Trusted Design

Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT

概要

A remote access trojan (RAT) has been discovered in multiple Packagist packages published by the threat actor nhattuanbl. The malicious packages, disguised as Laravel utilities, install an encrypted PHP RAT via Composer dependencies. The payload connects to a C2 server, sends system reconnaissance data, and awaits commands, granting full remote access to the host. The RAT uses obfuscation techniques to resist analysis and employs a self-launch mechanism. It communicates with the C2 server using encrypted JSON messages and supports various commands for system control and data exfiltration. The attack vector leverages dependency chains, with clean-looking packages pulling in malicious ones. Affected systems should be treated as compromised, with recommendations provided for mitigation and prevention.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 67.37
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 30.55
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 31.43
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 14.30
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 14.41
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
MITREへのリンク →

Contagious Interview

Score: 35.51
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1601.001 - Patch System Image
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 61.89
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 16.29
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Winnti Group

Score: 5.36
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1219.001 - IDE Tunneling
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 63.93
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1552.004 - Private Keys
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

Rocke

Score: 32.47
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1497.001 - System Checks
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1552.004 - Private Keys
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 35.66
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1071.003 - Mail Protocols
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1519 - Emond
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 49.63
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1588.003 - Code Signing Certificates
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 39.44
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1546.002 - Screensaver
MITREへのリンク →

Daggerfly

Score: 12.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GALLIUM

Score: 19.17
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 35.67
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN13

Score: 30.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 31.61
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 19.68
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT5

Score: 17.56
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

menuPass

Score: 18.12
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 30.09
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 17.77
Matched TTPs:
  • T1584.008 - Network Devices
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 28.50
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 26.32
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RedCurl

Score: 19.06
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1591.003 - Identify Business Tempo
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1059.011 - Lua
MITREへのリンク →

APT1

Score: 8.06
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Chimera

Score: 17.24
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 49.81
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 14.87
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moonstone Sleet

Score: 26.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1057 - Process Discovery
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 64.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1205 - Traffic Signaling
  • T1050 - New Service
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

OilRig

Score: 34.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

LuminousMoth

Score: 15.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 13.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1497.001 - System Checks
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 15.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 9.98
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Moses Staff

Score: 10.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 41.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 48.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN7

Score: 43.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1205 - Traffic Signaling
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 15.94
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 49.97
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 25.97
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Cinnamon Tempest

Score: 16.13
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 44.04
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 12.52
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN6

Score: 16.70
Matched TTPs:
  • T1063 - Security Software Discovery
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1601.001 - Patch System Image
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sidewinder

Score: 19.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silent Librarian

Score: 8.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 15.01
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1590.006 - Network Security Appliances
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 31.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 11.04
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 17.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 31.21
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Velvet Ant

Score: 19.73
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1583.005 - Botnet
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

RTM

Score: 6.79
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Tonto Team

Score: 10.61
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Whitefly

Score: 5.46
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 13.32
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1552.004 - Private Keys
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 13.04
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-1811

Score: 15.01
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 19.51
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 26.12
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

APT3

Score: 17.15
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 5.55
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 14.66
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Naikon

Score: 3.20
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
MITREへのリンク →

BackdoorDiplomacy

Score: 11.34
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 9.25
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

HAFNIUM

Score: 18.87
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1039 - Data from Network Shared Drive
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 9.67
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 59.67
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

APT39

Score: 22.90
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

WIRTE

Score: 3.19
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 8.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 32.95
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 15.68
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 28.14
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 31.35
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1555.003 - Credentials from Web Browsers
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 4.09
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
MITREへのリンク →

TA2541

Score: 14.71
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 4.52
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 14.12
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 10.81
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 10.35
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

EXOTIC LILY

Score: 8.51
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 16.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 29.73
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Fox Kitten

Score: 16.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ToddyCat

Score: 7.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 11.18
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Akira

Score: 16.76
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Windshift

Score: 12.28
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 10.20
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PLATINUM

Score: 9.28
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 11.03
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Silence

Score: 13.56
Matched TTPs:
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 12.47
Matched TTPs:
  • T1684 - Social Engineering
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 17.83
Matched TTPs:
  • T1684 - Social Engineering
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

LAPSUS$

Score: 29.76
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1601 - Modify System Image
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Lotus Blossom

