Trusted Design

Signed malware impersonating workplace apps deploys RMM backdoors

概要

Multiple phishing campaigns were identified using workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. The attacks used digitally signed executables masquerading as legitimate software to install remote monitoring and management (RMM) tools like ScreenConnect, Tactical RMM, and Mesh Agent. These tools enabled attackers to establish persistence and move laterally within compromised environments. The malware was signed using an Extended Validation certificate issued to TrustConnect Software PTY LTD. The campaigns demonstrate how familiar branding and trusted digital signatures can be exploited to bypass user suspicion and gain an initial foothold in enterprise networks.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 29.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1592.004 - Client Configurations
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 32.62
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Wizard Spider

Score: 47.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1566.002 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1021 - Remote Services
  • T1021.006 - Windows Remote Management
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT33

Score: 14.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Fox Kitten

Score: 30.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1585 - Establish Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

CopyKittens

Score: 6.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1553.002 - Code Signing
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 75.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1584.008 - Network Devices
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1552.004 - Private Keys
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1654 - Log Enumeration
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 19.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1550.002 - Pass the Hash
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Mustang Panda

Score: 87.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1588.004 - Digital Certificates
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1654 - Log Enumeration
  • T1583.006 - Web Services
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1052.001 - Exfiltration over USB
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
  • T1001.003 - Protocol or Service Impersonation
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Play

Score: 18.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Chimera

Score: 40.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1021.006 - Windows Remote Management
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1589.001 - Credentials
  • T1556.001 - Domain Controller Authentication
  • T1111 - Multi-Factor Authentication Interception
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Gallmaker

Score: 4.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1559.002 - Dynamic Data Exchange
MITREへのリンク →

Sea Turtle

Score: 43.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1588.004 - Digital Certificates
  • T1583.002 - DNS Server
  • T1213.006 - Databases
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT39

Score: 42.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1553.006 - Code Signing Policy Modification
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 18.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1046 - Network Service Discovery
MITREへのリンク →

APT5

Score: 30.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1654 - Log Enumeration
  • T1554 - Compromise Host Software Binary
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 20.96
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

GALLIUM

Score: 23.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1553.002 - Code Signing
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 67.80
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1542.003 - Bootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1553.002 - Code Signing
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1595.002 - Vulnerability Scanning
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
MITREへのリンク →

MuddyWater

Score: 48.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.002 - Dynamic Data Exchange
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 88.13
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1542.003 - Bootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.002 - Dynamic Data Exchange
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1557.004 - Evil Twin
  • T1071.003 - Mail Protocols
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1137.002 - Office Test
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Turla

Score: 63.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1071.003 - Mail Protocols
  • T1553.006 - Code Signing Policy Modification
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sowbug

Score: 6.62
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1083 - File and Directory Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 23.56
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 41.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1588.004 - Digital Certificates
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Kimsuky

Score: 99.38
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1583 - Acquire Infrastructure
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1219.002 - Remote Desktop Software
  • T1111 - Multi-Factor Authentication Interception
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1587 - Develop Capabilities
MITREへのリンク →

APT3

Score: 24.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
  • T1036.010 - Masquerade Account Name
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN8

Score: 19.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Ke3chang

Score: 25.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lotus Blossom

Score: 13.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 47.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 37.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Magic Hound

Score: 76.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1016.002 - Wi-Fi Discovery
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 27.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1021 - Remote Services
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1654 - Log Enumeration
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 24.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1049 - System Network Connections Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Akira

Score: 21.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ToddyCat

Score: 18.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1095 - Non-Application Layer Protocol
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dragonfly

Score: 51.30
Matched TTPs:
  • T1113 - Screen Capture
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1187 - Forced Authentication
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Gamaredon Group

Score: 58.39
Matched TTPs:
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1095 - Non-Application Layer Protocol
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 62.04
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1553.002 - Code Signing
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1555.004 - Windows Credential Manager
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MoustachedBouncer

Score: 9.17
Matched TTPs:
  • T1113 - Screen Capture
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.63
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1566 - Phishing
MITREへのリンク →

APT42

Score: 34.86
Matched TTPs:
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
  • T1518.001 - Security Software Discovery
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

