Trusted Design

Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2

概要

An Iranian threat actor's operational infrastructure was exposed through an open directory, revealing a 15-node relay network spanning Finland and Iran, an SSH-based botnet framework, and an active command and control server. The exposed bash history documented the full operation, including tunnel deployment, DDoS tooling development, and botnet creation. The actor used on-host compilation to evade detection and leveraged a Python script for mass SSH deployment. The botnet client, compiled and renamed 'hex' on infected hosts, showed automatic reconnection capabilities. This operation appears to be financially or personally motivated rather than state-directed, with infrastructure dual-purposed for censorship bypass and attack operations.

Created: 2026-03-17

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 37.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
MITREへのリンク →

menuPass

Score: 25.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Wizard Spider

Score: 30.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1518.002 - Backup Software Discovery
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 10.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1040 - Network Sniffing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Fox Kitten

Score: 32.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1585 - Establish Accounts
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

CopyKittens

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1090 - Proxy
MITREへのリンク →

Volt Typhoon

Score: 61.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1590.004 - Network Topology
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1590.006 - Network Security Appliances
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 10.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Mustang Panda

Score: 43.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1205 - Traffic Signaling
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Play

Score: 15.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
MITREへのリンク →

Chimera

Score: 27.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.004 - DNS
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1572 - Protocol Tunneling
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 19.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

APT39

Score: 26.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1071.004 - DNS
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 17.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT5

Score: 18.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

Agrius

Score: 17.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1046 - Network Service Discovery
MITREへのリンク →

GALLIUM

Score: 20.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT41

Score: 60.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1104 - Multi-Stage Channels
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1213.003 - Code Repositories
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 37.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 66.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1071.003 - Mail Protocols
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1092 - Communication Through Removable Media
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
  • T1001.001 - Junk Data
MITREへのリンク →

Turla

Score: 48.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1071.003 - Mail Protocols
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sowbug

Score: 7.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

BRONZE BUTLER

Score: 22.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 37.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1205 - Traffic Signaling
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1205.001 - Port Knocking
  • T1554 - Compromise Host Software Binary
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Kimsuky

Score: 65.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1205 - Traffic Signaling
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1071.002 - File Transfer Protocols
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT3

Score: 20.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1005 - Data from Local System
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN8

Score: 10.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Ke3chang

Score: 27.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
MITREへのリンク →

Lotus Blossom

Score: 18.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1090.003 - Multi-hop Proxy
  • T1134 - Access Token Manipulation
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 39.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 33.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 67.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Aquatic Panda

Score: 12.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1595.002 - Vulnerability Scanning
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

INC Ransom

Score: 18.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1046 - Network Service Discovery
MITREへのリンク →

Akira

Score: 14.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

ToddyCat

Score: 8.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
MITREへのリンク →

Ember Bear

Score: 42.66
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1585 - Establish Accounts
  • T1595.001 - Scanning IP Blocks
  • T1046 - Network Service Discovery
MITREへのリンク →

Indrik Spider

Score: 16.05
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
MITREへのリンク →

Contagious Interview

Score: 35.15
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1546.004 - Unix Shell Configuration Modification
  • T1585 - Establish Accounts
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 68.92
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1056.001 - Keylogging
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 12.51
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

APT38

Score: 19.58
Matched TTPs:
  • T1056.001 - Keylogging
  • T1005 - Data from Local System
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 7.96
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tonto Team

Score: 10.69
Matched TTPs:
  • T1056.001 - Keylogging
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Threat Group-3390

Score: 27.17
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
MITREへのリンク →

Lazarus Group

Score: 41.00
Matched TTPs:
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1562.004 - Disable or Modify System Firewall
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

PLATINUM

Score: 3.70
Matched TTPs:
  • T1056.001 - Keylogging
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN4

Score: 8.65
Matched TTPs:
  • T1056.001 - Keylogging
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

OilRig

Score: 34.26
Matched TTPs:
  • T1056.001 - Keylogging
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1572 - Protocol Tunneling
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT42

Score: 6.57
Matched TTPs:
  • T1056.001 - Keylogging
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1071.001 - Web Protocols
MITREへのリンク →

HEXANE

Score: 17.11
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
MITREへのリンク →

APT32

Score: 30.44
Matched TTPs:
  • T1056.001 - Keylogging
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Andariel

Score: 12.40
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1005 - Data from Local System
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA551

Score: 7.66
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1218.005 - Mshta
  • T1071.001 - Web Protocols
MITREへのリンク →

APT29

Score: 47.00
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Gamaredon Group

Score: 38.64
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1102.003 - One-Way Communication
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

