Trusted Design

Signed malware impersonating workplace apps deploys RMM backdoors

概要

Multiple phishing campaigns were identified using workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. The attacks used digitally signed executables masquerading as legitimate software to install remote monitoring and management (RMM) tools like ScreenConnect, Tactical RMM, and Mesh Agent. These tools enabled attackers to establish persistence and move laterally within compromised environments. The malware was signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD. The campaigns demonstrate how familiar branding and trusted digital signatures can be exploited to bypass user suspicion and gain an initial foothold in enterprise networks.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 90.52
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1132.002 - Non-Standard Encoding
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Sea Turtle

Score: 42.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1596.001 - DNS/Passive DNS
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1685 - Disable or Modify Tools
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 51.60
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
MITREへのリンク →

Indrik Spider

Score: 20.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1498 - Network Denial of Service
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 17.83
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1209 - Time Providers
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 77.78
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1565.002 - Transmitted Data Manipulation
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 77.93
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 25.78
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1168 - Local Job Scheduling
MITREへのリンク →

Lazarus Group

Score: 79.67
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1596.001 - DNS/Passive DNS
  • T1071.004 - DNS
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

TA577

Score: 7.96
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

Moonstone Sleet

Score: 32.74
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT39

Score: 36.95
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1021 - Remote Services
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
MITREへのリンク →

Poseidon Group

Score: 5.46
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Mustang Panda

Score: 70.15
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1596.001 - DNS/Passive DNS
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1102 - Web Service
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1565.002 - Transmitted Data Manipulation
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Tonto Team

Score: 9.37
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 48.46
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Suckfly

Score: 7.72
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1103 - AppInit DLLs
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
MITREへのリンク →

BlackByte

Score: 41.77
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1562.010 - Downgrade Attack
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT28

Score: 81.22
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1071.004 - DNS
  • T1218.013 - Mavinject
  • T1206 - Sudo Caching
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sowbug

Score: 5.03
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.013 - Mavinject
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Storm-0501

Score: 24.76
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1535 - Unused/Unsupported Cloud Regions
  • T1155 - AppleScript
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Axiom

Score: 36.03
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 56.18
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1491.002 - External Defacement
  • T1685.001 - Disable or Modify Windows Event Log
  • T1206 - Sudo Caching
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Inception

Score: 14.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 7.18
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 7.08
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 26.35
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1064 - Scripting
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 10.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 5.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 25.03
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1206 - Sudo Caching
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 17.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1103 - AppInit DLLs
  • T1091 - Replication Through Removable Media
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT33

Score: 12.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 13.05
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 24.82
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1543.003 - Windows Service
  • T1103 - AppInit DLLs
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 12.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 7.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 27.21
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 38.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
MITREへのリンク →

TA2541

Score: 18.28
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 9.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 70.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.008 - Direct Cloud VM Connections
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 33.08
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1578.002 - Create Cloud Instance
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 13.58
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
  • T1001.001 - Junk Data
MITREへのリンク →

Tropic Trooper

Score: 22.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 3.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
MITREへのリンク →

Whitefly

Score: 4.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 29.48
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Moses Staff

Score: 14.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1103 - AppInit DLLs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 42.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1535 - Unused/Unsupported Cloud Regions
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 5.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 53.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 62.21
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1071.004 - DNS
  • T1218.013 - Mavinject
  • T1103 - AppInit DLLs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

TA551

Score: 9.44
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 67.55
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1535 - Unused/Unsupported Cloud Regions
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

ZIRCONIUM

Score: 26.72
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 14.67
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 14.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1103 - AppInit DLLs
  • T1530 - Data from Cloud Storage
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 20.05
Matched TTPs:
  • T1584.008 - Network Devices
  • T1103 - AppInit DLLs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 42.47
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 41.46
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 47.47
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Ke3chang

Score: 20.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 26.68
Matched TTPs:
  • T1584.008 - Network Devices
  • T1218.013 - Mavinject
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1622 - Debugger Evasion
MITREへのリンク →

Wizard Spider

Score: 42.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1103 - AppInit DLLs
  • T1038 - DLL Search Order Hijacking
  • T1589 - Gather Victim Identity Information
  • T1155 - AppleScript
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
MITREへのリンク →

Silent Librarian

Score: 14.02
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

UNC3886

Score: 37.21
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 24.00
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1103 - AppInit DLLs
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 13.33
Matched TTPs:
  • T1596.001 - DNS/Passive DNS
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1526 - Cloud Service Discovery
MITREへのリンク →

HEXANE

Score: 34.84
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Gamaredon Group

