Pulse Detail-

Mustang Panda

Score: 69.61

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1597.002 - Purchase Technical Data
T1003 - OS Credential Dumping
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1555.003 - Credentials from Web Browsers
T1136.001 - Local Account
T1092 - Communication Through Removable Media
T1590.006 - Network Security Appliances
T1055.013 - Process Doppelgänging
T1562.006 - Indicator Blocking
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1169 - Sudo
T1199 - Trusted Relationship
T1059.011 - Lua
T1218.010 - Regsvr32
T1565.002 - Transmitted Data Manipulation
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode

MITREへのリンク →

Kimsuky

Score: 85.06

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1583 - Acquire Infrastructure
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1205 - Traffic Signaling
T1009 - Binary Padding
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1092 - Communication Through Removable Media
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1001 - Data Obfuscation
T1059.011 - Lua
T1027.014 - Polymorphic Code
T1690 - Prevent Command History Logging
T1547.002 - Authentication Package
T1506 - Web Session Cookie
T1565.002 - Transmitted Data Manipulation
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1668 - Exclusive Control
T1027.018 - Invisible Unicode
T1003.003 - NTDS
T1008 - Fallback Channels

MITREへのリンク →

Sea Turtle

Score: 18.31

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1059.013 - Container CLI/API

MITREへのリンク →

Gamaredon Group

Score: 79.55

Matched TTPs:

T1583 - Acquire Infrastructure
T1099 - Timestomp
T1562.009 - Safe Mode Boot
T1547.012 - Print Processors
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1205 - Traffic Signaling
T1059.009 - Cloud API
T1092 - Communication Through Removable Media
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1036.002 - Right-to-Left Override
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1606.001 - Web Cookies
T1497.002 - User Activity Based Checks
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1061 - Graphical User Interface
T1542.004 - ROMMONkit
T1059.011 - Lua
T1547.002 - Authentication Package
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN7

Score: 65.93

Matched TTPs:

T1583 - Acquire Infrastructure
T1606.002 - SAML Tokens
T1115 - Clipboard Data
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1205 - Traffic Signaling
T1009 - Binary Padding
T1011.001 - Exfiltration Over Bluetooth
T1092 - Communication Through Removable Media
T1055.013 - Process Doppelgänging
T1218.012 - Verclsid
T1584.005 - Botnet
T1608.005 - Link Target
T1564.002 - Hidden Users
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1547.002 - Authentication Package
T1065 - Uncommonly Used Port
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT19

Score: 20.50

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1055.013 - Process Doppelgänging
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

UNC3886

Score: 41.63

Matched TTPs:

T1583 - Acquire Infrastructure
T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1021.006 - Windows Remote Management
T1585.002 - Email Accounts
T1090.002 - External Proxy
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1488 - Disk Content Wipe
T1218.010 - Regsvr32
T1546.002 - Screensaver

MITREへのリンク →

Carbanak

Score: 11.54

Matched TTPs:

T1583 - Acquire Infrastructure
T1586.002 - Email Accounts
T1009 - Binary Padding
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

APT3

Score: 25.53

Matched TTPs:

T1583 - Acquire Infrastructure
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1562.012 - Disable or Modify Linux Audit System
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1219.001 - IDE Tunneling
T1059.008 - Network Device CLI
T1497.002 - User Activity Based Checks
T1059.011 - Lua
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Magic Hound

Score: 50.88

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1099 - Timestomp
T1566.002 - Spearphishing Link
T1584.003 - Virtual Private Server
T1070.003 - Clear Command History
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1683 - Generate Content
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

TA551

Score: 14.11

Matched TTPs:

T1583 - Acquire Infrastructure
T1558 - Steal or Forge Kerberos Tickets
T1218.012 - Verclsid
T1027.014 - Polymorphic Code
T1562.011 - Spoof Security Alerting
T1601.001 - Patch System Image

MITREへのリンク →

Blue Mockingbird

Score: 15.96

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1045 - Software Packing
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Wizard Spider

Score: 41.06

Matched TTPs:

T1583 - Acquire Infrastructure
T1584.008 - Network Devices
T1584.003 - Virtual Private Server
T1684 - Social Engineering
T1038 - DLL Search Order Hijacking
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1083 - File and Directory Discovery
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1668 - Exclusive Control
T1027.018 - Invisible Unicode
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link

MITREへのリンク →

APT32

Score: 58.51

Matched TTPs:

