Trusted Design

Malicious Packagist Packages Disguised as Laravel Utilities Deploy Encrypted RAT

概要

A remote access trojan (RAT) has been discovered in multiple Packagist packages published by the threat actor nhattuanbl. The malicious packages, disguised as Laravel utilities, install an encrypted PHP RAT via Composer dependencies. The payload connects to a C2 server, sends system reconnaissance data, and awaits commands, granting full remote access to the host. The RAT uses obfuscation techniques to resist analysis and employs a self-launch mechanism. It communicates with the C2 server using encrypted JSON messages and supports various commands for system control and data exfiltration. The attack vector leverages dependency chains, with clean-looking packages pulling in malicious ones. Affected systems should be treated as compromised, with recommendations provided for mitigation and prevention.

Created: 2026-03-04

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 67.37
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1656 - Impersonation
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 30.55
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1213.006 - Databases
  • T1070.002 - Clear Linux or Mac System Logs
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 31.43
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 14.30
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 14.41
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Contagious Interview

Score: 35.51
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1204.005 - Malicious Library
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1656 - Impersonation
  • T1027.010 - Command Obfuscation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 61.89
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 16.29
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Winnti Group

Score: 5.36
Matched TTPs:
  • T1014 - Rootkit
  • T1083 - File and Directory Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 63.93
Matched TTPs:
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1574.006 - Dynamic Linker Hijacking
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1480.001 - Environmental Keying
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Rocke

Score: 32.47
Matched TTPs:
  • T1014 - Rootkit
  • T1070.002 - Clear Linux or Mac System Logs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1574.006 - Dynamic Linker Hijacking
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TeamTNT

Score: 35.66
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1610 - Deploy Container
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 49.63
Matched TTPs:
  • T1014 - Rootkit
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1105 - Ingress Tool Transfer
  • T1137.002 - Office Test
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

UNC3886

Score: 39.44
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1554 - Compromise Host Software Binary
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 12.63
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 19.17
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 35.67
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1649 - Steal or Forge Authentication Certificates
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 30.72
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Dragonfly

Score: 31.61
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 19.68
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT5

Score: 17.56
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

menuPass

Score: 18.12
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 30.09
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 17.77
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Axiom

Score: 28.50
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 26.32
Matched TTPs:
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1016 - System Network Configuration Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RedCurl

Score: 19.06
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1080 - Taint Shared Content
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT1

Score: 8.06
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Chimera

Score: 17.24
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 49.81
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 14.87
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moonstone Sleet

Score: 26.23
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1591 - Gather Victim Org Information
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Lazarus Group

Score: 64.49
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1620 - Reflective Code Loading
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

OilRig

Score: 34.38
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LuminousMoth

Score: 15.03
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 13.41
Matched TTPs:
  • T1587.001 - Malware
  • T1070.002 - Clear Linux or Mac System Logs
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 15.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 9.98
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Moses Staff

Score: 10.77
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 41.27
Matched TTPs:
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

Mustang Panda

Score: 48.97
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN7

Score: 43.79
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 15.94
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 49.97
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 25.97
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Cinnamon Tempest

Score: 16.13
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 44.04
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 12.52
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
  • T1027.002 - Software Packing
MITREへのリンク →

FIN6

Score: 16.70
Matched TTPs:
  • T1213.006 - Databases
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1027.010 - Command Obfuscation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 19.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silent Librarian

Score: 8.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 15.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1016 - System Network Configuration Discovery
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 31.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 11.04
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 17.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 31.21
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Velvet Ant

Score: 19.73
Matched TTPs:
  • T1574.001 - DLL
  • T1040 - Network Sniffing
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

RTM

Score: 6.79
Matched TTPs:
  • T1574.001 - DLL
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Tonto Team

Score: 10.61
Matched TTPs:
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Whitefly

Score: 5.46
Matched TTPs:
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aquatic Panda

Score: 13.32
Matched TTPs:
  • T1574.001 - DLL
  • T1574.006 - Dynamic Linker Hijacking
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Higaisa

Score: 13.04
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1090.001 - Internal Proxy
MITREへのリンク →

Storm-1811

Score: 15.01
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1656 - Impersonation
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 19.51
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Earth Lusca

Score: 26.12
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

APT3

Score: 17.15
Matched TTPs:
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 5.55
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

SideCopy

Score: 14.66
Matched TTPs:
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Naikon

Score: 3.20
Matched TTPs:
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 11.34
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 9.25
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

HAFNIUM

Score: 18.87
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1068 - Exploitation for Privilege Escalation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 9.67
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 59.67
Matched TTPs:
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT39

