Trusted Design

From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect

概要

A newly discovered loader called SILENTCONNECT is being used in active campaigns to silently install ScreenConnect, a remote monitoring and management tool, on victim machines. The infection chain begins with users being redirected to a Cloudflare Turnstile CAPTCHA page disguised as a digital invitation. Upon clicking, a VBScript file is downloaded, which retrieves and executes C# source code in memory using PowerShell. SILENTCONNECT employs various evasion techniques, including PEB masquerading and UAC bypass. The campaigns leverage trusted hosting providers like Google Drive and Cloudflare, and abuse living-off-the-land binaries. The loader has been active since March 2025 and poses a significant threat due to its stealthy nature and effectiveness.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 64.74
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 76.13
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1219.002 - Remote Desktop Software
  • T1059.005 - Visual Basic
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 23.87
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 43.99
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1595.001 - Scanning IP Blocks
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
MITREへのリンク →

Indrik Spider

Score: 23.87
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1484.001 - Group Policy Modification
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 16.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1562.001 - Disable or Modify Tools
  • T1046 - Network Service Discovery
MITREへのリンク →

Contagious Interview

Score: 45.66
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1543.001 - Launch Agent
  • T1219.002 - Remote Desktop Software
  • T1059.005 - Visual Basic
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 69.20
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 17.08
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Lazarus Group

Score: 63.51
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA577

Score: 5.20
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 23.05
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1583.003 - Virtual Private Server
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT32

Score: 48.94
Matched TTPs:
  • T1216.001 - PubPrn
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 55.25
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.001 - Malware
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

Volt Typhoon

Score: 58.64
Matched TTPs:
  • T1584.008 - Network Devices
  • T1497.001 - System Checks
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1584.004 - Server
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT28

Score: 55.30
Matched TTPs:
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

ZIRCONIUM

Score: 25.85
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 44.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Axiom

Score: 23.97
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 26.93
Matched TTPs:
  • T1583.002 - DNS Server
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1110.003 - Password Spraying
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 37.84
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1090.001 - Internal Proxy
MITREへのリンク →

OilRig

Score: 51.16
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

UNC3886

Score: 23.16
Matched TTPs:
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 18.22
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 55.01
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1651 - Cloud Administration Command
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Play

Score: 13.04
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 8.71
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 23.03
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1027 - Obfuscated Files or Information
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 9.30
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 20.35
Matched TTPs:
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

TeamTNT

Score: 31.81
Matched TTPs:
  • T1587.001 - Malware
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 52.56
Matched TTPs:
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Cobalt Group

Score: 28.45
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1218.008 - Odbcconf
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 58.50
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Sidewinder

Score: 23.57
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 21.20
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gallmaker

Score: 6.62
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BITTER

Score: 12.25
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 32.40
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Patchwork

Score: 28.08
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Malteiro

Score: 8.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1657 - Financial Theft
  • T1059.005 - Visual Basic
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 8.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 6.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 6.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 33.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

WIRTE

Score: 8.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 10.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 6.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 17.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1583.003 - Virtual Private Server
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tropic Trooper

Score: 24.44
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1547.004 - Winlogon Helper DLL
  • T1083 - File and Directory Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dark Caracal

Score: 3.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
MITREへのリンク →

PLATINUM

Score: 12.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

menuPass

Score: 22.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

TA551

Score: 11.87
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 17.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Threat Group-3390

Score: 26.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 18.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT39

Score: 33.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1197 - BITS Jobs
  • T1546.010 - AppInit DLLs
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Higaisa

Score: 9.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1090.001 - Internal Proxy
MITREへのリンク →

Rancor

Score: 6.25
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 37.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1197 - BITS Jobs
  • T1555.004 - Windows Credential Manager
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Magic Hound

Score: 45.39
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN4

Score: 9.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 18.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 19.04
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 8.14
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Ajax Security Team

Score: 3.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 12.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN6

Score: 20.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1134 - Access Token Manipulation
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Whitefly