T1583 - Acquire Infrastructure
T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1566.002 - Spearphishing Link
T1089 - Disabling Security Tools
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1684 - Social Engineering
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1092 - Communication Through Removable Media
T1590.006 - Network Security Appliances
T1055.013 - Process Doppelgänging
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1668 - Exclusive Control
T1027.018 - Invisible Unicode
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Lazarus Group

Score: 59.12

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1205 - Traffic Signaling
T1009 - Binary Padding
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1059.008 - Network Device CLI
T1608.005 - Link Target
T1606.001 - Web Cookies
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1569.002 - Service Execution
T1216 - System Script Proxy Execution

MITREへのリンク →

TA505

Score: 24.65

Matched TTPs:

T1583 - Acquire Infrastructure
T1491.002 - External Defacement
T1685.002 - Disable or Modify Cloud Log
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

CopyKittens

Score: 5.93

Matched TTPs:

T1583 - Acquire Infrastructure
T1045 - Software Packing
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship

MITREへのリンク →

APT41

Score: 60.56

Matched TTPs:

T1583 - Acquire Infrastructure
T1499.001 - OS Exhaustion Flood
T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1177 - LSASS Driver
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1059.008 - Network Device CLI
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1059.011 - Lua
T1027 - Obfuscated Files or Information
T1218.010 - Regsvr32
T1002 - Data Compressed
T1564.003 - Hidden Window
T1668 - Exclusive Control
T1574.002 - DLL Side-Loading
T1027.007 - Dynamic API Resolution
T1008 - Fallback Channels

MITREへのリンク →

Sandworm Team

Score: 63.37

Matched TTPs:

T1583 - Acquire Infrastructure
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1059.011 - Lua
T1027 - Obfuscated Files or Information
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1075 - Pass the Hash
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode
T1204.001 - Malicious Link

MITREへのリンク →

APT28

Score: 55.74

Matched TTPs:

T1583 - Acquire Infrastructure
T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1499.001 - OS Exhaustion Flood
T1566.002 - Spearphishing Link
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1668 - Exclusive Control
T1588.003 - Code Signing Certificates
T1027.018 - Invisible Unicode
T1566.003 - Spearphishing via Service

MITREへのリンク →

HAFNIUM

Score: 24.51

Matched TTPs:

T1583 - Acquire Infrastructure
T1099 - Timestomp
T1027.008 - Stripped Payloads
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1039 - Data from Network Shared Drive

MITREへのリンク →

APT38

Score: 43.04

Matched TTPs:

T1583 - Acquire Infrastructure
T1685.002 - Disable or Modify Cloud Log
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1684 - Social Engineering
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie
T1493 - Transmitted Data Manipulation
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution

MITREへのリンク →

Daggerfly

Score: 13.02

Matched TTPs:

T1583 - Acquire Infrastructure
T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1497.002 - User Activity Based Checks
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

RedCurl

Score: 24.37

Matched TTPs:

T1583 - Acquire Infrastructure
T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1562.012 - Disable or Modify Linux Audit System
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1574.010 - Services File Permissions Weakness
T1542.004 - ROMMONkit
T1059.011 - Lua
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

LazyScripter

Score: 18.40

Matched TTPs:

T1583 - Acquire Infrastructure
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1612 - Build Image on Host
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

Aquatic Panda

Score: 19.43

Matched TTPs:

T1583 - Acquire Infrastructure
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1059.009 - Cloud API
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1668 - Exclusive Control

MITREへのリンク →

Storm-0501

Score: 24.13

Matched TTPs:

T1583 - Acquire Infrastructure
T1597.002 - Purchase Technical Data
T1685.004 - Disable or Modify Linux Audit System Log
T1140 - Deobfuscate/Decode Files or Information
T1497.002 - User Activity Based Checks
T1027 - Obfuscated Files or Information
T1027.014 - Polymorphic Code
T1506 - Web Session Cookie
T1565.002 - Transmitted Data Manipulation
T1204.001 - Malicious Link

MITREへのリンク →

MuddyWater

Score: 58.83

Matched TTPs:

T1583 - Acquire Infrastructure
T1547.012 - Print Processors
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1518.002 - Backup Software Discovery
T1562.012 - Disable or Modify Linux Audit System
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1059.008 - Network Device CLI
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1027.018 - Invisible Unicode

MITREへのリンク →

Ember Bear

Score: 35.58

Matched TTPs:

T1597.002 - Purchase Technical Data
T1584.008 - Network Devices
T1584.003 - Virtual Private Server
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1519 - Emond
T1668 - Exclusive Control
T1003.003 - NTDS