Score: 22.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

WIRTE

Score: 3.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 8.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 32.95
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 15.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 28.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leviathan

Score: 31.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Malteiro

Score: 4.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
MITREへのリンク →

TA2541

Score: 14.71
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 4.52
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 14.12
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 10.81
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 10.35
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1027.002 - Software Packing
MITREへのリンク →

EXOTIC LILY

Score: 8.51
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 16.50
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1656 - Impersonation
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Medusa Group

Score: 29.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Fox Kitten

Score: 16.75
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ToddyCat

Score: 7.63
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 11.18
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Akira

Score: 16.76
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Windshift

Score: 12.28
Matched TTPs:
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA551

Score: 10.20
Matched TTPs:
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PLATINUM

Score: 9.28
Matched TTPs:
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MoustachedBouncer

Score: 11.03
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1027.002 - Software Packing
MITREへのリンク →

Silence

Score: 13.56
Matched TTPs:
  • T1055 - Process Injection
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 12.47
Matched TTPs:
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 17.83
Matched TTPs:
  • T1055 - Process Injection
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

LAPSUS$

Score: 29.76
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1531 - Account Access Removal
  • T1656 - Impersonation
  • T1213.003 - Code Repositories
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

admin@338

Score: 4.26
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Lotus Blossom

Score: 6.55
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 7.01
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 13.37
Matched TTPs:
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 11.25
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 11.08
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Confucius

Score: 5.91
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT18

Score: 3.50
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 5.78
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN8

Score: 11.87
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
MITREへのリンク →

APT-C-36

Score: 3.91
Matched TTPs:
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Transparent Tribe

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 6.09
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1480.001 - Environmental Keying
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1027.002 - Software Packing
  • T1505.003 - Web Shell
  • T1588.005 - Exploits
  • T1176.001 - Browser Extensions
  • T1055 - Process Injection
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1583 - Acquire Infrastructure
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1190 - Exploit Public-Facing Application
  • T1598.003 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1620 - Reflective Code Loading
  • T1587.001 - Malware
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1656 - Impersonation
  • T1102.001 - Dead Drop Resolver
  • T1562.001 - Disable or Modify Tools
  • T1016 - System Network Configuration Discovery
  • T1040 - Network Sniffing
MITREへのリンク →

Lazarus Group

Score: 0.67
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1620 - Reflective Code Loading
  • T1090.002 - External Proxy
  • T1587.001 - Malware
  • T1529 - System Shutdown/Reboot
  • T1105 - Ingress Tool Transfer
  • T1591 - Gather Victim Org Information
  • T1584.004 - Server
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1001.003 - Protocol or Service Impersonation
  • T1562.001 - Disable or Modify Tools
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
  • T1218 - System Binary Proxy Execution
  • T1090.001 - Internal Proxy
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

APT41

Score: 0.66
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1027.002 - Software Packing
  • T1213.003 - Code Repositories
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1190 - Exploit Public-Facing Application
  • T1486 - Data Encrypted for Impact
  • T1014 - Rootkit
  • T1027 - Obfuscated Files or Information
  • T1480.001 - Environmental Keying
  • T1596.005 - Scan Databases
  • T1105 - Ingress Tool Transfer
  • T1195.002 - Compromise Software Supply Chain
  • T1218.001 - Compiled HTML File
  • T1656 - Impersonation
  • T1102.001 - Dead Drop Resolver
  • T1574.006 - Dynamic Linker Hijacking
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1505.003 - Web Shell
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
  • T1584.005 - Botnet
  • T1592.002 - Software
  • T1195 - Supply Chain Compromise
  • T1588.002 - Tool
  • T1499 - Endpoint Denial of Service
  • T1078 - Valid Accounts
  • T1583 - Acquire Infrastructure
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1598.003 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1027 - Obfuscated Files or Information
  • T1587.001 - Malware
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1195.002 - Compromise Software Supply Chain
  • T1584.004 - Server
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090 - Proxy
  • T1213.006 - Databases
  • T1040 - Network Sniffing
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1027.002 - Software Packing
  • T1505.003 - Web Shell
  • T1584.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1587.004 - Exploits
  • T1588.002 - Tool
  • T1518 - Software Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1596.005 - Scan Databases
  • T1105 - Ingress Tool Transfer
  • T1591 - Gather Victim Org Information
  • T1584.004 - Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1218 - System Binary Proxy Execution
  • T1090.001 - Internal Proxy
  • T1016 - System Network Configuration Discovery
  • T1070.007 - Clear Network Connection History and Configurations
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る