Trusted Design

Web-Based Indirect Prompt Injection Observed in the Wild: Fooling AI Agents

概要

This article analyzes real-world instances of indirect prompt injection (IDPI) attacks targeting AI agents and large language models integrated into web systems. The researchers identify 22 distinct techniques used by attackers to embed malicious prompts in webpages, including visual concealment, obfuscation, and dynamic execution methods. They categorize attacker intents ranging from low-severity disruptions to critical data destruction attempts. Notable findings include the first observed case of AI-based ad review evasion and attempts at search engine optimization manipulation. The article presents a taxonomy of web-based IDPI attacks and provides insights into attack trends based on telemetry data. The researchers emphasize the need for proactive, web-scale defenses to detect IDPI and distinguish between benign and malicious prompts.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 53.10
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 74.75
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 21.48
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Volt Typhoon

Score: 62.60
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1562.009 - Safe Mode Boot
  • T1556.002 - Password Filter DLL
  • T1562 - Impair Defenses
  • T1070.006 - Timestomp
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Contagious Interview

Score: 44.78
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 25.16
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 62.97
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Inception

Score: 9.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 5.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 8.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 20.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1064 - Scripting
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 11.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 48.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1071.004 - DNS
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1097 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1588.003 - Code Signing Certificates
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Leviathan

Score: 28.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 19.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 23.01
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1562 - Impair Defenses
  • T1555.003 - Credentials from Web Browsers
  • T1097 - Pass the Ticket
  • T1599 - Network Boundary Bridging
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 53.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1071.004 - DNS
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Saint Bear

Score: 20.51
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 11.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 11.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 13.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 9.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

APT19

Score: 7.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 19.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1097 - Pass the Ticket
  • T1601.001 - Patch System Image
  • T1548.006 - TCC Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

Threat Group-3390

Score: 21.59
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 15.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 10.65
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 54.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 23.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 3.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1045 - Software Packing
MITREへのリンク →

Tropic Trooper

Score: 15.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Mofang

Score: 5.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

menuPass

Score: 8.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moses Staff

Score: 9.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 19.89
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1519 - Emond
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 34.20
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1562 - Impair Defenses
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1097 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 30.07
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 27.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Andariel

Score: 11.82
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1598.003 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HAFNIUM

Score: 28.06
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.008 - Stripped Payloads
  • T1555.003 - Credentials from Web Browsers
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ZIRCONIUM

Score: 24.43
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 18.66
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 8.65
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 5.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT29

Score: 47.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 10.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Dragonfly

Score: 36.16
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1097 - Pass the Ticket
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ke3chang

Score: 15.96
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1590.006 - Network Security Appliances
  • T1102.002 - Bidirectional Communication
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Agrius

Score: 8.68
Matched TTPs:
  • T1584.008 - Network Devices
  • T1555.003 - Credentials from Web Browsers
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 50.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1071.004 - DNS
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

APT5

Score: 8.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Wizard Spider

Score: 20.18
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 12.11
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1584.005 - Botnet
MITREへのリンク →

EXOTIC LILY

Score: 19.32
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Axiom

Score: 17.30
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HEXANE

Score: 33.10
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1562 - Impair Defenses
  • T1070.006 - Timestomp
  • T1134.002 - Create Process with Token
  • T1590.006 - Network Security Appliances
  • T1055.014 - VDSO Hijacking
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
MITREへのリンク →

Indrik Spider

Score: 6.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

UNC3886

Score: 21.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 13.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 8.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 9.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 9.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 32.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 46.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 45.25
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

Storm-0501

Score: 18.36
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1218.005 - Mshta
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN6

Score: 17.78
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1601.001 - Patch System Image
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Evilnum

Score: 8.91
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1562 - Impair Defenses
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 37.52
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 32.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1518.002 - Backup Software Discovery
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 9.53
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 5.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 11.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 9.06
Matched TTPs:
  • T1543.003 - Windows Service
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Molerats

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 12.61
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 18.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN4