TA2541

Score: 15.51
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

ZIRCONIUM

Score: 25.73
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 27.73
Matched TTPs:
  • T1584.008 - Network Devices
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1102.003 - One-Way Communication
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 9.74
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 41.13
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 18.35
Matched TTPs:
  • T1583.002 - DNS Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 10.43
Matched TTPs:
  • T1071.004 - DNS
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 17.80
Matched TTPs:
  • T1071.004 - DNS
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1572 - Protocol Tunneling
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Tropic Trooper

Score: 18.10
Matched TTPs:
  • T1071.004 - DNS
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT18

Score: 6.66
Matched TTPs:
  • T1071.004 - DNS
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN7

Score: 37.75
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1572 - Protocol Tunneling
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
MITREへのリンク →

Winter Vivern

Score: 23.22
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 14.97
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1071.001 - Web Protocols
MITREへのリンク →

LuminousMoth

Score: 13.21
Matched TTPs:
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 19.85
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Aoqin Dragon

Score: 7.12
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Moses Staff

Score: 9.14
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

TeamTNT

Score: 37.88
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1610 - Deploy Container
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
MITREへのリンク →

Scattered Spider

Score: 41.52
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1572 - Protocol Tunneling
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1003.003 - NTDS
MITREへのリンク →

Storm-0501

Score: 13.88
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1036.004 - Masquerade Task or Service
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Sidewinder

Score: 17.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 14.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Patchwork

Score: 13.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

admin@338

Score: 6.79
Matched TTPs:
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Velvet Ant

Score: 17.07
Matched TTPs:
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

DarkVishnya

Score: 7.39
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1046 - Network Service Discovery
MITREへのリンク →

Rocke

Score: 15.29
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

LAPSUS$

Score: 27.35
Matched TTPs:
  • T1005 - Data from Local System
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1204 - User Execution
  • T1078 - Valid Accounts
  • T1213.003 - Code Repositories
  • T1003.003 - NTDS
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1005 - Data from Local System
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

FIN6

Score: 17.24
Matched TTPs:
  • T1005 - Data from Local System
  • T1572 - Protocol Tunneling
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1134 - Access Token Manipulation
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

APT37

Score: 8.29
Matched TTPs:
  • T1005 - Data from Local System
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Inception

Score: 13.26
Matched TTPs:
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

Stealth Falcon

Score: 7.73
Matched TTPs:
  • T1005 - Data from Local System
  • T1016 - System Network Configuration Discovery
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
MITREへのリンク →

Dark Caracal

Score: 5.70
Matched TTPs:
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

BlackByte

Score: 26.49
Matched TTPs:
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
MITREへのリンク →

Mustard Tempest

Score: 8.38
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 12.15
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

TA505

Score: 8.66
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 13.66
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1036.004 - Masquerade Task or Service
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Saint Bear

Score: 8.64
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 4.83
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

BackdoorDiplomacy

Score: 7.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1036.004 - Masquerade Task or Service
  • T1046 - Network Service Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
MITREへのリンク →

BlackTech

Score: 6.09
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Medusa Group

Score: 32.92
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Cinnamon Tempest

Score: 7.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1090 - Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volatile Cedar

Score: 5.83
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
MITREへのリンク →

Carbanak

Score: 10.85
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

Higaisa

Score: 13.71
Matched TTPs:
  • T1029 - Scheduled Transfer
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
MITREへのリンク →

SilverTerrier

Score: 8.09
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1071.002 - File Transfer Protocols
  • T1071.001 - Web Protocols
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

FIN5

Score: 4.17
Matched TTPs:
  • T1090.002 - External Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

Silence

Score: 4.17
Matched TTPs:
  • T1090.002 - External Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

APT19

Score: 4.42
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Naikon

Score: 5.33
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1046 - Network Service Discovery
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Confucius

Score: 9.69
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Leafminer

Score: 4.83
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
MITREへのリンク →

RedEcho

Score: 4.47
Matched TTPs:
  • T1568 - Dynamic Resolution
  • T1071.001 - Web Protocols
MITREへのリンク →

Transparent Tribe

Score: 7.90
Matched TTPs:
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

PROMETHIUM

Score: 7.99
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1205.001 - Port Knocking
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN10

Score: 3.66
Matched TTPs:
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Storm-1811

Score: 4.58
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 4.62
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Windshift

Score: 7.06
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1583.004 - Server
  • T1592.002 - Software
  • T1090 - Proxy
  • T1587.001 - Malware
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1583 - Acquire Infrastructure
  • T1040 - Network Sniffing
  • T1071.001 - Web Protocols
  • T1083 - File and Directory Discovery
  • T1003.003 - NTDS
  • T1219 - Remote Access Tools
  • T1595.002 - Vulnerability Scanning
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1584.005 - Botnet
  • T1486 - Data Encrypted for Impact
  • T1598.003 - Spearphishing Link
  • T1056.001 - Keylogging
  • T1204.001 - Malicious Link
  • T1570 - Lateral Tool Transfer
  • T1591.002 - Business Relationships
  • T1491.002 - External Defacement
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Magic Hound