MITREへのリンク →

APT39

Score: 34.92

Matched TTPs:

T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1055.013 - Process Doppelgänging
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package
T1564.007 - VBA Stomping
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

Poseidon Group

Score: 5.92

Matched TTPs:

T1597.002 - Purchase Technical Data
T1003.007 - Proc Filesystem
T1497.002 - User Activity Based Checks

MITREへのリンク →

Tonto Team

Score: 15.97

Matched TTPs:

T1597.002 - Purchase Technical Data
T1089 - Disabling Security Tools
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32

MITREへのリンク →

Suckfly

Score: 4.02

Matched TTPs:

T1597.002 - Purchase Technical Data
T1157 - Dylib Hijacking

MITREへのリンク →

BlackByte

Score: 47.23

Matched TTPs:

T1597.002 - Purchase Technical Data
T1059.010 - AutoHotKey & AutoIT
T1070.003 - Clear Command History
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1684 - Social Engineering
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1606.001 - Web Cookies
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1001 - Data Obfuscation
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link

MITREへのリンク →

Sowbug

Score: 6.93

Matched TTPs:

T1597.002 - Purchase Technical Data
T1219.001 - IDE Tunneling
T1542.004 - ROMMONkit

MITREへのリンク →

Axiom

Score: 20.94

Matched TTPs:

T1597.002 - Purchase Technical Data
T1499.003 - Application Exhaustion Flood
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1049 - System Network Connections Discovery
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Leviathan

Score: 37.45

Matched TTPs:

T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1497.002 - User Activity Based Checks
T1554 - Compromise Host Software Binary
T1055.014 - VDSO Hijacking
T1157 - Dylib Hijacking
T1027.014 - Polymorphic Code
T1488 - Disk Content Wipe
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Contagious Interview

Score: 44.60

Matched TTPs:

T1044 - File System Permissions Weakness
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1021.006 - Windows Remote Management
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1064 - Scripting
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1690 - Prevent Command History Logging
T1565.002 - Transmitted Data Manipulation
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1221 - Template Injection
T1027.018 - Invisible Unicode

MITREへのリンク →

Inception

Score: 21.29

Matched TTPs:

T1491.002 - External Defacement
T1584.003 - Virtual Private Server
T1562.012 - Disable or Modify Linux Audit System
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1218.012 - Verclsid
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1027.010 - Command Obfuscation
T1159 - Launch Agent

MITREへのリンク →

Dark Caracal

Score: 6.11

Matched TTPs:

T1491.002 - External Defacement
T1584.003 - Virtual Private Server
T1219.001 - IDE Tunneling
T1059.012 - Hypervisor CLI

MITREへのリンク →

Elderwood

Score: 6.21

Matched TTPs:

T1491.002 - External Defacement
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Darkhotel

Score: 22.50

Matched TTPs:

T1491.002 - External Defacement
T1562.009 - Safe Mode Boot
T1059.010 - AutoHotKey & AutoIT
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1064 - Scripting
T1564.002 - Hidden Users
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 13.93

Matched TTPs:

T1491.002 - External Defacement
T1115 - Clipboard Data
T1036.002 - Right-to-Left Override
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

APT18

Score: 4.32

Matched TTPs:

T1491.002 - External Defacement
T1219.001 - IDE Tunneling
T1157 - Dylib Hijacking

MITREへのリンク →

Sidewinder

Score: 26.08

Matched TTPs:

T1491.002 - External Defacement
T1566.002 - Spearphishing Link
T1089 - Disabling Security Tools
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1657 - Financial Theft
T1497.002 - User Activity Based Checks
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1027.018 - Invisible Unicode

MITREへのリンク →

Saint Bear

Score: 19.04

Matched TTPs:

T1491.002 - External Defacement
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1055.013 - Process Doppelgänging
T1064 - Scripting
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

APT33

Score: 13.07

Matched TTPs:

T1491.002 - External Defacement
T1562.012 - Disable or Modify Linux Audit System
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

BITTER

Score: 14.91

Matched TTPs:

T1491.002 - External Defacement
T1091 - Replication Through Removable Media
T1036.002 - Right-to-Left Override
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1683 - Generate Content
T1218.010 - Regsvr32

MITREへのリンク →

Higaisa

Score: 12.19

Matched TTPs:

T1491.002 - External Defacement
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1590.006 - Network Security Appliances
T1218.010 - Regsvr32
T1027.010 - Command Obfuscation
T1569.002 - Service Execution

MITREへのリンク →

Fox Kitten

Score: 27.93

Matched TTPs:

T1491.002 - External Defacement
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1045 - Software Packing
T1055.013 - Process Doppelgänging
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1601.001 - Patch System Image

MITREへのリンク →

Threat Group-3390

Score: 38.94

Matched TTPs:

T1491.002 - External Defacement
T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1115 - Clipboard Data
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1001 - Data Obfuscation
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA2541

Score: 27.67

Matched TTPs:

T1491.002 - External Defacement
T1099 - Timestomp
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1036.002 - Right-to-Left Override
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1001 - Data Obfuscation
T1506 - Web Session Cookie
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

Malteiro

Score: 8.52

Matched TTPs:

T1491.002 - External Defacement
T1059.010 - AutoHotKey & AutoIT
T1562.012 - Disable or Modify Linux Audit System
T1506 - Web Session Cookie
T1027.010 - Command Obfuscation

MITREへのリンク →

Storm-1811

Score: 14.00

Matched TTPs:

T1491.002 - External Defacement
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

Tropic Trooper

Score: 22.22

Matched TTPs:

T1491.002 - External Defacement
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1683 - Generate Content
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1506 - Web Session Cookie
T1159 - Launch Agent

MITREへのリンク →

Whitefly

Score: 8.61

Matched TTPs:

T1491.002 - External Defacement
T1089 - Disabling Security Tools
T1055.013 - Process Doppelgänging
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive

MITREへのリンク →

menuPass

Score: 30.11

Matched TTPs:

T1491.002 - External Defacement
T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1001 - Data Obfuscation

MITREへのリンク →

Moses Staff

Score: 11.58

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship

MITREへのリンク →

TeamTNT

Score: 38.62

Matched TTPs:

T1491.002 - External Defacement
T1499.001 - OS Exhaustion Flood
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1009 - Binary Padding
T1071.003 - Mail Protocols
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1519 - Emond

MITREへのリンク →

Putter Panda

Score: 3.39

Matched TTPs:

T1491.002 - External Defacement
T1597 - Search Closed Sources

MITREへのリンク →

OilRig

Score: 49.03

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1562.009 - Safe Mode Boot
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1009 - Binary Padding
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1055.013 - Process Doppelgänging
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1592.002 - Software
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

Moonstone Sleet

Score: 18.18

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1059.011 - Lua
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Winnti Group

Score: 4.58

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1219.001 - IDE Tunneling

MITREへのリンク →

Rocke

Score: 24.08

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1612 - Build Image on Host
T1597 - Search Closed Sources
T1059.011 - Lua
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1008 - Fallback Channels

MITREへのリンク →

Turla

Score: 58.60

Matched TTPs:

T1014 - Rootkit
T1099 - Timestomp
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1176 - Software Extensions
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1684 - Social Engineering
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1612 - Build Image on Host
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1039 - Data from Network Shared Drive
T1547.002 - Authentication Package
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode
T1569.002 - Service Execution

MITREへのリンク →

HEXANE

Score: 29.39

Matched TTPs:

T1099 - Timestomp
T1499.003 - Application Exhaustion Flood
T1091 - Replication Through Removable Media
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1497.002 - User Activity Based Checks
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1065 - Uncommonly Used Port
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1159 - Launch Agent

MITREへのリンク →

APT29

Score: 50.64

Matched TTPs:

T1099 - Timestomp
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1036.002 - Right-to-Left Override
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1683 - Generate Content
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1223 - Compiled HTML File
T1608.006 - SEO Poisoning
T1027.018 - Invisible Unicode

MITREへのリンク →

Lotus Blossom

Score: 11.12

Matched TTPs:

T1099 - Timestomp
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1569.002 - Service Execution

MITREへのリンク →

FIN13

Score: 29.10

Matched TTPs:

T1099 - Timestomp
T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027.010 - Command Obfuscation
T1668 - Exclusive Control
T1569.002 - Service Execution

MITREへのリンク →

Volt Typhoon

Score: 60.60

Matched TTPs:

T1099 - Timestomp
T1562.009 - Safe Mode Boot
T1003.007 - Proc Filesystem
T1176 - Software Extensions
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1083 - File and Directory Discovery
T1049 - System Network Connections Discovery
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1488 - Disk Content Wipe
T1065 - Uncommonly Used Port
T1546.016 - Installer Packages
T1159 - Launch Agent
T1574.002 - DLL Side-Loading
T1569.002 - Service Execution

MITREへのリンク →

FIN8

Score: 24.27

Matched TTPs:

