Trusted Design

New Malware Targets Users of Cobra DocGuard Software

概要

A novel and stealthy threat called Infostealer.Speagle has been discovered, hijacking the functionality of Cobra DocGuard, a legitimate security software. This malware collects sensitive information from infected computers and transmits it to a compromised Cobra DocGuard server, masking the data exfiltration as legitimate communications. Speagle specifically targets computers with Cobra DocGuard installed and has shown capabilities to search for documents related to Chinese ballistic missiles. The infection vector remains unknown, but there are indications of a possible supply chain attack. The malware collects system information, file listings, and browser data in multiple phases, using sophisticated techniques to evade detection and self-delete after completing its tasks.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 67.27
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 28.56
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1547.008 - LSASS Driver
MITREへのリンク →

Magic Hound

Score: 51.65
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1587.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT39

Score: 29.27
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

APT38

Score: 50.91
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1675 - ESXi Administration Command
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Volt Typhoon

Score: 79.95
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1114 - Email Collection
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1164 - Re-opened Applications
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1570 - Lateral Tool Transfer
  • T1065 - Uncommonly Used Port
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

Ajax Security Team

Score: 8.17
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 67.88
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1564.004 - NTFS File Attributes
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 13.22
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

menuPass

Score: 30.37
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT5

Score: 20.72
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Tonto Team

Score: 11.70
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

Threat Group-3390

Score: 43.94
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Group5

Score: 3.53
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
MITREへのリンク →

PLATINUM

Score: 12.10
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN4

Score: 7.77
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
MITREへのリンク →

Sandworm Team

Score: 75.91
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1063 - Security Software Discovery
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 85.40
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1690 - Prevent Command History Logging
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

OilRig

Score: 54.20
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1574.014 - AppDomainManager
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 18.29
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1677 - Poisoned Pipeline Execution
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
MITREへのリンク →

Sowbug

Score: 6.27
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

HEXANE

Score: 31.48
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1499.003 - Application Exhaustion Flood
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

APT32

Score: 44.73
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT3

Score: 24.40
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN13

Score: 31.45
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 32.64
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 66.37
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1564.003 - Hidden Window
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

Turla

Score: 59.70
Matched TTPs:
  • T1056.001 - Keylogging
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1039 - Data from Network Shared Drive
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

LAPSUS$

Score: 47.11
Matched TTPs:
  • T1216.001 - PubPrn
  • T1584.003 - Virtual Private Server
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1065 - Uncommonly Used Port
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Contagious Interview

Score: 50.42
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 42.84
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1051 - Shared Webroot
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Inception

Score: 21.38
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 11.47
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 8.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Transparent Tribe

Score: 6.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT18

Score: 10.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Leviathan

Score: 28.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.014 - VDSO Hijacking
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Sidewinder

Score: 25.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 14.42
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT33

Score: 16.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 16.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 29.29
Matched TTPs:
  • T1491.002 - External Defacement
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Higaisa

Score: 9.25
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

APT19

Score: 9.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 27.80
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1134 - Access Token Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

TA2541

Score: 21.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Malteiro

Score: 8.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1506 - Web Session Cookie
MITREへのリンク →

Storm-1811

Score: 11.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 11.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 35.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1200 - Hardware Additions
  • T1159 - Launch Agent
MITREへのリンク →

Mofang

Score: 3.26
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Whitefly

Score: 5.33
Matched TTPs:
  • T1491.002 - External Defacement
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 10.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 33.85
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1142 - Keychain
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1519 - Emond
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Metador

Score: 4.90
Matched TTPs:
  • T1491.002 - External Defacement
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

TA551

Score: 13.36
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Mustard Tempest

Score: 8.28
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Daggerfly

Score: 12.81
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

GALLIUM

Score: 23.20
Matched TTPs:
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 50.45
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 43.34
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 14.37
Matched TTPs:
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 25.33
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 11.86
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

EXOTIC LILY

Score: 14.78
Matched TTPs:
  • T1114 - Email Collection
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

Sea Turtle

Score: 24.66
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 26.17
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Chimera

Score: 25.21
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
MITREへのリンク →

LazyScripter

Score: 15.38
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
MITREへのリンク →

Cobalt Group

Score: 23.01
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1199 - Trusted Relationship
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN7

Score: 45.23
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Gamaredon Group

Score: 67.15
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1200 - Hardware Additions
MITREへのリンク →

