Trusted Design

Web-Based Indirect Prompt Injection Observed in the Wild: Fooling AI Agents

概要

This article analyzes real-world instances of indirect prompt injection (IDPI) attacks targeting AI agents and large language models integrated into web systems. The researchers identify 22 distinct techniques used by attackers to embed malicious prompts in webpages, including visual concealment, obfuscation, and dynamic execution methods. They categorize attacker intents ranging from low-severity disruptions to critical data destruction attempts. Notable findings include the first observed case of AI-based ad review evasion and attempts at search engine optimization manipulation. The article presents a taxonomy of web-based IDPI attacks and provides insights into attack trends based on telemetry data. The researchers emphasize the need for proactive, web-scale defenses to detect IDPI and distinguish between benign and malicious prompts.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 53.10
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1678 - Delay Execution
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 74.75
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1176.001 - Browser Extensions
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1593.002 - Search Engines
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 21.48
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1505.003 - Web Shell
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Volt Typhoon

Score: 62.60
Matched TTPs:
  • T1592 - Gather Victim Host Information
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1497.001 - System Checks
  • T1070.007 - Clear Network Connection History and Configurations
  • T1555 - Credentials from Password Stores
  • T1010 - Application Window Discovery
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1593 - Search Open Websites/Domains
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
MITREへのリンク →

Contagious Interview

Score: 44.78
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 25.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Sandworm Team

Score: 62.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Inception

Score: 9.05
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 5.88
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 8.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 20.51
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 11.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 48.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1542.003 - Bootkit
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1110 - Brute Force
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1137.002 - Office Test
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Leviathan

Score: 28.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Sidewinder

Score: 19.55
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT39

Score: 23.01
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1555 - Credentials from Password Stores
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
MITREへのリンク →

Lazarus Group

Score: 53.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1542.003 - Bootkit
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1591 - Gather Victim Org Information
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Saint Bear

Score: 20.51
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 11.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1555 - Credentials from Password Stores
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 11.65
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 13.25
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

Higaisa

Score: 9.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

APT19

Score: 7.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 19.56
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1110 - Brute Force
  • T1027.010 - Command Obfuscation
  • T1003.003 - NTDS
  • T1213.005 - Messaging Applications
MITREへのリンク →

Threat Group-3390

Score: 21.59
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 15.30
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Malteiro

Score: 10.65
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1555 - Credentials from Password Stores
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Magic Hound

Score: 54.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1590.005 - IP Addresses
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1591.001 - Determine Physical Locations
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 23.86
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1656 - Impersonation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 3.93
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1090 - Proxy
MITREへのリンク →

Tropic Trooper

Score: 15.46
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.001 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Mofang

Score: 5.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Whitefly

Score: 3.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

menuPass

Score: 8.87
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Moses Staff

Score: 9.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

TeamTNT

Score: 19.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 34.20
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1555 - Credentials from Password Stores
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1110 - Brute Force
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 30.07
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 27.50
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Andariel

Score: 11.82
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1566.001 - Spearphishing Attachment
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HAFNIUM

Score: 28.06
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1583.005 - Botnet
  • T1505.003 - Web Shell
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1003.003 - NTDS
MITREへのリンク →

ZIRCONIUM

Score: 24.43
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 18.66
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 8.65
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

GALLIUM

Score: 5.83
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

APT29

Score: 47.15
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 10.26
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Dragonfly

Score: 36.16
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1110 - Brute Force
  • T1187 - Forced Authentication
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1003.003 - NTDS
MITREへのリンク →

Ke3chang

Score: 15.96
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1016 - System Network Configuration Discovery
  • T1614.001 - System Language Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Agrius

Score: 8.68
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1505.003 - Web Shell
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT41

Score: 50.57
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1542.003 - Bootkit
  • T1566.001 - Spearphishing Attachment
  • T1555 - Credentials from Password Stores
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1480.001 - Environmental Keying
MITREへのリンク →

APT5

Score: 8.20
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1505.003 - Web Shell
MITREへのリンク →

Wizard Spider

Score: 20.18
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1518.002 - Backup Software Discovery
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 12.11
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1589.002 - Email Addresses
  • T1608.005 - Link Target
MITREへのリンク →

EXOTIC LILY

Score: 19.32
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1589.002 - Email Addresses
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Axiom

Score: 17.30
Matched TTPs:
  • T1583.002 - DNS Server
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

HEXANE

Score: 33.10
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1555 - Credentials from Password Stores
  • T1010 - Application Window Discovery
  • T1589.002 - Email Addresses
  • T1016 - System Network Configuration Discovery
  • T1534 - Internal Spearphishing
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
MITREへのリンク →

Indrik Spider

Score: 6.23
Matched TTPs:
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

UNC3886

Score: 21.93
Matched TTPs:
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 13.75
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1608.005 - Link Target
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 8.97
Matched TTPs:
  • T1587.001 - Malware
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Play

Score: 9.13
Matched TTPs:
  • T1587.001 - Malware
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 9.91
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1204.001 - Malicious Link
MITREへのリンク →

Turla

Score: 32.31
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN7

Score: 46.43
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1591 - Gather Victim Org Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 45.25
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1003.003 - NTDS
  • T1213.005 - Messaging Applications
MITREへのリンク →

Storm-0501

Score: 18.36
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1021.007 - Cloud Services
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

