Trusted Design

Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2

概要

An Iranian threat actor's operational infrastructure was exposed through an open directory, revealing a 15-node relay network spanning Finland and Iran, an SSH-based botnet framework, and an active command and control server. The exposed bash history documented the full operation, including tunnel deployment, DDoS tooling development, and botnet creation. The actor used on-host compilation to evade detection and leveraged a Python script for mass SSH deployment. The botnet client, compiled and renamed 'hex' on infected hosts, showed automatic reconnection capabilities. This operation appears to be financially or personally motivated rather than state-directed, with infrastructure dual-purposed for censorship bypass and attack operations.

Created: 2026-03-17

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 37.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
MITREへのリンク →

menuPass

Score: 25.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Wizard Spider

Score: 30.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 10.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 32.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

CopyKittens

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1045 - Software Packing
MITREへのリンク →

Volt Typhoon

Score: 61.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1164 - Re-opened Applications
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 10.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Mustang Panda

Score: 43.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1546.011 - Application Shimming
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1562.006 - Indicator Blocking
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 15.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1142 - Keychain
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Chimera

Score: 27.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1062 - Hypervisor
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Sea Turtle

Score: 19.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT39

Score: 26.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 17.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 18.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

Agrius

Score: 17.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 20.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT41

Score: 60.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1059.008 - Network Device CLI
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1564.003 - Hidden Window
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 37.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 66.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1078.001 - Default Accounts
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
  • T1564.004 - NTFS File Attributes
MITREへのリンク →

Turla

Score: 48.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

Sowbug

Score: 7.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

BRONZE BUTLER

Score: 22.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 37.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1547.015 - Login Items
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Kimsuky

Score: 65.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 20.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.003 - Virtual Private Server
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1059.008 - Network Device CLI
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 10.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 27.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Lotus Blossom

Score: 18.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1056.002 - GUI Input Capture
  • T1505 - Server Software Component
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 39.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 33.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 67.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 12.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 18.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1209 - Time Providers
MITREへのリンク →

Akira

Score: 14.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 8.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Ember Bear

Score: 42.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1656 - Impersonation
  • T1519 - Emond
  • T1209 - Time Providers
MITREへのリンク →

Indrik Spider

Score: 16.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
MITREへのリンク →

Contagious Interview

Score: 35.15
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1564.009 - Resource Forking
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 68.92
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1596.003 - Digital Certificates
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 12.51
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT38

Score: 19.58
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.003 - Virtual Private Server
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 7.96
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 10.69
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Threat Group-3390

Score: 27.17
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Lazarus Group

Score: 41.00
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

PLATINUM

Score: 3.70
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN4

Score: 8.65
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 34.26
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1062 - Hypervisor
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 6.57
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1556.005 - Reversible Encryption
MITREへのリンク →

HEXANE

Score: 17.11
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

APT32

Score: 30.44
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 12.40
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1584.003 - Virtual Private Server
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA551

Score: 7.66
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1218.012 - Verclsid
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT29

Score: 47.00
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 38.64
Matched TTPs:
  • T1099 - Timestomp
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 15.51
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 25.73
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 27.73
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1554 - Compromise Host Software Binary
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 9.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 41.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Axiom

Score: 18.35
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LazyScripter

Score: 10.43
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 17.80
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1062 - Hypervisor
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 18.10
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1159 - Launch Agent
MITREへのリンク →

APT18

Score: 6.66
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN7

Score: 37.75
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1062 - Hypervisor
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 23.22
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 14.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
MITREへのリンク →

LuminousMoth

Score: 13.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 19.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Aoqin Dragon

Score: 7.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Moses Staff

Score: 9.14
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 37.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1142 - Keychain
  • T1597 - Search Closed Sources
  • T1519 - Emond
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Scattered Spider

Score: 41.52
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1062 - Hypervisor
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 13.88
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sidewinder

Score: 17.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 14.34
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 13.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

admin@338

Score: 6.79
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Velvet Ant

Score: 17.07
Matched TTPs:
  • T1583.005 - Botnet
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 7.39
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1209 - Time Providers
MITREへのリンク →

Rocke

Score: 15.29
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1008 - Fallback Channels
MITREへのリンク →

LAPSUS$

Score: 27.35
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1619 - Cloud Storage Object Discovery
  • T1157 - Dylib Hijacking
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 17.24
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1062 - Hypervisor
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT37

Score: 8.29
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Inception

Score: 13.26
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

Stealth Falcon

Score: 7.73
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1590.006 - Network Security Appliances
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Dark Caracal

Score: 5.70
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BlackByte

Score: 26.49
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Mustard Tempest

Score: 8.38
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 12.15
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 8.66
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 13.66
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1588.001 - Malware
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Saint Bear

Score: 8.64
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 4.83
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BackdoorDiplomacy

Score: 7.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1209 - Time Providers
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
MITREへのリンク →

BlackTech

Score: 6.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Medusa Group

Score: 32.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 7.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Volatile Cedar

Score: 5.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Carbanak

Score: 10.85
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

Higaisa

Score: 13.71
Matched TTPs:
  • T1569.003 - Systemctl
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