T1099 - Timestomp
T1059.009 - Cloud API
T1027.017 - SVG Smuggling
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1027.018 - Invisible Unicode

MITREへのリンク →

Mustard Tempest

Score: 12.67

Matched TTPs:

T1682 - Query Public AI Services
T1115 - Clipboard Data
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

GALLIUM

Score: 21.33

Matched TTPs:

T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1590.006 - Network Security Appliances
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1059.011 - Lua
T1668 - Exclusive Control

MITREへのリンク →

Dragonfly

Score: 37.58

Matched TTPs:

T1584.008 - Network Devices
T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1055.013 - Process Doppelgänging
T1219.001 - IDE Tunneling
T1657 - Financial Theft
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages

MITREへのリンク →

Ke3chang

Score: 27.61

Matched TTPs:

T1584.008 - Network Devices
T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1055.013 - Process Doppelgänging
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1059.011 - Lua
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Agrius

Score: 12.83

Matched TTPs:

T1584.008 - Network Devices
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1555.003 - Credentials from Web Browsers
T1597 - Search Closed Sources

MITREへのリンク →

APT5

Score: 14.23

Matched TTPs:

T1584.008 - Network Devices
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1555.003 - Credentials from Web Browsers
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks

MITREへのリンク →

Indrik Spider

Score: 15.64

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1059.009 - Cloud API
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1546.016 - Installer Packages

MITREへのリンク →

LuminousMoth

Score: 19.47

Matched TTPs:

T1606.002 - SAML Tokens
T1089 - Disabling Security Tools
T1115 - Clipboard Data
T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1219.001 - IDE Tunneling
T1584.005 - Botnet
T1199 - Trusted Relationship
T1027.018 - Invisible Unicode

MITREへのリンク →

Salt Typhoon

Score: 11.29

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1608.002 - Upload Tool
T1009 - Binary Padding
T1199 - Trusted Relationship

MITREへのリンク →

Play

Score: 14.97

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1506 - Web Session Cookie
T1601.001 - Patch System Image

MITREへのリンク →

Aoqin Dragon

Score: 7.92

Matched TTPs:

T1606.002 - SAML Tokens
T1558 - Steal or Forge Kerberos Tickets
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Scattered Spider

Score: 51.62

Matched TTPs:

T1685.004 - Disable or Modify Linux Audit System Log
T1566.002 - Spearphishing Link
T1583.001 - Domains
T1019 - System Firmware
T1590.006 - Network Security Appliances
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1083 - File and Directory Discovery
T1619 - Cloud Storage Object Discovery
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1564.003 - Hidden Window
T1565.002 - Transmitted Data Manipulation
T1027.002 - Software Packing
T1204.001 - Malicious Link

MITREへのリンク →

Evilnum

Score: 9.46

Matched TTPs:

T1562.009 - Safe Mode Boot
T1089 - Disabling Security Tools
T1565.002 - Transmitted Data Manipulation
T1027.018 - Invisible Unicode

MITREへのリンク →

Silent Librarian

Score: 8.58

Matched TTPs:

T1566.002 - Spearphishing Link
T1584.005 - Botnet
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

ZIRCONIUM

Score: 25.02

Matched TTPs:

T1566.002 - Spearphishing Link
T1685.002 - Disable or Modify Cloud Log
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1608.005 - Link Target
T1039 - Data from Network Shared Drive
T1547.002 - Authentication Package
T1608.006 - SEO Poisoning
T1027.018 - Invisible Unicode

MITREへのリンク →

Star Blizzard

Score: 10.33

Matched TTPs:

T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1657 - Financial Theft
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

CURIUM

Score: 14.89

Matched TTPs:

T1566.002 - Spearphishing Link
T1115 - Clipboard Data
T1584.003 - Virtual Private Server
T1555.003 - Credentials from Web Browsers
T1497.002 - User Activity Based Checks
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 28.69

Matched TTPs:

T1566.002 - Spearphishing Link
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1001 - Data Obfuscation
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode
T1008 - Fallback Channels

MITREへのリンク →

Medusa Group

Score: 43.04

Matched TTPs:

T1547.012 - Print Processors
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1218.003 - CMSTP
T1009 - Binary Padding
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link
T1216 - System Script Proxy Execution

MITREへのリンク →

Chimera

Score: 24.68

Matched TTPs:

T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1157 - Dylib Hijacking
T1059.003 - Windows Command Shell
T1601.001 - Patch System Image
T1668 - Exclusive Control
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Cinnamon Tempest