Score: 4.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA459

Score: 4.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

Nomadic Octopus

Score: 4.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 9.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 12.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 19.02
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 42.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1583.004 - Server
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 15.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tonto Team

Score: 12.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 14.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 25.53
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT38

Score: 39.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 4.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1046 - Network Service Discovery
MITREへのリンク →

Molerats

Score: 12.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

admin@338

Score: 3.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 67.84
Matched TTPs:
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 15.26
Matched TTPs:
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 16.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1110.003 - Password Spraying
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Silence

Score: 15.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Confucius

Score: 12.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 9.46
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 13.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 54.01
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1213.003 - Code Repositories
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Storm-0501

Score: 24.41
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1484.001 - Group Policy Modification
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1059.001 - PowerShell
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Evilnum

Score: 10.24
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 11.32
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1110.003 - Password Spraying
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Medusa Group

Score: 42.84
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Chimera

Score: 23.42
Matched TTPs:
  • T1574.001 - DLL
  • T1110.003 - Password Spraying
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1556.001 - Domain Controller Authentication
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Cinnamon Tempest

Score: 17.11
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1484.001 - Group Policy Modification
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Velvet Ant

Score: 22.53
Matched TTPs:
  • T1574.001 - DLL
  • T1071 - Application Layer Protocol
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Aquatic Panda

Score: 12.99
Matched TTPs:
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

GALLIUM

Score: 19.88
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT3

Score: 23.98
Matched TTPs:
  • T1574.001 - DLL
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1104 - Multi-Stage Channels
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 9.27
Matched TTPs:
  • T1574.001 - DLL
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BackdoorDiplomacy

Score: 13.11
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 61.77
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1484.001 - Group Policy Modification
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1197 - BITS Jobs
  • T1213.003 - Code Repositories
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

HAFNIUM

Score: 23.20
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

APT5

Score: 11.64
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Rocke

Score: 24.87
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

INC Ransom

Score: 21.38
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

Winter Vivern

Score: 21.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 37.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1134.003 - Make and Impersonate Token
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Mustard Tempest

Score: 9.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT42

Score: 18.09
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.86
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
MITREへのリンク →

Fox Kitten

Score: 25.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

ToddyCat

Score: 5.91
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

Blue Mockingbird

Score: 16.28
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

DarkVishnya

Score: 6.01
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
MITREへのリンク →

Carbanak

Score: 9.60
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Akira

Score: 11.48
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

LAPSUS$

Score: 29.03
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1213.003 - Code Repositories
  • T1003.003 - NTDS
MITREへのリンク →

Lotus Blossom

Score: 12.52
Matched TTPs:
  • T1112 - Modify Registry
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Stealth Falcon

Score: 6.48
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Leafminer

Score: 13.00
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1110.003 - Password Spraying
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1046 - Network Service Discovery
MITREへのリンク →

Deep Panda

Score: 8.60
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN5

Score: 5.02
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

CopyKittens

Score: 3.99
Matched TTPs:
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

MoustachedBouncer

Score: 3.14
Matched TTPs:
  • T1090 - Proxy
  • T1059.001 - PowerShell
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT1

Score: 6.05
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1550.002 - Pass the Hash
MITREへのリンク →

APT18

Score: 3.50
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Thrip

Score: 4.58
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN10

Score: 3.07
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1583.004 - Server
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
  • T1102.002 - Bidirectional Communication
  • T1059.001 - PowerShell
  • T1083 - File and Directory Discovery
  • T1583 - Acquire Infrastructure
  • T1550.002 - Pass the Hash
  • T1027 - Obfuscated Files or Information
  • T1620 - Reflective Code Loading
  • T1555.003 - Credentials from Web Browsers
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1059.005 - Visual Basic
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1598.003 - Spearphishing Link
  • T1552.001 - Credentials In Files
  • T1055 - Process Injection
  • T1534 - Internal Spearphishing
  • T1112 - Modify Registry
  • T1562.004 - Disable or Modify System Firewall
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1218.010 - Regsvr32
  • T1102.001 - Dead Drop Resolver
  • T1204.002 - Malicious File
  • T1027.012 - LNK Icon Smuggling
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1583.004 - Server
  • T1204.001 - Malicious Link
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1059.001 - PowerShell
  • T1083 - File and Directory Discovery
  • T1583 - Acquire Infrastructure
  • T1027 - Obfuscated Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1059.005 - Visual Basic
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1584.005 - Botnet
  • T1592.002 - Software
  • T1588.002 - Tool
  • T1598.003 - Spearphishing Link
  • T1486 - Data Encrypted for Impact
  • T1003.003 - NTDS
  • T1090 - Proxy
  • T1195 - Supply Chain Compromise
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1219 - Remote Access Tools
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
  • T1078 - Valid Accounts
  • T1491.002 - External Defacement
MITREへのリンク →

