Trusted Design

New Malware Targets Users of Cobra DocGuard Software

概要

A novel and stealthy threat called Infostealer.Speagle has been discovered, hijacking the functionality of Cobra DocGuard, a legitimate security software. This malware collects sensitive information from infected computers and transmits it to a compromised Cobra DocGuard server, masking the data exfiltration as legitimate communications. Speagle specifically targets computers with Cobra DocGuard installed and has shown capabilities to search for documents related to Chinese ballistic missiles. The infection vector remains unknown, but there are indications of a possible supply chain attack. The malware collects system information, file listings, and browser data in multiple phases, using sophisticated techniques to evade detection and self-delete after completing its tasks.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 62.05
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1010 - Application Window Discovery
  • T1562.004 - Disable or Modify System Firewall
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 28.56
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1591 - Gather Victim Org Information
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 51.57
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.003 - Mail Protocols
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1090.001 - Internal Proxy
MITREへのリンク →

LAPSUS$

Score: 44.18
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

Contagious Interview

Score: 43.64
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 41.30
Matched TTPs:
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1552.001 - Credentials In Files
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Sandworm Team

Score: 72.43
Matched TTPs:
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Inception

Score: 21.38
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 11.47
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 8.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Darkhotel

Score: 11.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 6.52
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT28

Score: 65.95
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1221 - Template Injection
  • T1001.001 - Junk Data
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

APT18

Score: 7.06
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
MITREへのリンク →

Leviathan

Score: 28.74
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

Sidewinder

Score: 25.15
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1020 - Automated Exfiltration
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT39

Score: 25.79
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1027.002 - Software Packing
  • T1090.001 - Internal Proxy
MITREへのリンク →

Saint Bear

Score: 14.42
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

APT33

Score: 16.73
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1555.003 - Credentials from Web Browsers
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BITTER

Score: 16.04
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 29.29
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1027.002 - Software Packing
MITREへのリンク →

Higaisa

Score: 9.25
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT19

Score: 9.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 26.26
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1213.005 - Messaging Applications
MITREへのリンク →

Threat Group-3390

Score: 36.61
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

TA2541

Score: 18.64
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
MITREへのリンク →

Malteiro

Score: 8.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Magic Hound

Score: 45.24
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1114.001 - Local Email Collection
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 11.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 11.93
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tropic Trooper

Score: 31.60
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1020 - Automated Exfiltration
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1221 - Template Injection
  • T1518 - Software Discovery
MITREへのリンク →

Mofang

Score: 3.26
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Whitefly

Score: 5.33
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

menuPass

Score: 23.61
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
MITREへのリンク →

Moses Staff

Score: 10.11
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1588.002 - Tool
MITREへのリンク →

TeamTNT

Score: 33.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1595.001 - Scanning IP Blocks
  • T1027.002 - Software Packing
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

OilRig

Score: 48.13
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1071.004 - DNS
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 32.58
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1071.003 - Mail Protocols
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT41

Score: 60.43
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1012 - Query Registry
  • T1213.003 - Code Repositories
  • T1027.002 - Software Packing
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

TA551

Score: 13.36
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1027.003 - Steganography
MITREへのリンク →

Mustard Tempest

Score: 8.28
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

Daggerfly

Score: 9.52
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1195.002 - Compromise Software Supply Chain
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
MITREへのリンク →

GALLIUM

Score: 18.37
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1027.002 - Software Packing
MITREへのリンク →

APT29

Score: 50.45
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1027.002 - Software Packing
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN13

Score: 26.59
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1134.003 - Make and Impersonate Token
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

Dragonfly

Score: 41.80
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1221 - Template Injection
MITREへのリンク →

Ke3chang

Score: 29.17
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1020 - Automated Exfiltration
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Agrius

Score: 12.83
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT5

Score: 16.33
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Wizard Spider

Score: 21.32
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Silent Librarian

Score: 11.86
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Kimsuky

Score: 77.16
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Volt Typhoon

Score: 69.42
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1012 - Query Registry
  • T1591.004 - Identify Roles
  • T1027.002 - Software Packing
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

EXOTIC LILY

Score: 10.94
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

Sea Turtle

Score: 24.66
Matched TTPs:
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Axiom

Score: 26.17
Matched TTPs:
  • T1583.002 - DNS Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 25.08
Matched TTPs:
  • T1583.002 - DNS Server
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1049 - System Network Connections Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
MITREへのリンク →

Chimera

Score: 23.67
Matched TTPs:
  • T1071.004 - DNS
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1012 - Query Registry
  • T1556.001 - Domain Controller Authentication
MITREへのリンク →

LazyScripter

Score: 15.38
Matched TTPs:
  • T1071.004 - DNS
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
MITREへのリンク →

Cobalt Group

Score: 20.55
Matched TTPs:
  • T1071.004 - DNS
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1068 - Exploitation for Privilege Escalation
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