Score: 7.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 20.92
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 13.16
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 11.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 13.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1599 - Network Boundary Bridging
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
MITREへのリンク →

Star Blizzard

Score: 8.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1102.003 - One-Way Communication
MITREへのリンク →

CURIUM

Score: 16.04
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1555.003 - Credentials from Web Browsers
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 3.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 8.68
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 7.60
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1218.012 - Verclsid
  • T1601.001 - Patch System Image
MITREへのリンク →

Winter Vivern

Score: 14.75
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Naikon

Score: 4.24
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 11.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Tonto Team

Score: 6.23
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 10.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT38

Score: 27.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1218.012 - Verclsid
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1216 - System Script Proxy Execution
MITREへのリンク →

DarkHydrus

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

PLATINUM

Score: 9.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

BlackByte

Score: 27.28
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1506 - Web Session Cookie
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Leafminer

Score: 6.30
Matched TTPs:
  • T1562 - Impair Defenses
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Stealth Falcon

Score: 4.14
Matched TTPs:
  • T1562 - Impair Defenses
  • T1590.006 - Network Security Appliances
MITREへのリンク →

MoustachedBouncer

Score: 8.97
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Carbanak

Score: 4.74
Matched TTPs:
  • T1009 - Binary Padding
  • T1547.002 - Authentication Package
MITREへのリンク →

Rocke

Score: 9.66
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

ToddyCat

Score: 6.76
Matched TTPs:
  • T1009 - Binary Padding
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

Medusa Group

Score: 21.45
Matched TTPs:
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
  • T1548.006 - TCC Manipulation
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Velvet Ant

Score: 8.27
Matched TTPs:
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Volatile Cedar

Score: 8.49
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

Aquatic Panda

Score: 8.15
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1601.001 - Patch System Image
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

LAPSUS$

Score: 35.76
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1619 - Cloud Storage Object Discovery
  • T1039 - Data from Network Shared Drive
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

Chimera

Score: 10.21
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 6.75
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

INC Ransom

Score: 7.42
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

GOLD SOUTHFIELD

Score: 8.08
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1114 - Email Collection
  • T1590.006 - Network Security Appliances
  • T1555.003 - Credentials from Web Browsers
  • T1547.002 - Authentication Package
  • T1003.003 - NTDS
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1601.001 - Patch System Image
  • T1543.003 - Windows Service
  • T1055.014 - VDSO Hijacking
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1213.006 - Databases
  • T1027.018 - Invisible Unicode
  • T1598.003 - Spearphishing Link
  • T1057 - Process Discovery
  • T1597 - Search Closed Sources
  • T1091 - Replication Through Removable Media
  • T1030 - Data Transfer Size Limits
  • T1009 - Binary Padding
  • T1683.001 - Written Content
  • T1037 - Boot or Logon Initialization Scripts
  • T1218.012 - Verclsid
  • T1506 - Web Session Cookie
MITREへのリンク →

Sandworm Team

Score: 0.59
Matched TTPs:
  • T1114 - Email Collection
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1547.002 - Authentication Package
  • T1063 - Security Software Discovery
  • T1045 - Software Packing
  • T1102.003 - One-Way Communication
  • T1548.006 - TCC Manipulation
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1193 - Spearphishing Attachment
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1187 - Forced Authentication
  • T1027.018 - Invisible Unicode
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1075 - Pass the Hash
  • T1049 - System Network Connections Discovery
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Volt Typhoon

Score: 0.59
Matched TTPs:
  • T1574.002 - DLL Side-Loading
  • T1114 - Email Collection
  • T1590.006 - Network Security Appliances
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1070.006 - Timestomp
  • T1102.003 - One-Way Communication
  • T1548.006 - TCC Manipulation
  • T1065 - Uncommonly Used Port
  • T1556.002 - Password Filter DLL
  • T1159 - Launch Agent
  • T1488 - Disk Content Wipe
  • T1562 - Impair Defenses
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1039 - Data from Network Shared Drive
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.009 - Safe Mode Boot
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る