Gamaredon Group

Score: 0.62
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1204.001 - Malicious Link
  • T1102.002 - Bidirectional Communication
  • T1059.001 - PowerShell
  • T1083 - File and Directory Discovery
  • T1583.003 - Virtual Private Server
  • T1027 - Obfuscated Files or Information
  • T1620 - Reflective Code Loading
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1497.001 - System Checks
  • T1059.005 - Visual Basic
  • T1102.003 - One-Way Communication
  • T1491.001 - Internal Defacement
  • T1001 - Data Obfuscation
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1055 - Process Injection
  • T1534 - Internal Spearphishing
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1608.001 - Upload Malware
  • T1027.004 - Compile After Delivery
  • T1102 - Web Service
  • T1204.002 - Malicious File
  • T1027.012 - LNK Icon Smuggling
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustang Panda

Score: 0.60
Matched TTPs:
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1204.001 - Malicious Link
  • T1059.001 - PowerShell
  • T1083 - File and Directory Discovery
  • T1027 - Obfuscated Files or Information
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1059.005 - Visual Basic
  • T1203 - Exploitation for Client Execution
  • T1583.006 - Web Services
  • T1046 - Network Service Discovery
  • T1588.002 - Tool
  • T1598.003 - Spearphishing Link
  • T1003.003 - NTDS
  • T1176.002 - IDE Extensions
  • T1678 - Delay Execution
  • T1608 - Stage Capabilities
  • T1518 - Software Discovery
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1102 - Web Service
  • T1204.002 - Malicious File
  • T1027.012 - LNK Icon Smuggling
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lazarus Group

Score: 0.58
Matched TTPs:
  • T1574.001 - DLL
  • T1102.002 - Bidirectional Communication
  • T1584.004 - Server
  • T1059.001 - PowerShell
  • T1189 - Drive-by Compromise
  • T1083 - File and Directory Discovery
  • T1574.013 - KernelCallbackTable
  • T1620 - Reflective Code Loading
  • T1027.009 - Embedded Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.005 - Mshta
  • T1059.005 - Visual Basic
  • T1203 - Exploitation for Client Execution
  • T1491.001 - Internal Defacement
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1090.002 - External Proxy
  • T1046 - Network Service Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1090.001 - Internal Proxy
  • T1562.004 - Disable or Modify System Firewall
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
  • T1078 - Valid Accounts
  • T1027.007 - Dynamic API Resolution
  • T1110.003 - Password Spraying
MITREへのリンク →

APT41

Score: 0.57
Matched TTPs:
  • T1574.001 - DLL
  • T1569.002 - Service Execution
  • T1059.001 - PowerShell
  • T1213.003 - Code Repositories
  • T1083 - File and Directory Discovery
  • T1550.002 - Pass the Hash
  • T1027 - Obfuscated Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1104 - Multi-Stage Channels
  • T1197 - BITS Jobs
  • T1046 - Network Service Discovery
  • T1595.003 - Wordlist Scanning
  • T1588.002 - Tool
  • T1484.001 - Group Policy Modification
  • T1003.003 - NTDS
  • T1486 - Data Encrypted for Impact
  • T1596.005 - Scan Databases
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1546.008 - Accessibility Features
  • T1102.001 - Dead Drop Resolver
  • T1105 - Ingress Tool Transfer
  • T1078 - Valid Accounts
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る