Trusted Design

InstallFix: How attackers are weaponizing malvertized install guides

概要

A new attack technique called InstallFix targets users by cloning popular developer tool installation pages and presenting malicious install commands. Attackers distribute these fake pages through Google Ads, exploiting users' trust in familiar 'curl to bash' installation methods. The campaign specifically targets Claude Code users, delivering the Amatera Stealer malware. This technique bypasses email security controls and exploits the growing trend of non-technical users adopting developer tools. The attack leverages legitimate hosting services and is part of a broader trend targeting AI-related tools. The payload uses staged execution and various evasion techniques to avoid detection.

Created: 2026-03-09

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 16.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1039 - Data from Network Shared Drive
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

menuPass

Score: 29.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1588.006 - Vulnerabilities
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Wizard Spider

Score: 25.04
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 14.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Fox Kitten

Score: 16.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CopyKittens

Score: 5.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 47.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1562.012 - Disable or Modify Linux Audit System
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 8.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 65.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1588.006 - Vulnerabilities
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1593.002 - Search Engines
  • T1562.006 - Indicator Blocking
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Play

Score: 13.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Chimera

Score: 19.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gallmaker

Score: 5.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
MITREへのリンク →

Sea Turtle

Score: 20.62
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 34.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 22.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1543.003 - Windows Service
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1574.010 - Services File Permissions Weakness
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1209 - Time Providers
MITREへのリンク →

APT5

Score: 16.89
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Agrius

Score: 14.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 21.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT41

Score: 51.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1564.003 - Hidden Window
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 38.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 34.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 50.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1014 - Rootkit
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

BRONZE BUTLER

Score: 25.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 30.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1136.002 - Domain Account
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1497.002 - User Activity Based Checks
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Kimsuky

Score: 84.18
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1602.002 - Network Device Configuration Dump
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1683.001 - Written Content
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 20.27
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 13.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 18.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Lotus Blossom

Score: 10.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 27.02
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 36.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Magic Hound

Score: 40.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 12.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1089 - Disabling Security Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 16.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Akira

Score: 13.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 6.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

Ember Bear

Score: 34.63
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1209 - Time Providers
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 16.38
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1183 - Image File Execution Options Injection
  • T1497.002 - User Activity Based Checks
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Contagious Interview

Score: 51.73
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1016 - System Network Configuration Discovery
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.004 - Compile After Delivery
  • T1059.006 - Python
  • T1601.001 - Patch System Image
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Sandworm Team

Score: 70.11
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 16.44
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Lazarus Group

Score: 60.85
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1569.002 - Service Execution
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
MITREへのリンク →

Moonstone Sleet

Score: 28.79
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Inception

Score: 15.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 9.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Elderwood

Score: 9.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 19.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 10.12
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 3.79
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Leviathan

Score: 38.81
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1562.004 - Disable or Modify System Firewall
  • T1183 - Image File Execution Options Injection
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 21.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 14.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

BITTER

Score: 13.19
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 23.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Higaisa

Score: 10.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 13.71
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Threat Group-3390

Score: 34.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 19.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Malteiro

Score: 8.53
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
MITREへのリンク →

Storm-1811

Score: 14.08
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Blue Mockingbird

Score: 13.64
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 16.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 3.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
MITREへのリンク →

Whitefly

Score: 7.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Moses Staff

Score: 9.13
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 23.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1497.002 - User Activity Based Checks
  • T1519 - Emond
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 5.68
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 40.69
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 39.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 18.07
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Daggerfly

Score: 16.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1497.002 - User Activity Based Checks
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 41.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 42.09
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Axiom

Score: 29.27
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 24.00
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LuminousMoth

Score: 18.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN7

Score: 44.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 9.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

WIRTE

Score: 7.53
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 7.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 4.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 14.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1183 - Image File Execution Options Injection
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

DarkHydrus

Score: 6.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1531 - Account Access Removal
MITREへのリンク →

PLATINUM

Score: 14.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

TA551

Score: 10.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 16.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 16.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rancor

Score: 4.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 7.79
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

Cobalt Group

Score: 24.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

EXOTIC LILY

Score: 7.99
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1218.010 - Regsvr32
MITREへのリンク →

Ajax Security Team

Score: 3.62
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN6

Score: 15.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1601.001 - Patch System Image
  • T1505 - Server Software Component
  • T1209 - Time Providers
MITREへのリンク →

Patchwork

Score: 21.37
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

TA459

Score: 3.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 4.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 8.40
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 13.98
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 12.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 11.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 32.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Naikon

Score: 4.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1209 - Time Providers
MITREへのリンク →

Molerats

Score: 10.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 44.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

The White Company

Score: 4.33
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 15.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 9.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 9.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
MITREへのリンク →

Windshift

Score: 12.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 19.27
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 38.44
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1564.003 - Hidden Window
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 16.07
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Evilnum

Score: 3.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 24.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1547.002 - Authentication Package
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT42

Score: 13.54
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Silent Librarian

Score: 10.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Velvet Ant

Score: 13.59
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 11.34
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Winter Vivern

Score: 19.32
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackByte

Score: 26.99
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1606.001 - Web Cookies
  • T1134.001 - Token Impersonation/Theft
  • T1497.002 - User Activity Based Checks
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 21.51
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

GOLD SOUTHFIELD

Score: 10.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497.002 - User Activity Based Checks
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 26.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1537 - Transfer Data to Cloud Account
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volatile Cedar

Score: 8.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

MoustachedBouncer

Score: 11.83
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1039 - Data from Network Shared Drive
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Carbanak

Score: 7.01
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Stealth Falcon

Score: 6.48
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 12.83
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1199 - Trusted Relationship
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

LAPSUS$

Score: 27.18
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1564.003 - Hidden Window
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Deep Panda

Score: 6.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN10

Score: 3.07
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

DarkVishnya

Score: 3.41
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1209 - Time Providers
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.004 - Compile After Delivery
  • T1547.013 - XDG Autostart Entries
  • T1566.002 - Spearphishing Link
  • T1126 - Network Share Connection Removal
  • T1683.001 - Written Content
  • T1608.005 - Link Target
  • T1008 - Fallback Channels
  • T1059.010 - AutoHotKey & AutoIT
  • T1183 - Image File Execution Options Injection
  • T1608 - Stage Capabilities
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1601.001 - Patch System Image
  • T1684 - Social Engineering
  • T1602.002 - Network Device Configuration Dump
  • T1199 - Trusted Relationship
  • T1552.003 - Shell History
  • T1218.012 - Verclsid
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1003.003 - NTDS
  • T1497.002 - User Activity Based Checks
  • T1543.003 - Windows Service
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1537 - Transfer Data to Cloud Account
  • T1059.011 - Lua
  • T1009 - Binary Padding
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Sandworm Team

Score: 0.58
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.013 - XDG Autostart Entries
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.010 - AutoHotKey & AutoIT
  • T1573 - Encrypted Channel
  • T1183 - Image File Execution Options Injection
  • T1187 - Forced Authentication
  • T1157 - Dylib Hijacking
  • T1075 - Pass the Hash
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1606.002 - SAML Tokens
  • T1601.001 - Patch System Image
  • T1199 - Trusted Relationship
  • T1564.008 - Email Hiding Rules
  • T1546.016 - Installer Packages
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1087.002 - Domain Account
  • T1059.011 - Lua
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る