Score: 6.55
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 7.01
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 13.37
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 11.25
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 11.08
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Confucius

Score: 5.91
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT18

Score: 3.50
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leafminer

Score: 5.78
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN8

Score: 11.87
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT-C-36

Score: 3.91
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Transparent Tribe

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 6.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1003.003 - NTDS
  • T1199 - Trusted Relationship
  • T1057 - Process Discovery
  • T1033 - System Owner/User Discovery
  • T1008 - Fallback Channels
  • T1684 - Social Engineering
  • T1566.002 - Spearphishing Link
  • T1030 - Data Transfer Size Limits
  • T1606.002 - SAML Tokens
  • T1205 - Traffic Signaling
  • T1583.005 - Botnet
  • T1218.012 - Verclsid
  • T1555.003 - Credentials from Web Browsers
  • T1213.006 - Databases
  • T1059.011 - Lua
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1552.003 - Shell History
  • T1547.013 - XDG Autostart Entries
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1601.001 - Patch System Image
  • T1219.001 - IDE Tunneling
  • T1547.002 - Authentication Package
  • T1059.010 - AutoHotKey & AutoIT
  • T1537 - Transfer Data to Cloud Account
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
MITREへのリンク →

Lazarus Group

Score: 0.67
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1057 - Process Discovery
  • T1547.008 - LSASS Driver
  • T1547.011 - Plist Modification
  • T1606.002 - SAML Tokens
  • T1205 - Traffic Signaling
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1590.006 - Network Security Appliances
  • T1050 - New Service
  • T1059.012 - Hypervisor CLI
  • T1567.002 - Exfiltration to Cloud Storage
  • T1547.013 - XDG Autostart Entries
  • T1070.008 - Clear Mailbox Data
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1547.002 - Authentication Package
  • T1089 - Disabling Security Tools
  • T1070.006 - Timestomp
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.005 - Thread Local Storage
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
  • T1597 - Search Closed Sources
MITREへのリンク →

APT41

Score: 0.66
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1177 - LSASS Driver
  • T1008 - Fallback Channels
  • T1684 - Social Engineering
  • T1574.002 - DLL Side-Loading
  • T1584.008 - Network Devices
  • T1030 - Data Transfer Size Limits
  • T1048 - Exfiltration Over Alternative Protocol
  • T1573 - Encrypted Channel
  • T1552.004 - Private Keys
  • T1002 - Data Compressed
  • T1059.011 - Lua
  • T1157 - Dylib Hijacking
  • T1590.006 - Network Security Appliances
  • T1037.001 - Logon Script (Windows)
  • T1547.013 - XDG Autostart Entries
  • T1499.001 - OS Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1045 - Software Packing
  • T1089 - Disabling Security Tools
  • T1564.003 - Hidden Window
  • T1537 - Transfer Data to Cloud Account
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1546.016 - Installer Packages
  • T1583.005 - Botnet
  • T1555.003 - Credentials from Web Browsers
  • T1059.011 - Lua
  • T1091 - Replication Through Removable Media
  • T1157 - Dylib Hijacking
  • T1005 - Data from Local System
  • T1075 - Pass the Hash
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1547.013 - XDG Autostart Entries
  • T1140 - Deobfuscate/Decode Files or Information
  • T1601.001 - Patch System Image
  • T1219.001 - IDE Tunneling
  • T1045 - Software Packing
  • T1063 - Security Software Discovery
  • T1547.002 - Authentication Package
  • T1059.010 - AutoHotKey & AutoIT
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1057 - Process Discovery
  • T1574.002 - DLL Side-Loading
  • T1159 - Launch Agent
  • T1546.016 - Installer Packages
  • T1176 - Software Extensions
  • T1569.002 - Service Execution
  • T1555.003 - Credentials from Web Browsers
  • T1547.005 - Security Support Provider
  • T1488 - Disk Content Wipe
  • T1157 - Dylib Hijacking
  • T1590.006 - Network Security Appliances
  • T1049 - System Network Connections Discovery
  • T1039 - Data from Network Shared Drive
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1556.002 - Password Filter DLL
  • T1070.008 - Clear Mailbox Data
  • T1219.001 - IDE Tunneling
  • T1045 - Software Packing
  • T1070.006 - Timestomp
  • T1059.010 - AutoHotKey & AutoIT
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る