RedCurl

Score: 22.97
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1542.004 - ROMMONkit
  • T1059.011 - Lua
MITREへのリンク →

APT1

Score: 13.17
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
MITREへのリンク →

Winter Vivern

Score: 19.36
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1090 - Proxy
  • T1219.001 - IDE Tunneling
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Indrik Spider

Score: 19.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1570 - Lateral Tool Transfer
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 31.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 15.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 14.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 16.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1219.001 - IDE Tunneling
  • T1142 - Keychain
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 10.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Mustang Panda

Score: 43.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1677 - Poisoned Pipeline Execution
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1136.003 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Medusa Group

Score: 45.48
Matched TTPs:
  • T1036.008 - Masquerade File Type
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
  • T1204.001 - Malicious Link
  • T1216 - System Script Proxy Execution
MITREへのリンク →

MuddyWater

Score: 41.73
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

APT37

Score: 22.57
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Gallmaker

Score: 6.70
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

Patchwork

Score: 24.84
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

WIRTE

Score: 4.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
MITREへのリンク →

RTM

Score: 6.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 4.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

CURIUM

Score: 15.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1555.003 - Credentials from Web Browsers
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

DarkHydrus

Score: 5.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

FIN8

Score: 13.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

Star Blizzard

Score: 14.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

FIN6

Score: 22.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 3.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Gorgon Group

Score: 7.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Earth Lusca

Score: 34.14
Matched TTPs:
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

SideCopy

Score: 14.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Andariel

Score: 17.44
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 34.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1591.001 - Determine Physical Locations
  • T1008 - Fallback Channels
MITREへのリンク →

Naikon

Score: 5.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

Molerats

Score: 5.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

admin@338

Score: 8.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 7.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

IndigoZebra

Score: 4.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Silence

Score: 12.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Confucius

Score: 11.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

BlackTech

Score: 5.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 15.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 64.48
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027.005 - Indicator Removal from Tools
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
MITREへのリンク →

Storm-0501

Score: 19.31
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1090.004 - Domain Fronting
  • T1537 - Transfer Data to Cloud Account
  • T1204.001 - Malicious Link
MITREへのリンク →

ZIRCONIUM

Score: 19.41
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

HAFNIUM

Score: 27.48
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1039 - Data from Network Shared Drive
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aquatic Panda

Score: 12.80
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Poseidon Group

Score: 4.26
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Velvet Ant

Score: 19.73
Matched TTPs:
  • T1583.005 - Botnet
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

ToddyCat

Score: 14.26
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Stealth Falcon

Score: 5.74
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1562.012 - Disable or Modify Linux Audit System
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BlackByte

Score: 45.98
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1562.010 - Downgrade Attack
  • T1606.001 - Web Cookies
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
  • T1204.001 - Malicious Link
MITREへのリンク →

Cinnamon Tempest

Score: 7.65
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Rocke

Score: 21.86
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1537 - Transfer Data to Cloud Account
  • T1134 - Access Token Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 10.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Volatile Cedar

Score: 7.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 12.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

MoustachedBouncer

Score: 11.03
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
  • T1039 - Data from Network Shared Drive
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Carbanak

Score: 4.61
Matched TTPs:
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

SilverTerrier

Score: 6.91
Matched TTPs:
  • T1131 - Authentication Package
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Lotus Blossom

Score: 19.01
Matched TTPs:
  • T1059.009 - Cloud API
  • T1219.001 - IDE Tunneling
  • T1055.004 - Asynchronous Procedure Call
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1570 - Lateral Tool Transfer
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

Leafminer

Score: 14.57
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN5

Score: 6.56
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

POLONIUM

Score: 6.63
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1055.014 - VDSO Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.012 - Verclsid
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1537 - Transfer Data to Cloud Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1596.003 - Digital Certificates
  • T1114 - Email Collection
  • T1583.005 - Botnet
  • T1219.001 - IDE Tunneling
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1608 - Stage Capabilities
  • T1008 - Fallback Channels
  • T1690 - Prevent Command History Logging
  • T1003.003 - NTDS
  • T1566.002 - Spearphishing Link
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1598.003 - Spearphishing Link
  • T1051 - Shared Webroot
  • T1555.003 - Credentials from Web Browsers
  • T1506 - Web Session Cookie
  • T1059.011 - Lua
  • T1041 - Exfiltration Over C2 Channel
  • T1057 - Process Discovery
MITREへのリンク →