Winter Vivern

Score: 24.63
Matched TTPs:
  • T1113 - Screen Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 14.06
Matched TTPs:
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1553.002 - Code Signing
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Group5

Score: 3.88
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
MITREへのリンク →

Dark Caracal

Score: 9.47
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 56.71
Matched TTPs:
  • T1113 - Screen Capture
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1553.002 - Code Signing
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Ember Bear

Score: 55.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021 - Remote Services
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1654 - Log Enumeration
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
  • T1585 - Establish Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Indrik Spider

Score: 24.45
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Contagious Interview

Score: 77.78
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1656 - Impersonation
  • T1585 - Establish Accounts
  • T1543.001 - Launch Agent
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 79.47
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 25.78
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1550.004 - Web Session Cookie
MITREへのリンク →

Lazarus Group

Score: 79.67
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1588.004 - Digital Certificates
  • T1542.003 - Bootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA577

Score: 7.96
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
MITREへのリンク →

Moonstone Sleet

Score: 32.74
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Poseidon Group

Score: 7.99
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Tonto Team

Score: 9.37
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1505.003 - Web Shell
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 52.46
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Suckfly

Score: 7.72
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1553.002 - Code Signing
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
MITREへのリンク →

BlackByte

Score: 49.90
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1480 - Execution Guardrails
  • T1491.001 - Internal Defacement
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Storm-0501

Score: 28.90
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1552.004 - Private Keys
  • T1021.006 - Windows Remote Management
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Axiom

Score: 36.03
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

Leviathan

Score: 56.18
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Inception

Score: 14.90
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Elderwood

Score: 7.08
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 29.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1553.002 - Code Signing
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 10.47
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 5.09
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sidewinder

Score: 25.03
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.002 - Dynamic Data Exchange
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 17.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1553.002 - Code Signing
  • T1608.001 - Upload Malware
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
MITREへのリンク →

BITTER

Score: 15.72
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 24.82
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1566.002 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Higaisa

Score: 12.90
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT19

Score: 7.25
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

Threat Group-3390

Score: 40.29
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

TA2541

Score: 20.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Malteiro

Score: 9.64
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Storm-1811

Score: 33.08
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1656 - Impersonation
  • T1036.010 - Masquerade Account Name
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 13.58
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
  • T1574.012 - COR_PROFILER
MITREへのリンク →

Tropic Trooper

Score: 30.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1052.001 - Exfiltration over USB
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 3.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Whitefly

Score: 4.36
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 14.30
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1553.002 - Code Signing
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 45.46
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1610 - Deploy Container
  • T1552.004 - Private Keys
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 8.34
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1095 - Non-Application Layer Protocol
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TA551

Score: 9.44
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 26.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 14.67
Matched TTPs:
  • T1583.008 - Malvertising
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Daggerfly

Score: 14.20
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1553.002 - Code Signing
  • T1587.002 - Code Signing Certificates
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 47.01
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Silent Librarian

Score: 14.02
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

LuminousMoth

Score: 27.04
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1553.002 - Code Signing
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 13.33
Matched TTPs:
  • T1588.004 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

HEXANE

Score: 36.38
Matched TTPs:
  • T1583.002 - DNS Server
  • T1586.002 - Email Accounts
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

WIRTE

Score: 4.33
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 25.35
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1559.002 - Dynamic Data Exchange
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1587.002 - Code Signing Certificates
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

admin@338

Score: 9.66
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BackdoorDiplomacy

Score: 14.62
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1095 - Non-Application Layer Protocol
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Naikon

Score: 7.81
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1016 - System Network Configuration Discovery
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

PROMETHIUM

Score: 8.68
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1553.002 - Code Signing
  • T1587.002 - Code Signing Certificates
  • T1189 - Drive-by Compromise
MITREへのリンク →

Machete

Score: 7.63
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1566.002 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 10.74
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Velvet Ant

Score: 20.86
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1040 - Network Sniffing
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

SideCopy

Score: 15.96
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 27.50
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1070.002 - Clear Linux or Mac System Logs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1552.004 - Private Keys
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 17.26
Matched TTPs:
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1136 - Create Account
MITREへのリンク →

