Trusted Design

Fake Tech Support Delivers Havoc Command & Control

概要

A sophisticated cyber attack campaign combines social engineering and advanced malware techniques. Attackers pose as IT support to gain initial access, then deploy a modified version of the Havoc C2 framework. The malware uses DLL sideloading, indirect syscalls, and custom loaders to evade detection. After compromising the initial system, the attackers rapidly move laterally, establishing persistence through scheduled tasks and legitimate remote monitoring tools. The campaign demonstrates a blend of human-centric initial access methods and advanced technical evasion techniques, highlighting the need for comprehensive security measures spanning user awareness and technical controls.

Created: 2026-03-05

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 69.61
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1003 - OS Credential Dumping
  • T1129 - Shared Modules
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 85.06
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1027.016 - Junk Code Insertion
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 18.31
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 79.55
Matched TTPs:
  • T1218.011 - Rundll32
  • T1016.001 - Internet Connection Discovery
  • T1497.001 - System Checks
  • T1559.001 - Component Object Model
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1568 - Dynamic Resolution
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN7

Score: 65.93
Matched TTPs:
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 20.50
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

UNC3886

Score: 41.63
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1673 - Virtual Machine Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Carbanak

Score: 11.54
Matched TTPs:
  • T1218.011 - Rundll32
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT3

Score: 25.53
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 50.88
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1016.001 - Internet Connection Discovery
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

TA551

Score: 14.11
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Blue Mockingbird

Score: 15.96
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

Wizard Spider

Score: 41.06
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1074 - Data Staged
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT32

Score: 58.51
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1027.016 - Junk Code Insertion
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1550.002 - Pass the Hash
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Lazarus Group

Score: 59.12
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 24.65
Matched TTPs:
  • T1218.011 - Rundll32
  • T1027.013 - Encrypted/Encoded File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

CopyKittens

Score: 5.93
Matched TTPs:
  • T1218.011 - Rundll32
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

APT41

Score: 60.56
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1213.003 - Code Repositories
  • T1550.002 - Pass the Hash
  • T1596.005 - Scan Databases
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sandworm Team

Score: 63.37
Matched TTPs:
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1204.001 - Malicious Link
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT28

Score: 55.74
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1550.002 - Pass the Hash
  • T1137.002 - Office Test
  • T1204.001 - Malicious Link
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

HAFNIUM

Score: 24.51
Matched TTPs:
  • T1218.011 - Rundll32
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

APT38

Score: 43.04
Matched TTPs:
  • T1218.011 - Rundll32
  • T1218.007 - Msiexec
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Daggerfly

Score: 13.02
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

RedCurl

Score: 24.37
Matched TTPs:
  • T1218.011 - Rundll32
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 18.40
Matched TTPs:
  • T1218.011 - Rundll32
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Aquatic Panda

Score: 19.43
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1550.002 - Pass the Hash
MITREへのリンク →

Storm-0501

Score: 24.13
Matched TTPs:
  • T1218.011 - Rundll32
  • T1003 - OS Credential Dumping
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1059.001 - PowerShell
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
  • T1518.001 - Security Software Discovery
  • T1219.002 - Remote Desktop Software
  • T1490 - Inhibit System Recovery
MITREへのリンク →

MuddyWater

Score: 58.83
Matched TTPs:
  • T1218.011 - Rundll32
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Ember Bear

Score: 35.58
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1550.002 - Pass the Hash
  • T1588.005 - Exploits
MITREへのリンク →

APT39

Score: 34.92
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1546.010 - AppInit DLLs
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Poseidon Group

Score: 5.92
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Tonto Team

Score: 15.97
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1078 - Valid Accounts
MITREへのリンク →

BlackByte

Score: 47.23
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1491.001 - Internal Defacement
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1055.012 - Process Hollowing
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sowbug

Score: 6.93
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Axiom

Score: 20.94
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1583.002 - DNS Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Leviathan

Score: 37.45
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Contagious Interview

Score: 44.60
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
MITREへのリンク →

Inception

Score: 21.29
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 6.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 6.21
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 22.50
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497 - Virtualization/Sandbox Evasion
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 13.93
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.004 - Drive-by Target
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

APT18

Score: 4.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Sidewinder

Score: 26.08
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Saint Bear

Score: 19.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 13.07
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 14.91
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Higaisa