Volt Typhoon

Score: 0.66
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1056.002 - GUI Input Capture
  • T1065 - Uncommonly Used Port
  • T1574.002 - DLL Side-Loading
  • T1157 - Dylib Hijacking
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1537 - Transfer Data to Cloud Account
  • T1049 - System Network Connections Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1596.003 - Digital Certificates
  • T1114 - Email Collection
  • T1039 - Data from Network Shared Drive
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1070.006 - Timestomp
  • T1159 - Launch Agent
  • T1556.002 - Password Filter DLL
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134 - Access Token Manipulation
  • T1055.004 - Asynchronous Procedure Call
  • T1570 - Lateral Tool Transfer
  • T1176 - Software Extensions
  • T1488 - Disk Content Wipe
  • T1555.003 - Credentials from Web Browsers
  • T1164 - Re-opened Applications
  • T1057 - Process Discovery
MITREへのリンク →

Sandworm Team

Score: 0.62
Matched TTPs:
  • T1187 - Forced Authentication
  • T1157 - Dylib Hijacking
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1075 - Pass the Hash
  • T1049 - System Network Connections Discovery
  • T1573 - Encrypted Channel
  • T1562.012 - Disable or Modify Linux Audit System
  • T1564.008 - Email Hiding Rules
  • T1204.001 - Malicious Link
  • T1596.003 - Digital Certificates
  • T1114 - Email Collection
  • T1045 - Software Packing
  • T1583.005 - Botnet
  • T1219.001 - IDE Tunneling
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1005 - Data from Local System
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134 - Access Token Manipulation
  • T1558 - Steal or Forge Kerberos Tickets
  • T1055.004 - Asynchronous Procedure Call
  • T1193 - Spearphishing Attachment
  • T1566.002 - Spearphishing Link
  • T1027 - Obfuscated Files or Information
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1063 - Security Software Discovery
  • T1555.003 - Credentials from Web Browsers
  • T1059.011 - Lua
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1146 - Clear Command History
  • T1206 - Sudo Caching
  • T1584.003 - Virtual Private Server
  • T1157 - Dylib Hijacking
  • T1059.010 - AutoHotKey & AutoIT
  • T1200 - Hardware Additions
  • T1547.011 - Plist Modification
  • T1596.003 - Digital Certificates
  • T1542.004 - ROMMONkit
  • T1564.004 - NTFS File Attributes
  • T1039 - Data from Network Shared Drive
  • T1583.005 - Botnet
  • T1219.001 - IDE Tunneling
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1491.002 - External Defacement
  • T1552.005 - Cloud Instance Metadata API
  • T1558 - Steal or Forge Kerberos Tickets
  • T1566.003 - Spearphishing via Service
  • T1566.002 - Spearphishing Link
  • T1131 - Authentication Package
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1218.010 - Regsvr32
  • T1555.003 - Credentials from Web Browsers
  • T1057 - Process Discovery
MITREへのリンク →

Lazarus Group

Score: 0.55
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1606.001 - Web Cookies
  • T1218.012 - Verclsid
  • T1157 - Dylib Hijacking
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.011 - Plist Modification
  • T1596.003 - Digital Certificates
  • T1132.001 - Standard Encoding
  • T1219.001 - IDE Tunneling
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1070.006 - Timestomp
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
  • T1608.005 - Link Target
  • T1491.002 - External Defacement
  • T1055.004 - Asynchronous Procedure Call
  • T1547.008 - LSASS Driver
  • T1677 - Poisoned Pipeline Execution
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
  • T1174 - Password Filter DLL
  • T1057 - Process Discovery
MITREへのリンク →

Gamaredon Group

Score: 0.55
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1055.014 - VDSO Hijacking
  • T1606.001 - Web Cookies
  • T1090 - Proxy
  • T1218.012 - Verclsid
  • T1562.010 - Downgrade Attack
  • T1584.003 - Virtual Private Server
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1061 - Graphical User Interface
  • T1200 - Hardware Additions
  • T1542.004 - ROMMONkit
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1608.005 - Link Target
  • T1608 - Stage Capabilities
  • T1552.005 - Cloud Instance Metadata API
  • T1059.013 - Container CLI/API
  • T1597 - Search Closed Sources
  • T1684 - Social Engineering
  • T1570 - Lateral Tool Transfer
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1059.011 - Lua
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る