4.74

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1597 - Search Closed Sources

MITREへのリンク →

Carbanak

Score: 4.37

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

FIN6

Score: 8.69

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1547.008 - LSASS Driver

MITREへのリンク →

Higaisa

Score: 3.59

Matched TTPs:

T1588.001 - Malware
T1218.010 - Regsvr32

MITREへのリンク →

APT17

Score: 5.45

Matched TTPs:

T1608.005 - Link Target
T1656 - Impersonation

MITREへのリンク →

TA578

Score: 3.37

Matched TTPs:

T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

SilverTerrier

Score: 3.62

Matched TTPs:

T1041 - Exfiltration Over C2 Channel

MITREへのリンク →

DarkVishnya

Score: 3.37

Matched TTPs:

T1199 - Trusted Relationship
T1097 - Pass the Ticket

MITREへのリンク →

Storm-1811

Score: 5.71

Matched TTPs:

T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

FIN8

Score: 5.97

Matched TTPs:

T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN5

Score: 4.80

Matched TTPs:

T1199 - Trusted Relationship
T1097 - Pass the Ticket
T1157 - Dylib Hijacking

MITREへのリンク →

APT33

Score: 5.13

Matched TTPs:

T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Windshift

Score: 3.88

Matched TTPs:

T1027.018 - Invisible Unicode
T1547.008 - LSASS Driver

MITREへのリンク →

Kimsuky

Score: 0.70

Matched TTPs:

T1055.014 - VDSO Hijacking
T1606.002 - SAML Tokens
T1057 - Process Discovery
T1608.005 - Link Target
T1091 - Replication Through Removable Media
T1555.003 - Credentials from Web Browsers
T1656 - Impersonation
T1102.003 - One-Way Communication
T1683.001 - Written Content
T1588.001 - Malware
T1037 - Boot or Logon Initialization Scripts
T1003.003 - NTDS
T1597 - Search Closed Sources
T1199 - Trusted Relationship
T1041 - Exfiltration Over C2 Channel
T1219.001 - IDE Tunneling
T1566.002 - Spearphishing Link
T1132.002 - Non-Standard Encoding
T1690 - Prevent Command History Logging
T1024 - Custom Cryptographic Protocol
T1027.018 - Invisible Unicode
T1140 - Deobfuscate/Decode Files or Information
T1218.012 - Verclsid

MITREへのリンク →

SloppyLemming Deploys BurrowShell and Rust-Based RAT to Target Pakistan and Bangladesh

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