FIN7

Score: 45.23
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1195.002 - Compromise Software Supply Chain
  • T1591.004 - Identify Roles
MITREへのリンク →

Gamaredon Group

Score: 64.69
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1020 - Automated Exfiltration
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1221 - Template Injection
MITREへのリンク →

RedCurl

Score: 22.97
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1020 - Automated Exfiltration
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT1

Score: 13.17
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
MITREへのリンク →

Winter Vivern

Score: 19.36
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1020 - Automated Exfiltration
  • T1083 - File and Directory Discovery
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Indrik Spider

Score: 17.56
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1552.001 - Credentials In Files
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1012 - Query Registry
MITREへのリンク →

UNC3886

Score: 31.62
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 15.80
Matched TTPs:
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
MITREへのリンク →

Salt Typhoon

Score: 14.33
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 14.97
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Aoqin Dragon

Score: 10.77
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Mustang Panda

Score: 37.88
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1070 - Indicator Removal
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Medusa Group

Score: 43.94
Matched TTPs:
  • T1652 - Device Driver Discovery
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1027.002 - Software Packing
  • T1490 - Inhibit System Recovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

MuddyWater

Score: 41.73
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT37

Score: 20.11
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Gallmaker

Score: 6.70
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Patchwork

Score: 24.84
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

WIRTE

Score: 4.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
MITREへのリンク →

RTM

Score: 6.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 4.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

CURIUM

Score: 15.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkHydrus

Score: 5.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1221 - Template Injection
MITREへのリンク →

PLATINUM

Score: 7.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN8

Score: 12.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Star Blizzard

Score: 11.99
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

FIN4

Score: 5.83
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

Ajax Security Team

Score: 6.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1555.003 - Credentials from Web Browsers
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 21.32
Matched TTPs:
  • T1204.002 - Malicious File
  • T1213.006 - Databases
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1134 - Access Token Manipulation
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 3.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
MITREへのリンク →

Gorgon Group

Score: 7.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Earth Lusca

Score: 32.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

SideCopy

Score: 14.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Tonto Team

Score: 9.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Andariel

Score: 17.44
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 28.69
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT38

Score: 43.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1565.003 - Runtime Data Manipulation
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Naikon

Score: 3.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Molerats

Score: 5.28
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

admin@338

Score: 8.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 7.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
MITREへのリンク →

IndigoZebra

Score: 4.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1588.002 - Tool
MITREへのリンク →

Silence

Score: 8.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Confucius

Score: 11.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1221 - Template Injection
MITREへのリンク →

BlackTech

Score: 5.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 15.07
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Scattered Spider

Score: 60.01
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1621 - Multi-Factor Authentication Request Generation
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1556.006 - Multi-Factor Authentication
  • T1486 - Data Encrypted for Impact
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
  • T1538 - Cloud Service Dashboard
  • T1490 - Inhibit System Recovery
  • T1213.005 - Messaging Applications
MITREへのリンク →

Storm-0501

Score: 19.31
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1486 - Data Encrypted for Impact
  • T1518.001 - Security Software Discovery
  • T1556.009 - Conditional Access Policies
  • T1027.002 - Software Packing
  • T1490 - Inhibit System Recovery
MITREへのリンク →

ZIRCONIUM

Score: 19.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1012 - Query Registry
  • T1027.002 - Software Packing
MITREへのリンク →

HAFNIUM

Score: 25.94
Matched TTPs:
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Aquatic Panda

Score: 12.80
Matched TTPs:
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1007 - System Service Discovery
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Velvet Ant

Score: 17.27
Matched TTPs:
  • T1040 - Network Sniffing
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
MITREへのリンク →

ToddyCat

Score: 12.71
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1005 - Data from Local System
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

APT3

Score: 20.92
Matched TTPs:
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1552.001 - Credentials In Files
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Stealth Falcon

Score: 5.74
Matched TTPs:
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1012 - Query Registry
MITREへのリンク →

BlackByte

Score: 41.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1480 - Execution Guardrails
  • T1491.001 - Internal Defacement
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cinnamon Tempest

Score: 7.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Rocke

Score: 20.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT42

Score: 16.36
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1070 - Indicator Removal
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 10.56
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 12.90
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Akira

Score: 10.10
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

MoustachedBouncer

Score: 11.03
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1027.002 - Software Packing
MITREへのリンク →

Carbanak

Score: 4.61
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

SilverTerrier

Score: 6.91
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

Lotus Blossom

Score: 17.47
Matched TTPs:
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1588.002 - Tool
  • T1090.003 - Multi-hop Proxy
  • T1012 - Query Registry
  • T1134 - Access Token Manipulation
  • T1090.001 - Internal Proxy
MITREへのリンク →

Leafminer

Score: 13.03
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1055.013 - Process Doppelgänging
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