Score: 47.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 15.62
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 32.57
Matched TTPs:
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1677 - Poisoned Pipeline Execution
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

FIN7

Score: 51.39
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1103 - AppInit DLLs
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

MuddyWater

Score: 40.20
Matched TTPs:
  • T1218.013 - Mavinject
  • T1206 - Sudo Caching
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

WIRTE

Score: 4.33
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 25.35
Matched TTPs:
  • T1218.013 - Mavinject
  • T1206 - Sudo Caching
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1530 - Data from Cloud Storage
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

admin@338

Score: 7.13
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

Earth Lusca

Score: 31.53
Matched TTPs:
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BackdoorDiplomacy

Score: 11.96
Matched TTPs:
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Akira

Score: 18.00
Matched TTPs:
  • T1218.013 - Mavinject
  • T1137.005 - Outlook Rules
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

RedCurl

Score: 16.45
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1209 - Time Providers
MITREへのリンク →

Naikon

Score: 6.27
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.006 - Network Security Appliances
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
MITREへのリンク →

Chimera

Score: 34.43
Matched TTPs:
  • T1218.013 - Mavinject
  • T1155 - AppleScript
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1592.003 - Firmware
  • T1059.003 - Windows Command Shell
  • T1132.002 - Non-Standard Encoding
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Aquatic Panda

Score: 23.19
Matched TTPs:
  • T1218.013 - Mavinject
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1102 - Web Service
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

PROMETHIUM

Score: 8.68
Matched TTPs:
  • T1218.013 - Mavinject
  • T1103 - AppInit DLLs
  • T1530 - Data from Cloud Storage
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

INC Ransom

Score: 23.34
Matched TTPs:
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1055.004 - Asynchronous Procedure Call
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Machete

Score: 7.63
Matched TTPs:
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Carbanak

Score: 10.74
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

APT1

Score: 15.78
Matched TTPs:
  • T1218.013 - Mavinject
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
  • T1622 - Debugger Evasion
MITREへのリンク →

Velvet Ant

Score: 18.40
Matched TTPs:
  • T1218.013 - Mavinject
  • T1583.005 - Botnet
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Silence

Score: 7.77
Matched TTPs:
  • T1218.013 - Mavinject
  • T1103 - AppInit DLLs
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

ToddyCat

Score: 12.40
Matched TTPs:
  • T1218.013 - Mavinject
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

SideCopy

Score: 15.96
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 54.91
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1131 - Authentication Package
  • T1021 - Remote Services
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Rocke

Score: 25.96
Matched TTPs:
  • T1218.013 - Mavinject
  • T1497.001 - System Checks
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1535 - Unused/Unsupported Cloud Regions
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 17.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 15.60
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Medusa Group

Score: 45.40
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1103 - AppInit DLLs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Cobalt Group

Score: 15.22
Matched TTPs:
  • T1206 - Sudo Caching
  • T1543.003 - Windows Service
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

APT37

Score: 15.37
Matched TTPs:
  • T1206 - Sudo Caching
  • T1562.012 - Disable or Modify Linux Audit System
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 80.36
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1103 - AppInit DLLs
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1535 - Unused/Unsupported Cloud Regions
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027.005 - Indicator Removal from Tools
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1557.002 - ARP Cache Poisoning
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1498 - Network Denial of Service
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN6

Score: 20.14
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1103 - AppInit DLLs
  • T1562.012 - Disable or Modify Linux Audit System
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Evilnum

Score: 8.59
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 9.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 16.06
Matched TTPs:
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
MITREへのリンク →

APT3

Score: 18.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

EXOTIC LILY

Score: 16.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 11.06
Matched TTPs:
  • T1543.003 - Windows Service
  • T1103 - AppInit DLLs
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Windshift

Score: 17.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1078 - Valid Accounts
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN4

Score: 7.00
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

LazyScripter

Score: 15.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 19.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1555.003 - Credentials from Web Browsers
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 23.32
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1059 - Command and Scripting Interpreter
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

DarkVishnya

Score: 8.24
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

Winnti Group

Score: 4.01
Matched TTPs:
  • T1103 - AppInit DLLs
  • T1219.001 - IDE Tunneling
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CopyKittens

Score: 5.13
Matched TTPs:
  • T1103 - AppInit DLLs
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Rancor

Score: 4.06
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 31.58
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 8.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 22.34
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 10.95
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LAPSUS$

Score: 59.94
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1556.008 - Network Provider DLL
  • T1596.004 - CDNs
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
  • T1557.002 - ARP Cache Poisoning
  • T1564.003 - Hidden Window
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