Score: 10.19

Matched TTPs:

T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Velvet Ant

Score: 19.09

Matched TTPs:

T1089 - Disabling Security Tools
T1684 - Social Engineering
T1009 - Binary Padding
T1219.001 - IDE Tunneling
T1597 - Search Closed Sources
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

RTM

Score: 9.71

Matched TTPs:

T1089 - Disabling Security Tools
T1565.002 - Transmitted Data Manipulation
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Earth Lusca

Score: 39.96

Matched TTPs:

T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1590.006 - Network Security Appliances
T1045 - Software Packing
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1218.001 - Compiled HTML File
T1059.011 - Lua
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

BRONZE BUTLER

Score: 30.96

Matched TTPs:

T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1542.004 - ROMMONkit
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1008 - Fallback Channels

MITREへのリンク →

BlackTech

Score: 6.91

Matched TTPs:

T1089 - Disabling Security Tools
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

SideCopy

Score: 17.19

Matched TTPs:

T1089 - Disabling Security Tools
T1091 - Replication Through Removable Media
T1590.006 - Network Security Appliances
T1218.012 - Verclsid
T1657 - Financial Theft
T1506 - Web Session Cookie
T1027.010 - Command Obfuscation
T1159 - Launch Agent

MITREへのリンク →

Naikon

Score: 5.10

Matched TTPs:

T1089 - Disabling Security Tools
T1590.006 - Network Security Appliances
T1506 - Web Session Cookie

MITREへのリンク →

BackdoorDiplomacy

Score: 8.11

Matched TTPs:

T1089 - Disabling Security Tools
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1059.011 - Lua

MITREへのリンク →

admin@338

Score: 6.79

Matched TTPs:

T1003.007 - Proc Filesystem
T1590.006 - Network Security Appliances
T1219.001 - IDE Tunneling
T1218.010 - Regsvr32

MITREへのリンク →

APT1

Score: 9.04

Matched TTPs:

T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1590.006 - Network Security Appliances
T1199 - Trusted Relationship
T1668 - Exclusive Control

MITREへのリンク →

Molerats

Score: 10.47

Matched TTPs:

T1685.002 - Disable or Modify Cloud Log
T1059.010 - AutoHotKey & AutoIT
T1562.012 - Disable or Modify Linux Audit System
T1497.002 - User Activity Based Checks
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

Rancor

Score: 4.69

Matched TTPs:

T1685.002 - Disable or Modify Cloud Log
T1027.010 - Command Obfuscation

MITREへのリンク →

Machete

Score: 7.81

Matched TTPs:

T1685.002 - Disable or Modify Cloud Log
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

LAPSUS$

Score: 30.07

Matched TTPs:

T1584.003 - Virtual Private Server
T1562.012 - Disable or Modify Linux Audit System
T1019 - System Firmware
T1045 - Software Packing
T1619 - Cloud Storage Object Discovery
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1601 - Modify System Image
T1065 - Uncommonly Used Port
T1564.003 - Hidden Window

MITREへのリンク →

ToddyCat

Score: 9.26

Matched TTPs:

T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1506 - Web Session Cookie

MITREへのリンク →

Windigo

Score: 11.94

Matched TTPs:

T1584.003 - Virtual Private Server
T1045 - Software Packing
T1055.013 - Process Doppelgänging
T1219.001 - IDE Tunneling
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

Andariel

Score: 11.58

Matched TTPs:

T1584.003 - Virtual Private Server
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN6

Score: 19.59

Matched TTPs:

T1584.003 - Virtual Private Server
T1562.012 - Disable or Modify Linux Audit System
T1055.013 - Process Doppelgänging
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1039 - Data from Network Shared Drive
T1601.001 - Patch System Image
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT37

Score: 24.30

Matched TTPs:

T1584.003 - Virtual Private Server
T1684 - Social Engineering
T1562.012 - Disable or Modify Linux Audit System
T1055.013 - Process Doppelgänging
T1059.011 - Lua
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1216 - System Script Proxy Execution

MITREへのリンク →

Stealth Falcon

Score: 8.11

Matched TTPs:

T1584.003 - Virtual Private Server
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1055.013 - Process Doppelgänging
T1497.002 - User Activity Based Checks

MITREへのリンク →

WIRTE

Score: 7.37

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1027.010 - Command Obfuscation

MITREへのリンク →

Gorgon Group

Score: 11.40

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1059.009 - Cloud API
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1001 - Data Obfuscation
T1027.010 - Command Obfuscation