Aoqin Dragon

Score: 10.96
Matched TTPs:
  • T1587.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Medusa Group

Score: 46.95
Matched TTPs:
  • T1652 - Device Driver Discovery
  • T1553.002 - Code Signing
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cobalt Group

Score: 21.81
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1566.002 - Spearphishing Link
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT37

Score: 17.82
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1036.001 - Invalid Code Signature
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 86.04
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1552.004 - Private Keys
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1556.006 - Multi-Factor Authentication
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1578.002 - Create Cloud Instance
  • T1213.003 - Code Repositories
  • T1219.002 - Remote Desktop Software
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN6

Score: 24.35
Matched TTPs:
  • T1213.006 - Databases
  • T1553.002 - Code Signing
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Evilnum

Score: 8.59
Matched TTPs:
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 9.37
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

EXOTIC LILY

Score: 16.09
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Molerats

Score: 11.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1553.002 - Code Signing
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Windshift

Score: 17.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1036.001 - Invalid Code Signature
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN4

Score: 7.00
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
MITREへのリンク →

LazyScripter

Score: 15.72
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 19.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1583.003 - Virtual Private Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 8.24
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
MITREへのリンク →

Winnti Group

Score: 4.01
Matched TTPs:
  • T1553.002 - Code Signing
  • T1083 - File and Directory Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rancor

Score: 4.06
Matched TTPs:
  • T1218.007 - Msiexec
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 34.04
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

Gorgon Group

Score: 8.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cinnamon Tempest

Score: 10.95
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LAPSUS$

Score: 59.94
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1621 - Multi-Factor Authentication Request Generation
  • T1552.008 - Chat Messages
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1656 - Impersonation
  • T1578.002 - Create Cloud Instance
  • T1213.003 - Code Repositories
  • T1111 - Multi-Factor Authentication Interception
MITREへのリンク →

IndigoZebra

Score: 6.30
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volatile Cedar

Score: 10.74
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PLATINUM

Score: 9.85
Matched TTPs:
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1095 - Non-Application Layer Protocol
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1657 - Financial Theft
MITREへのリンク →

Stealth Falcon

Score: 7.14
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Leafminer

Score: 13.81
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Ajax Security Team

Score: 5.35
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Andariel

Score: 12.07
Matched TTPs:
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 12.80
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
  • T1480.001 - Environmental Keying
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

FIN5

Score: 3.82
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Thrip

Score: 3.78
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN10

Score: 3.92
Matched TTPs:
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

DarkHydrus

Score: 4.98
Matched TTPs:
  • T1588.002 - Tool
  • T1187 - Forced Authentication
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1102.002 - Bidirectional Communication
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1550.002 - Pass the Hash
  • T1583.006 - Web Services
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
  • T1598 - Phishing for Information
  • T1587.001 - Malware
  • T1518.001 - Security Software Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.003 - Mail Protocols
  • T1583 - Acquire Infrastructure
  • T1113 - Screen Capture
  • T1218.005 - Mshta
  • T1007 - System Service Discovery
  • T1585 - Establish Accounts
  • T1585.002 - Email Accounts
  • T1657 - Financial Theft
  • T1016 - System Network Configuration Discovery
  • T1219.002 - Remote Desktop Software
  • T1111 - Multi-Factor Authentication Interception
  • T1560.001 - Archive via Utility
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1588.003 - Code Signing Certificates
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1055 - Process Injection
  • T1587 - Develop Capabilities
  • T1566 - Phishing
  • T1555.003 - Credentials from Web Browsers
  • T1656 - Impersonation
  • T1562.004 - Disable or Modify System Firewall
  • T1586.002 - Email Accounts
  • T1553.002 - Code Signing
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1534 - Internal Spearphishing
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