Score: 0.68
Matched TTPs:
  • T1592.002 - Software
  • T1090 - Proxy
  • T1562.001 - Disable or Modify Tools
  • T1071.001 - Web Protocols
  • T1083 - File and Directory Discovery
  • T1016.001 - Internet Connection Discovery
  • T1189 - Drive-by Compromise
  • T1595.002 - Vulnerability Scanning
  • T1583.006 - Web Services
  • T1114.001 - Local Email Collection
  • T1505.003 - Web Shell
  • T1562.004 - Disable or Modify System Firewall
  • T1590.005 - IP Addresses
  • T1016 - System Network Configuration Discovery
  • T1573 - Encrypted Channel
  • T1102.002 - Bidirectional Communication
  • T1046 - Network Service Discovery
  • T1486 - Data Encrypted for Impact
  • T1598.003 - Spearphishing Link
  • T1572 - Protocol Tunneling
  • T1056.001 - Keylogging
  • T1071 - Application Layer Protocol
  • T1204.001 - Malicious Link
  • T1570 - Lateral Tool Transfer
  • T1560.001 - Archive via Utility
  • T1562 - Impair Defenses
  • T1005 - Data from Local System
  • T1036.004 - Masquerade Task or Service
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT28

Score: 0.68
Matched TTPs:
  • T1090.003 - Multi-hop Proxy
  • T1001.001 - Junk Data
  • T1210 - Exploitation of Remote Services
  • T1071.003 - Mail Protocols
  • T1040 - Network Sniffing
  • T1071.001 - Web Protocols
  • T1083 - File and Directory Discovery
  • T1003.003 - NTDS
  • T1189 - Drive-by Compromise
  • T1595.002 - Vulnerability Scanning
  • T1583.006 - Web Services
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1039 - Data from Network Shared Drive
  • T1498 - Network Denial of Service
  • T1090.002 - External Proxy
  • T1598.003 - Spearphishing Link
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1092 - Communication Through Removable Media
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Kimsuky

Score: 0.67
Matched TTPs:
  • T1583.004 - Server
  • T1218.005 - Mshta
  • T1587.001 - Malware
  • T1562.001 - Disable or Modify Tools
  • T1583 - Acquire Infrastructure
  • T1071.003 - Mail Protocols
  • T1040 - Network Sniffing
  • T1071.001 - Web Protocols
  • T1083 - File and Directory Discovery
  • T1007 - System Service Discovery
  • T1205 - Traffic Signaling
  • T1583.006 - Web Services
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1562.004 - Disable or Modify System Firewall
  • T1585 - Establish Accounts
  • T1016 - System Network Configuration Discovery
  • T1102.002 - Bidirectional Communication
  • T1598.003 - Spearphishing Link
  • T1071.002 - File Transfer Protocols
  • T1056.001 - Keylogging
  • T1102.001 - Dead Drop Resolver
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1036.004 - Masquerade Task or Service
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1090.003 - Multi-hop Proxy
  • T1090 - Proxy
  • T1584.004 - Server
  • T1584.003 - Virtual Private Server
  • T1518 - Software Discovery
  • T1083 - File and Directory Discovery
  • T1007 - System Service Discovery
  • T1003.003 - NTDS
  • T1016.001 - Internet Connection Discovery
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
  • T1016 - System Network Configuration Discovery
  • T1596.005 - Scan Databases
  • T1584.005 - Botnet
  • T1590.004 - Network Topology
  • T1046 - Network Service Discovery
  • T1590.006 - Network Security Appliances
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1090.001 - Internal Proxy
  • T1570 - Lateral Tool Transfer
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1090 - Proxy
  • T1213.003 - Code Repositories
  • T1071.001 - Web Protocols
  • T1083 - File and Directory Discovery
  • T1003.003 - NTDS
  • T1546.008 - Accessibility Features
  • T1595.002 - Vulnerability Scanning
  • T1203 - Exploitation for Client Execution
  • T1078 - Valid Accounts
  • T1016 - System Network Configuration Discovery
  • T1596.005 - Scan Databases
  • T1104 - Multi-Stage Channels
  • T1003.002 - Security Account Manager
  • T1046 - Network Service Discovery
  • T1486 - Data Encrypted for Impact
  • T1071.002 - File Transfer Protocols
  • T1056.001 - Keylogging
  • T1102.001 - Dead Drop Resolver
  • T1570 - Lateral Tool Transfer
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1071.004 - DNS
  • T1036.004 - Masquerade Task or Service
  • T1568.002 - Domain Generation Algorithms
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る