POLONIUM

Score: 6.63
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Sowbug

Score: 4.33
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1566 - Phishing
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1566 - Phishing
  • T1027 - Obfuscated Files or Information
  • T1218.005 - Mshta
  • T1588.005 - Exploits
  • T1112 - Modify Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1012 - Query Registry
  • T1071.002 - File Transfer Protocols
  • T1505.003 - Web Shell
  • T1534 - Internal Spearphishing
  • T1102.001 - Dead Drop Resolver
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1566.001 - Spearphishing Attachment
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1594 - Search Victim-Owned Websites
  • T1552.001 - Credentials In Files
  • T1027.012 - LNK Icon Smuggling
  • T1587.001 - Malware
  • T1027.002 - Software Packing
  • T1518.001 - Security Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1608.001 - Upload Malware
  • T1591 - Gather Victim Org Information
  • T1007 - System Service Discovery
  • T1071.003 - Mail Protocols
  • T1040 - Network Sniffing
MITREへのリンク →

Sandworm Team

Score: 0.66
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1490 - Inhibit System Recovery
  • T1195.002 - Compromise Software Supply Chain
  • T1140 - Deobfuscate/Decode Files or Information
  • T1499 - Endpoint Denial of Service
  • T1213.006 - Databases
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1486 - Data Encrypted for Impact
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1592.002 - Software
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1491.002 - External Defacement
  • T1049 - System Network Connections Discovery
  • T1195 - Supply Chain Compromise
  • T1203 - Exploitation for Client Execution
  • T1090 - Proxy
  • T1608.001 - Upload Malware
  • T1584.005 - Botnet
  • T1040 - Network Sniffing
MITREへのリンク →

Volt Typhoon

Score: 0.63
Matched TTPs:
  • T1090.001 - Internal Proxy
  • T1112 - Modify Registry
  • T1140 - Deobfuscate/Decode Files or Information
  • T1012 - Query Registry
  • T1596.005 - Scan Databases
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1591.004 - Identify Roles
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1518 - Software Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1555.003 - Credentials from Web Browsers
  • T1068 - Exploitation for Privilege Escalation
  • T1594 - Search Victim-Owned Websites
  • T1049 - System Network Connections Discovery
  • T1027.002 - Software Packing
  • T1010 - Application Window Discovery
  • T1090.003 - Multi-hop Proxy
  • T1090 - Proxy
  • T1587.004 - Exploits
  • T1591 - Gather Victim Org Information
  • T1007 - System Service Discovery
  • T1584.005 - Botnet
MITREへのリンク →

APT28

Score: 0.60
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1189 - Drive-by Compromise
  • T1001.001 - Junk Data
  • T1090.002 - External Proxy
  • T1039 - Data from Network Shared Drive
  • T1221 - Template Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1498 - Network Denial of Service
  • T1505.003 - Web Shell
  • T1211 - Exploitation for Defense Evasion
  • T1588.002 - Tool
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1005 - Data from Local System
  • T1204.002 - Malicious File
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1090.003 - Multi-hop Proxy
  • T1559.002 - Dynamic Data Exchange
  • T1591 - Gather Victim Org Information
  • T1027.013 - Encrypted/Encoded File
  • T1071.003 - Mail Protocols
  • T1040 - Network Sniffing
MITREへのリンク →

Gamaredon Group

Score: 0.59
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1027 - Obfuscated Files or Information
  • T1218.005 - Mshta
  • T1039 - Data from Network Shared Drive
  • T1112 - Modify Registry
  • T1221 - Template Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1012 - Query Registry
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1027.004 - Compile After Delivery
  • T1083 - File and Directory Discovery
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1204.002 - Malicious File
  • T1491.001 - Internal Defacement
  • T1027.012 - LNK Icon Smuggling
  • T1001 - Data Obfuscation
  • T1090.003 - Multi-hop Proxy
  • T1020 - Automated Exfiltration
  • T1090 - Proxy
  • T1518.001 - Security Software Discovery
  • T1562.001 - Disable or Modify Tools
  • T1480 - Execution Guardrails
  • T1608.001 - Upload Malware
MITREへのリンク →

Lazarus Group

Score: 0.56
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1529 - System Shutdown/Reboot
  • T1090.001 - Internal Proxy
  • T1189 - Drive-by Compromise
  • T1218.005 - Mshta
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1012 - Query Registry
  • T1566.003 - Spearphishing via Service
  • T1588.002 - Tool
  • T1027.009 - Embedded Payloads
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1566.001 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1204.002 - Malicious File
  • T1027.007 - Dynamic API Resolution
  • T1491.001 - Internal Defacement
  • T1587.001 - Malware
  • T1049 - System Network Connections Discovery
  • T1010 - Application Window Discovery
  • T1203 - Exploitation for Client Execution
  • T1562.001 - Disable or Modify Tools
  • T1591 - Gather Victim Org Information
  • T1027.013 - Encrypted/Encoded File
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る