APT28

Score: 0.62
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1102.002 - Bidirectional Communication
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1542.003 - Bootkit
  • T1584.008 - Network Devices
  • T1036 - Masquerading
  • T1550.002 - Pass the Hash
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1598 - Phishing for Information
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.003 - Mail Protocols
  • T1557.004 - Evil Twin
  • T1203 - Exploitation for Client Execution
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1003 - OS Credential Dumping
  • T1078 - Valid Accounts
  • T1560.001 - Archive via Utility
  • T1211 - Exploitation for Defense Evasion
  • T1598.003 - Spearphishing Link
  • T1498 - Network Denial of Service
  • T1583.003 - Virtual Private Server
  • T1589.001 - Credentials
  • T1137.002 - Office Test
  • T1559.002 - Dynamic Data Exchange
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1210 - Exploitation of Remote Services
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1654 - Log Enumeration
  • T1001.003 - Protocol or Service Impersonation
  • T1583.006 - Web Services
  • T1052.001 - Exfiltration over USB
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
  • T1018 - Remote System Discovery
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070 - Indicator Removal
  • T1095 - Non-Application Layer Protocol
  • T1518 - Software Discovery
  • T1203 - Exploitation for Client Execution
  • T1218.005 - Mshta
  • T1219.002 - Remote Desktop Software
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1003 - OS Credential Dumping
  • T1102 - Web Service
  • T1678 - Delay Execution
  • T1560.001 - Archive via Utility
  • T1049 - System Network Connections Discovery
  • T1588.003 - Code Signing Certificates
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1046 - Network Service Discovery
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1553.002 - Code Signing
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608 - Stage Capabilities
  • T1588.004 - Digital Certificates
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1176.002 - IDE Extensions
MITREへのリンク →

Scattered Spider

Score: 0.61
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1484.002 - Trust Modification
  • T1213.003 - Code Repositories
  • T1556.006 - Multi-Factor Authentication
  • T1621 - Multi-Factor Authentication Request Generation
  • T1552.004 - Private Keys
  • T1105 - Ingress Tool Transfer
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1090 - Proxy
  • T1018 - Remote System Discovery
  • T1588.001 - Malware
  • T1021.001 - Remote Desktop Protocol
  • T1204 - User Execution
  • T1556.009 - Conditional Access Policies
  • T1070.008 - Clear Mailbox Data
  • T1219.002 - Remote Desktop Software
  • T1657 - Financial Theft
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1562.001 - Disable or Modify Tools
  • T1538 - Cloud Service Dashboard
  • T1598.004 - Spearphishing Voice
  • T1598.003 - Spearphishing Link
  • T1656 - Impersonation
  • T1136 - Create Account
  • T1553.002 - Code Signing
  • T1578.002 - Create Cloud Instance
  • T1589 - Gather Victim Identity Information
  • T1588.002 - Tool
MITREへのリンク →

Lazarus Group

Score: 0.56
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1102.002 - Bidirectional Communication
  • T1001.003 - Protocol or Service Impersonation
  • T1542.003 - Bootkit
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1587.001 - Malware
  • T1547.009 - Shortcut Modification
  • T1021.001 - Remote Desktop Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.009 - Embedded Payloads
  • T1218 - System Binary Proxy Execution
  • T1070 - Indicator Removal
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
  • T1218.005 - Mshta
  • T1491.001 - Internal Defacement
  • T1585.002 - Email Accounts
  • T1027.013 - Encrypted/Encoded File
  • T1016 - System Network Configuration Discovery
  • T1036.003 - Rename Legitimate Utilities
  • T1078 - Valid Accounts
  • T1049 - System Network Connections Discovery
  • T1010 - Application Window Discovery
  • T1562.001 - Disable or Modify Tools
  • T1566.002 - Spearphishing Link
  • T1046 - Network Service Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1553.002 - Code Signing
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1090.001 - Internal Proxy
  • T1588.004 - Digital Certificates
  • T1588.002 - Tool
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1083 - File and Directory Discovery
  • T1102.002 - Bidirectional Communication
  • T1040 - Network Sniffing
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1090 - Proxy
  • T1587.001 - Malware
  • T1592.002 - Software
  • T1140 - Deobfuscate/Decode Files or Information
  • T1491.002 - External Defacement
  • T1219 - Remote Access Tools
  • T1583 - Acquire Infrastructure
  • T1586.001 - Social Media Accounts
  • T1203 - Exploitation for Client Execution
  • T1585.002 - Email Accounts
  • T1195 - Supply Chain Compromise
  • T1591.002 - Business Relationships
  • T1078 - Valid Accounts
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1499 - Endpoint Denial of Service
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る