Score: 12.19
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1090.001 - Internal Proxy
MITREへのリンク →

Fox Kitten

Score: 27.93
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Threat Group-3390

Score: 38.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1055.012 - Process Hollowing
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 27.67
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1016.001 - Internet Connection Discovery
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1518.001 - Security Software Discovery
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Malteiro

Score: 8.52
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1518.001 - Security Software Discovery
  • T1059.005 - Visual Basic
MITREへのリンク →

Storm-1811

Score: 14.00
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Tropic Trooper

Score: 22.22
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Whitefly

Score: 8.61
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1574.001 - DLL
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

menuPass

Score: 30.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1055.012 - Process Hollowing
MITREへのリンク →

Moses Staff

Score: 11.58
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 38.62
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1610 - Deploy Container
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 49.03
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 18.18
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1569.002 - Service Execution
MITREへのリンク →

Winnti Group

Score: 4.58
Matched TTPs:
  • T1014 - Rootkit
  • T1083 - File and Directory Discovery
MITREへのリンク →

Rocke

Score: 24.08
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Turla

Score: 58.60
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

HEXANE

Score: 29.39
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
MITREへのリンク →

APT29

Score: 50.64
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1027.006 - HTML Smuggling
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Lotus Blossom

Score: 11.12
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 29.10
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
  • T1550.002 - Pass the Hash
  • T1090.001 - Internal Proxy
MITREへのリンク →

Volt Typhoon

Score: 60.60
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1074 - Data Staged
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN8

Score: 24.27
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 12.67
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

GALLIUM

Score: 21.33
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1550.002 - Pass the Hash
MITREへのリンク →

Dragonfly

Score: 37.58
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Ke3chang

Score: 27.61
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1569.002 - Service Execution
MITREへのリンク →

Agrius

Score: 12.83
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT5

Score: 14.23
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Indrik Spider

Score: 15.64
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
MITREへのリンク →

LuminousMoth

Score: 19.47
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 14.97
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Aoqin Dragon

Score: 7.92
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Scattered Spider

Score: 51.62
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1074 - Data Staged
  • T1204 - User Execution
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1213.003 - Code Repositories
  • T1219.002 - Remote Desktop Software
  • T1538 - Cloud Service Dashboard
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Evilnum

Score: 9.46
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 8.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

ZIRCONIUM

Score: 25.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 10.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 14.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Patchwork

Score: 28.69
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Medusa Group

Score: 43.04
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Chimera

Score: 24.68
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1550.002 - Pass the Hash
  • T1569.002 - Service Execution
MITREへのリンク →

Cinnamon Tempest

Score: 10.19
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Velvet Ant

Score: 19.09
Matched TTPs:
  • T1574.001 - DLL
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

RTM

Score: 9.71
Matched TTPs:
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Earth Lusca

Score: 39.96
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

BRONZE BUTLER

Score: 30.96
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

BlackTech

Score: 6.91
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 17.19
Matched TTPs:
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
MITREへのリンク →

Naikon

Score: 5.10
Matched TTPs:
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 8.11
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

admin@338

Score: 6.79
Matched TTPs:
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 9.04
Matched TTPs:
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1550.002 - Pass the Hash
MITREへのリンク →

Molerats

Score: 10.47
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Rancor

Score: 4.69
Matched TTPs:
  • T1218.007 - Msiexec
  • T1059.005 - Visual Basic
MITREへのリンク →

Machete

Score: 7.81
Matched TTPs:
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

LAPSUS$

Score: 30.07
Matched TTPs:
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1531 - Account Access Removal
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
MITREへのリンク →

ToddyCat

Score: 9.26
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Windigo

Score: 11.94
Matched TTPs:
  • T1005 - Data from Local System
  • T1090 - Proxy
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

Andariel

Score: 11.58
Matched TTPs:
  • T1005 - Data from Local System
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN6

Score: 19.59
Matched TTPs:
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1059 - Command and Scripting Interpreter
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

APT37

Score: 24.30
Matched TTPs:
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1059 - Command and Scripting Interpreter
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Stealth Falcon

Score: 8.11
Matched TTPs:
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1059 - Command and Scripting Interpreter
  • T1059.001 - PowerShell
MITREへのリンク →

WIRTE

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.005 - Visual Basic
MITREへのリンク →

Gorgon Group

Score: 11.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055.012 - Process Hollowing
  • T1059.005 - Visual Basic
MITREへのリンク →