IndigoZebra

Score: 6.30
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Volatile Cedar

Score: 10.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PLATINUM

Score: 4.73
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

Stealth Falcon

Score: 7.14
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 7.73
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

Ajax Security Team

Score: 5.35
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

Lotus Blossom

Score: 10.05
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Andariel

Score: 12.07
Matched TTPs:
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN10

Score: 3.92
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1622 - Debugger Evasion
MITREへのリンク →

DarkHydrus

Score: 4.98
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1531 - Account Access Removal
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1030 - Data Transfer Size Limits
  • T1562.012 - Disable or Modify Linux Audit System
  • T1622 - Debugger Evasion
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1033 - System Owner/User Discovery
  • T1668 - Exclusive Control
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1132.002 - Non-Standard Encoding
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1059.010 - AutoHotKey & AutoIT
  • T1526 - Cloud Service Discovery
  • T1606.002 - SAML Tokens
  • T1126 - Network Share Connection Removal
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1218.013 - Mavinject
  • T1009 - Binary Padding
  • T1690 - Prevent Command History Logging
  • T1183 - Image File Execution Options Injection
  • T1131 - Authentication Package
  • T1583.005 - Botnet
  • T1218.012 - Verclsid
  • T1103 - AppInit DLLs
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1597.002 - Purchase Technical Data
  • T1668 - Exclusive Control
  • T1592.003 - Firmware
  • T1588.003 - Code Signing Certificates
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1566.003 - Spearphishing via Service
  • T1491.002 - External Defacement
  • T1059.001 - PowerShell
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.012 - Hypervisor CLI
  • T1059.010 - AutoHotKey & AutoIT
  • T1024 - Custom Cryptographic Protocol
  • T1219.001 - IDE Tunneling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1146 - Clear Command History
  • T1218.010 - Regsvr32
  • T1139 - Bash History
  • T1197 - BITS Jobs
  • T1175 - Component Object Model and Distributed COM
  • T1218.013 - Mavinject
  • T1071.004 - DNS
  • T1206 - Sudo Caching
  • T1131 - Authentication Package
  • T1583.005 - Botnet
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 0.62
Matched TTPs:
  • T1030 - Data Transfer Size Limits
  • T1622 - Debugger Evasion
  • T1564.003 - Hidden Window
  • T1157 - Dylib Hijacking
  • T1565.002 - Transmitted Data Manipulation
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1535 - Unused/Unsupported Cloud Regions
  • T1557.002 - ARP Cache Poisoning
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
  • T1597 - Search Closed Sources
  • T1619 - Cloud Storage Object Discovery
  • T1027.002 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1019 - System Firmware
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1583.001 - Domains
  • T1103 - AppInit DLLs
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1556.008 - Network Provider DLL
  • T1136.002 - Domain Account
  • T1027.005 - Indicator Removal from Tools
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lazarus Group

Score: 0.62
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1055.004 - Asynchronous Procedure Call
  • T1677 - Poisoned Pipeline Execution
  • T1157 - Dylib Hijacking
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1606.001 - Web Cookies
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1596.001 - DNS/Passive DNS
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1218.013 - Mavinject
  • T1071.004 - DNS
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1132.001 - Standard Encoding
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1070.006 - Timestomp
  • T1218.012 - Verclsid
  • T1567.002 - Exfiltration to Cloud Storage
  • T1103 - AppInit DLLs
  • T1543.003 - Windows Service
  • T1174 - Password Filter DLL
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 0.60
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1564.008 - Email Hiding Rules
  • T1033 - System Owner/User Discovery
  • T1063 - Security Software Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1045 - Software Packing
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1075 - Pass the Hash
  • T1218.013 - Mavinject
  • T1484.002 - Trust Modification
  • T1183 - Image File Execution Options Injection
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1543.003 - Windows Service
  • T1005 - Data from Local System
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
  • T1193 - Spearphishing Attachment
  • T1566.002 - Spearphishing Link
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Contagious Interview

Score: 0.60
Matched TTPs:
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1044 - File System Permissions Weakness
  • T1059.006 - Python
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1606.002 - SAML Tokens
  • T1547.005 - Security Support Provider
  • T1126 - Network Share Connection Removal
  • T1045 - Software Packing
  • T1547.008 - LSASS Driver
  • T1021.006 - Windows Remote Management
  • T1175 - Component Object Model and Distributed COM
  • T1690 - Prevent Command History Logging
  • T1183 - Image File Execution Options Injection
  • T1131 - Authentication Package
  • T1221 - Template Injection
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る