SilverTerrier

Score: 8.09
Matched TTPs:
  • T1131 - Authentication Package
  • T1041 - Exfiltration Over C2 Channel
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

FIN5

Score: 4.17
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
MITREへのリンク →

Silence

Score: 4.17
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT19

Score: 4.42
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Naikon

Score: 5.33
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1209 - Time Providers
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Confucius

Score: 9.69
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 4.83
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

RedEcho

Score: 4.47
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Transparent Tribe

Score: 7.90
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PROMETHIUM

Score: 7.99
Matched TTPs:
  • T1588.001 - Malware
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
MITREへのリンク →

FIN10

Score: 3.66
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Storm-1811

Score: 4.58
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 4.62
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Windshift

Score: 7.06
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1045 - Software Packing
  • T1556.005 - Reversible Encryption
  • T1586.002 - Email Accounts
  • T1546.016 - Installer Packages
  • T1091 - Replication Through Removable Media
  • T1548.006 - TCC Manipulation
  • T1555.003 - Credentials from Web Browsers
  • T1027.018 - Invisible Unicode
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1193 - Spearphishing Attachment
  • T1157 - Dylib Hijacking
  • T1584.003 - Virtual Private Server
  • T1596.003 - Digital Certificates
  • T1562.004 - Disable or Modify System Firewall
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1557.003 - DHCP Spoofing
  • T1566.004 - Spearphishing Voice
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.002 - SAML Tokens
  • T1049 - System Network Connections Discovery
  • T1075 - Pass the Hash
  • T1219.001 - IDE Tunneling
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Magic Hound

Score: 0.68
Matched TTPs:
  • T1045 - Software Packing
  • T1556.005 - Reversible Encryption
  • T1587.003 - Digital Certificates
  • T1099 - Timestomp
  • T1009 - Binary Padding
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1597 - Search Closed Sources
  • T1596.003 - Digital Certificates
  • T1562.004 - Disable or Modify System Firewall
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1590.006 - Network Security Appliances
  • T1566.004 - Spearphishing Voice
  • T1560.001 - Archive via Utility
  • T1027 - Obfuscated Files or Information
  • T1062 - Hypervisor
  • T1209 - Time Providers
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1036.009 - Break Process Trees
MITREへのリンク →

APT28

Score: 0.68
Matched TTPs:
  • T1564.004 - NTFS File Attributes
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
  • T1555.003 - Credentials from Web Browsers
  • T1197 - BITS Jobs
  • T1056.002 - GUI Input Capture
  • T1027.018 - Invisible Unicode
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1584.003 - Virtual Private Server
  • T1547.011 - Plist Modification
  • T1596.003 - Digital Certificates
  • T1562.004 - Disable or Modify System Firewall
  • T1059.001 - PowerShell
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1218.010 - Regsvr32
  • T1685.001 - Disable or Modify Windows Event Log
  • T1131 - Authentication Package
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1219.001 - IDE Tunneling
  • T1146 - Clear Command History
  • T1078.001 - Default Accounts
MITREへのリンク →

Kimsuky

Score: 0.67
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1041 - Exfiltration Over C2 Channel
  • T1091 - Replication Through Removable Media
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1197 - BITS Jobs
  • T1588.001 - Malware
  • T1027.018 - Invisible Unicode
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1656 - Impersonation
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1597 - Search Closed Sources
  • T1596.003 - Digital Certificates
  • T1008 - Fallback Channels
  • T1547.002 - Authentication Package
  • T1218.012 - Verclsid
  • T1131 - Authentication Package
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
  • T1546.011 - Application Shimming
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1045 - Software Packing
  • T1553.002 - Code Signing
  • T1164 - Re-opened Applications
  • T1099 - Timestomp
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
  • T1555.003 - Credentials from Web Browsers
  • T1056.002 - GUI Input Capture
  • T1003.007 - Proc Filesystem
  • T1159 - Launch Agent
  • T1157 - Dylib Hijacking
  • T1584.003 - Virtual Private Server
  • T1596.003 - Digital Certificates
  • T1685.001 - Disable or Modify Windows Event Log
  • T1590.006 - Network Security Appliances
  • T1566.004 - Spearphishing Voice
  • T1574.002 - DLL Side-Loading
  • T1560.001 - Archive via Utility
  • T1209 - Time Providers
  • T1140 - Deobfuscate/Decode Files or Information
  • T1569.002 - Service Execution
  • T1049 - System Network Connections Discovery
  • T1219.001 - IDE Tunneling
  • T1176 - Software Extensions
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1045 - Software Packing
  • T1556.005 - Reversible Encryption
  • T1041 - Exfiltration Over C2 Channel
  • T1548.006 - TCC Manipulation
  • T1588.001 - Malware
  • T1564.003 - Hidden Window
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1157 - Dylib Hijacking
  • T1584.003 - Virtual Private Server
  • T1059.008 - Network Device CLI
  • T1596.003 - Digital Certificates
  • T1008 - Fallback Channels
  • T1562.004 - Disable or Modify System Firewall
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1590.006 - Network Security Appliances
  • T1566.004 - Spearphishing Voice
  • T1574.002 - DLL Side-Loading
  • T1560.001 - Archive via Utility
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1539 - Steal Web Session Cookie
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る