Winter Vivern

Score: 16.41
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1059 - Command and Scripting Interpreter
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 11.19
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

APT42

Score: 18.93
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1059.005 - Visual Basic
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.73
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 16.49
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1074 - Data Staged
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 17.63
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1531 - Account Access Removal
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

DarkVishnya

Score: 4.24
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Cobalt Group

Score: 23.69
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 13.65
Matched TTPs:
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

PLATINUM

Score: 8.51
Matched TTPs:
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
MITREへのリンク →

MoustachedBouncer

Score: 9.77
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Silence

Score: 15.77
Matched TTPs:
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027.010 - Command Obfuscation
  • T1059.005 - Visual Basic
  • T1569.002 - Service Execution
MITREへのリンク →

Leafminer

Score: 7.83
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Deep Panda

Score: 8.60
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN5

Score: 7.36
Matched TTPs:
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1542.002 - Component Firmware
MITREへのリンク →

Confucius

Score: 10.71
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

RedEcho

Score: 3.29
Matched TTPs:
  • T1568 - Dynamic Resolution
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Thrip

Score: 4.58
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN10

Score: 3.07
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Gallmaker

Score: 3.09
Matched TTPs:
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

TA459

Score: 3.70
Matched TTPs:
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

FIN4

Score: 8.32
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

APT-C-36

Score: 4.54
Matched TTPs:
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1059.005 - Visual Basic
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
  • T1534 - Internal Spearphishing
  • T1555.003 - Credentials from Web Browsers
  • T1557 - Adversary-in-the-Middle
  • T1027 - Obfuscated Files or Information
  • T1016 - System Network Configuration Discovery
  • T1055 - Process Injection
  • T1102.002 - Bidirectional Communication
  • T1055.012 - Process Hollowing
  • T1518.001 - Security Software Discovery
  • T1583.006 - Web Services
  • T1620 - Reflective Code Loading
  • T1027.016 - Junk Code Insertion
  • T1059.005 - Visual Basic
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1598.003 - Spearphishing Link
  • T1587.001 - Malware
  • T1550.002 - Pass the Hash
  • T1218.010 - Regsvr32
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1588.005 - Exploits
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1505.003 - Web Shell
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1218.011 - Rundll32
  • T1112 - Modify Registry
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
  • T1593.001 - Social Media
  • T1102.001 - Dead Drop Resolver
  • T1562.004 - Disable or Modify System Firewall
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Gamaredon Group

Score: 0.65
Matched TTPs:
  • T1491.001 - Internal Defacement
  • T1218.005 - Mshta
  • T1027.010 - Command Obfuscation
  • T1534 - Internal Spearphishing
  • T1001 - Data Obfuscation
  • T1016.001 - Internet Connection Discovery
  • T1102 - Web Service
  • T1027 - Obfuscated Files or Information
  • T1055 - Process Injection
  • T1102.002 - Bidirectional Communication
  • T1518.001 - Security Software Discovery
  • T1583.006 - Web Services
  • T1620 - Reflective Code Loading
  • T1027.016 - Junk Code Insertion
  • T1059.005 - Visual Basic
  • T1027.004 - Compile After Delivery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1102.003 - One-Way Communication
  • T1090 - Proxy
  • T1559.001 - Component Object Model
  • T1005 - Data from Local System
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1218.011 - Rundll32
  • T1112 - Modify Registry
  • T1568 - Dynamic Resolution
  • T1204.001 - Malicious Link
  • T1039 - Data from Network Shared Drive
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Mustang Panda

Score: 0.57
Matched TTPs:
  • T1059 - Command and Scripting Interpreter
  • T1518 - Software Discovery
  • T1218.005 - Mshta
  • T1219.001 - IDE Tunneling
  • T1102 - Web Service
  • T1557 - Adversary-in-the-Middle
  • T1027 - Obfuscated Files or Information
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1027.016 - Junk Code Insertion
  • T1003 - OS Credential Dumping
  • T1059.005 - Visual Basic
  • T1059.001 - PowerShell
  • T1129 - Shared Modules
  • T1598.003 - Spearphishing Link
  • T1587.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1588.002 - Tool
  • T1505.003 - Web Shell
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1678 - Delay Execution
  • T1219.002 - Remote Desktop Software
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1176.002 - IDE Extensions
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る