MITREへのリンク →

Winter Vivern

Score: 16.41

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1055.013 - Process Doppelgänging
T1219.001 - IDE Tunneling
T1497.002 - User Activity Based Checks
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 11.19

Matched TTPs:

T1091 - Replication Through Removable Media
T1612 - Build Image on Host
T1690 - Prevent Command History Logging
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

APT42

Score: 18.93

Matched TTPs:

T1091 - Replication Through Removable Media
T1583.001 - Domains
T1059.009 - Cloud API
T1562.012 - Disable or Modify Linux Audit System
T1590.006 - Network Security Appliances
T1612 - Build Image on Host
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1506 - Web Session Cookie
T1027.010 - Command Obfuscation

MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.73

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1497.002 - User Activity Based Checks
T1601.001 - Patch System Image

MITREへのリンク →

Volatile Cedar

Score: 7.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1002 - Data Compressed

MITREへのリンク →

INC Ransom

Score: 16.49

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1083 - File and Directory Discovery
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1027 - Obfuscated Files or Information
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Akira

Score: 17.63

Matched TTPs:

T1137.005 - Outlook Rules
T1586.002 - Email Accounts
T1497.002 - User Activity Based Checks
T1597 - Search Closed Sources
T1157 - Dylib Hijacking
T1601 - Modify System Image
T1027 - Obfuscated Files or Information

MITREへのリンク →

DarkVishnya

Score: 4.24

Matched TTPs:

T1586.002 - Email Accounts
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship

MITREへのリンク →

Cobalt Group

Score: 23.69

Matched TTPs:

T1586.002 - Email Accounts
T1684 - Social Engineering
T1518.002 - Backup Software Discovery
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

Windshift

Score: 13.65

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1059.011 - Lua
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1027.010 - Command Obfuscation
T1159 - Launch Agent
T1027.018 - Invisible Unicode

MITREへのリンク →

PLATINUM

Score: 8.51

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1684 - Social Engineering
T1039 - Data from Network Shared Drive
T1059.012 - Hypervisor CLI

MITREへのリンク →

MoustachedBouncer

Score: 9.77

Matched TTPs:

T1055.003 - Thread Execution Hijacking
T1045 - Software Packing
T1497.002 - User Activity Based Checks
T1039 - Data from Network Shared Drive

MITREへのリンク →

Silence

Score: 15.77

Matched TTPs:

T1684 - Social Engineering
T1059.009 - Cloud API
T1547.011 - Plist Modification
T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1601.001 - Patch System Image
T1027.010 - Command Obfuscation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Leafminer

Score: 7.83

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1219.001 - IDE Tunneling
T1199 - Trusted Relationship
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

Deep Panda

Score: 8.60

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1497.002 - User Activity Based Checks
T1027.014 - Polymorphic Code

MITREへのリンク →

FIN5

Score: 7.36

Matched TTPs:

T1547.011 - Plist Modification
T1055.013 - Process Doppelgänging
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

POLONIUM

Score: 9.02

Matched TTPs:

T1045 - Software Packing
T1608.005 - Link Target
T1199 - Trusted Relationship
T1157 - Dylib Hijacking
T1547.002 - Authentication Package

MITREへのリンク →

Equation

Score: 4.54

Matched TTPs:

T1589.003 - Employee Names

MITREへのリンク →

Confucius

Score: 10.71

Matched TTPs:

T1219.001 - IDE Tunneling
T1218.012 - Verclsid
T1608.005 - Link Target
T1497.002 - User Activity Based Checks
T1218.010 - Regsvr32
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

RedEcho

Score: 3.29

Matched TTPs:

T1036.002 - Right-to-Left Override

MITREへのリンク →

TA578

Score: 3.37

Matched TTPs:

T1608.005 - Link Target
T1027.018 - Invisible Unicode

MITREへのリンク →

Thrip

Score: 4.58

Matched TTPs:

T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

FIN10

Score: 3.07

Matched TTPs:

T1497.002 - User Activity Based Checks
T1199 - Trusted Relationship
T1157 - Dylib Hijacking

MITREへのリンク →

Gallmaker

Score: 3.09

Matched TTPs:

T1497.002 - User Activity Based Checks
T1059.011 - Lua

MITREへのリンク →

TA459

Score: 3.70

Matched TTPs:

T1497.002 - User Activity Based Checks
T1218.010 - Regsvr32
T1027.010 - Command Obfuscation

MITREへのリンク →

FIN4

Score: 8.32

Matched TTPs:

T1574.010 - Services File Permissions Weakness
T1157 - Dylib Hijacking
T1027.010 - Command Obfuscation
T1027.018 - Invisible Unicode

MITREへのリンク →

APT-C-36

Score: 4.54

Matched TTPs:

T1199 - Trusted Relationship
T1059.011 - Lua
T1027.010 - Command Obfuscation

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

The White Company

Score: 3.39

Matched TTPs:

T1218.010 - Regsvr32
T1506 - Web Session Cookie

MITREへのリンク →

Kimsuky

Score: 0.70

Matched TTPs:

T1059.009 - Cloud API
T1608.005 - Link Target
T1059.010 - AutoHotKey & AutoIT
T1219.001 - IDE Tunneling
T1092 - Communication Through Removable Media
T1497.002 - User Activity Based Checks
T1003.007 - Proc Filesystem
T1668 - Exclusive Control
T1606.002 - SAML Tokens
T1003.003 - NTDS
T1601.001 - Patch System Image
T1205 - Traffic Signaling
T1590.006 - Network Security Appliances
T1218.012 - Verclsid
T1684 - Social Engineering
T1199 - Trusted Relationship
T1583 - Acquire Infrastructure
T1562.012 - Disable or Modify Linux Audit System
T1690 - Prevent Command History Logging
T1008 - Fallback Channels
T1555.003 - Credentials from Web Browsers
T1027.014 - Polymorphic Code
T1009 - Binary Padding
T1140 - Deobfuscate/Decode Files or Information
T1091 - Replication Through Removable Media
T1059.011 - Lua
T1597 - Search Closed Sources
T1565.002 - Transmitted Data Manipulation
T1506 - Web Session Cookie
T1027.018 - Invisible Unicode
T1547.002 - Authentication Package
T1027.010 - Command Obfuscation
T1584.003 - Virtual Private Server
T1037 - Boot or Logon Initialization Scripts
T1001 - Data Obfuscation
T1055.014 - VDSO Hijacking
T1566.002 - Spearphishing Link

MITREへのリンク →

Gamaredon Group

Score: 0.65

Matched TTPs:

T1059.009 - Cloud API
T1608.005 - Link Target
T1059.010 - AutoHotKey & AutoIT
T1045 - Software Packing
T1219.001 - IDE Tunneling
T1092 - Communication Through Removable Media
T1497.002 - User Activity Based Checks
T1612 - Build Image on Host
T1601.001 - Patch System Image
T1036.002 - Right-to-Left Override
T1205 - Traffic Signaling
T1218.012 - Verclsid
T1684 - Social Engineering
T1199 - Trusted Relationship
T1583 - Acquire Infrastructure
T1562.009 - Safe Mode Boot
T1554 - Compromise Host Software Binary
T1091 - Replication Through Removable Media
T1059.011 - Lua
T1547.012 - Print Processors
T1597 - Search Closed Sources
T1099 - Timestomp
T1061 - Graphical User Interface
T1506 - Web Session Cookie
T1027.018 - Invisible Unicode
T1547.002 - Authentication Package
T1027.010 - Command Obfuscation
T1584.003 - Virtual Private Server
T1055.014 - VDSO Hijacking
T1542.004 - ROMMONkit
T1059.013 - Container CLI/API
T1606.001 - Web Cookies

MITREへのリンク →

Mustang Panda

Score: 0.57

Matched TTPs:

T1608.005 - Link Target
T1059.010 - AutoHotKey & AutoIT
T1219.001 - IDE Tunneling
T1092 - Communication Through Removable Media
T1497.002 - User Activity Based Checks
T1055.013 - Process Doppelgänging
T1612 - Build Image on Host
T1606.002 - SAML Tokens
T1055.005 - Thread Local Storage
T1590.006 - Network Security Appliances
T1218.012 - Verclsid
T1597.002 - Purchase Technical Data
T1199 - Trusted Relationship
T1159 - Launch Agent
T1555.003 - Credentials from Web Browsers
T1562.006 - Indicator Blocking
T1218.010 - Regsvr32
T1091 - Replication Through Removable Media
T1169 - Sudo
T1059.011 - Lua
T1565.002 - Transmitted Data Manipulation
T1136.001 - Local Account
T1003 - OS Credential Dumping
T1027.018 - Invisible Unicode
T1027.010 - Command Obfuscation
T1037 - Boot or Logon Initialization Scripts
T1089 - Disabling Security Tools
T1566.002 - Spearphishing Link

MITREへのリンク →

Fake Tech Support Delivers Havoc Command & Control

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)