FIN6

Score: 17.78
Matched TTPs:
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1555 - Credentials from Password Stores
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1027.010 - Command Obfuscation
  • T1003.003 - NTDS
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Evilnum

Score: 8.91
Matched TTPs:
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1555 - Credentials from Password Stores
  • T1204.001 - Malicious Link
MITREへのリンク →

Gamaredon Group

Score: 37.52
Matched TTPs:
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 5.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 32.12
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1555 - Credentials from Password Stores
  • T1218.003 - CMSTP
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 9.53
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Machete

Score: 5.45
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN8

Score: 11.88
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 9.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 3.79
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Molerats

Score: 3.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 12.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 18.09
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.003 - CMSTP
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN4

Score: 7.81
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 20.92
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Patchwork

Score: 13.16
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 11.87
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

APT42

Score: 13.67
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1056 - Input Capture
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Star Blizzard

Score: 8.59
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1593 - Search Open Websites/Domains
MITREへのリンク →

CURIUM

Score: 16.04
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1505.003 - Web Shell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

admin@338

Score: 3.84
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BRONZE BUTLER

Score: 8.68
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA551

Score: 7.60
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1589.002 - Email Addresses
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Winter Vivern

Score: 14.75
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Naikon

Score: 4.24
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1016 - System Network Configuration Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

SideCopy

Score: 11.30
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Tonto Team

Score: 6.23
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 10.15
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT38

Score: 27.17
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

DarkHydrus

Score: 5.01
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1187 - Forced Authentication
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

PLATINUM

Score: 9.27
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1056.004 - Credential API Hooking
MITREへのリンク →

BlackByte

Score: 27.28
Matched TTPs:
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Akira

Score: 8.68
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Leafminer

Score: 6.30
Matched TTPs:
  • T1555 - Credentials from Password Stores
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Stealth Falcon

Score: 4.14
Matched TTPs:
  • T1555 - Credentials from Password Stores
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

MoustachedBouncer

Score: 8.97
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Carbanak

Score: 4.74
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Rocke

Score: 9.66
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

ToddyCat

Score: 6.76
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 21.45
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1003.003 - NTDS
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Velvet Ant

Score: 8.27
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Volatile Cedar

Score: 8.49
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

Aquatic Panda

Score: 8.15
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

LAPSUS$

Score: 35.76
Matched TTPs:
  • T1589.002 - Email Addresses
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1204 - User Execution
  • T1068 - Exploitation for Privilege Escalation
  • T1656 - Impersonation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1003.003 - NTDS
  • T1213.005 - Messaging Applications
MITREへのリンク →

Chimera

Score: 10.21
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1003.003 - NTDS
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 6.75
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

INC Ransom

Score: 7.42
Matched TTPs:
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

GOLD SOUTHFIELD

Score: 8.08
Matched TTPs:
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1566.001 - Spearphishing Attachment
  • T1566.002 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1505.003 - Web Shell
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1218.005 - Mshta
  • T1593.002 - Search Engines
  • T1589.002 - Email Addresses
  • T1594 - Search Victim-Owned Websites
  • T1656 - Impersonation
  • T1204.001 - Malicious Link
  • T1102.002 - Bidirectional Communication
  • T1588.005 - Exploits
  • T1562.004 - Disable or Modify System Firewall
  • T1176.001 - Browser Extensions
  • T1027.010 - Command Obfuscation
  • T1593.001 - Social Media
  • T1562.001 - Disable or Modify Tools
  • T1587.001 - Malware
  • T1591 - Gather Victim Org Information
  • T1557 - Adversary-in-the-Middle
  • T1566 - Phishing
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Sandworm Team

Score: 0.59
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1499 - Endpoint Denial of Service
  • T1003.003 - NTDS
  • T1566.001 - Spearphishing Attachment
  • T1491.002 - External Defacement
  • T1090 - Proxy
  • T1566.002 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1584.005 - Botnet
  • T1608.001 - Upload Malware
  • T1591.002 - Business Relationships
  • T1505.003 - Web Shell
  • T1593 - Search Open Websites/Domains
  • T1592.002 - Software
  • T1589.002 - Email Addresses
  • T1594 - Search Victim-Owned Websites
  • T1195.002 - Compromise Software Supply Chain
  • T1204.001 - Malicious Link
  • T1102.002 - Bidirectional Communication
  • T1213.006 - Databases
  • T1027.010 - Command Obfuscation
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Volt Typhoon

Score: 0.59
Matched TTPs:
  • T1518 - Software Discovery
  • T1592 - Gather Victim Host Information
  • T1555 - Credentials from Password Stores
  • T1003.003 - NTDS
  • T1591.004 - Identify Roles
  • T1090 - Proxy
  • T1596.005 - Scan Databases
  • T1016 - System Network Configuration Discovery
  • T1584.005 - Botnet
  • T1010 - Application Window Discovery
  • T1505.003 - Web Shell
  • T1593 - Search Open Websites/Domains
  • T1587.004 - Exploits
  • T1584.008 - Network Devices
  • T1070.007 - Clear Network Connection History and Configurations
  • T1497.001 - System Checks
  • T1594 - Search Victim-Owned Websites
  • T1589.002 - Email Addresses
  • T1068 - Exploitation for Privilege Escalation
  • T1591 - Gather Victim Org Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る