Pulse Detail-

Mustang Panda

Score: 39.08

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1596.001 - DNS/Passive DNS
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1555.003 - Credentials from Web Browsers
T1183 - Image File Execution Options Injection
T1136.001 - Local Account
T1677 - Poisoned Pipeline Execution
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1569.001 - Launchctl
T1199 - Trusted Relationship
T1159 - Launch Agent

MITREへのリンク →

Kimsuky

Score: 39.10

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1033 - System Owner/User Discovery
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1183 - Image File Execution Options Injection
T1218.012 - Verclsid
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1003.003 - NTDS

MITREへのリンク →

Sea Turtle

Score: 32.08

Matched TTPs:

T1037 - Boot or Logon Initialization Scripts
T1033 - System Owner/User Discovery
T1596.001 - DNS/Passive DNS
T1499.003 - Application Exhaustion Flood
T1063 - Security Software Discovery
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1137.004 - Outlook Home Page
T1059.013 - Container CLI/API

MITREへのリンク →

Ember Bear

Score: 36.86

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1584.008 - Network Devices
T1218.013 - Mavinject
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1564.013 - Bind Mounts
T1136.002 - Domain Account
T1059.001 - PowerShell
T1597 - Search Closed Sources
T1519 - Emond
T1003.003 - NTDS

MITREへのリンク →

Indrik Spider

Score: 15.52

Matched TTPs:

T1033 - System Owner/User Discovery
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1183 - Image File Execution Options Injection
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1546.016 - Installer Packages

MITREへのリンク →

Agrius

Score: 10.66

Matched TTPs:

T1033 - System Owner/User Discovery
T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1597 - Search Closed Sources

MITREへのリンク →

Contagious Interview

Score: 35.86

Matched TTPs:

T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1021.006 - Windows Remote Management
T1183 - Image File Execution Options Injection
T1218.008 - Odbcconf
T1016 - System Network Configuration Discovery
T1064 - Scripting
T1199 - Trusted Relationship
T1597 - Search Closed Sources

MITREへのリンク →

Sandworm Team

Score: 50.77

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1063 - Security Software Discovery
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1183 - Image File Execution Options Injection
T1193 - Spearphishing Attachment
T1055.004 - Asynchronous Procedure Call
T1049 - System Network Connections Discovery
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1546.016 - Installer Packages

MITREへのリンク →

Star Blizzard

Score: 17.15

Matched TTPs:

T1033 - System Owner/User Discovery
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1183 - Image File Execution Options Injection
T1657 - Financial Theft
T1199 - Trusted Relationship

MITREへのリンク →

Akira

Score: 13.10

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1218.013 - Mavinject
T1137.005 - Outlook Rules
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

HAFNIUM

Score: 22.67

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1218.008 - Odbcconf
T1049 - System Network Connections Discovery
T1122 - Component Object Model Hijacking
T1039 - Data from Network Shared Drive

MITREへのリンク →

LAPSUS$

Score: 39.84

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1547.005 - Security Support Provider
T1562.012 - Disable or Modify Linux Audit System
T1019 - System Firmware
T1193 - Spearphishing Attachment
T1218.008 - Odbcconf
T1136.002 - Domain Account
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1137.004 - Outlook Home Page
T1065 - Uncommonly Used Port
T1564.003 - Hidden Window

MITREへのリンク →

Chimera

Score: 7.01

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1218.013 - Mavinject
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship

MITREへのリンク →

APT28

Score: 30.66

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1071.004 - DNS
T1218.013 - Mavinject
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1104 - Multi-Stage Channels
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1566.003 - Spearphishing via Service

MITREへのリンク →

Ke3chang

Score: 17.01

Matched TTPs:

T1574.007 - Path Interception by PATH Environment Variable
T1584.008 - Network Devices
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship

MITREへのリンク →

Daggerfly

Score: 11.64

Matched TTPs:

T1584.008 - Network Devices
T1573 - Encrypted Channel
T1174 - Password Filter DLL
T1546.016 - Installer Packages

MITREへのリンク →

GALLIUM

Score: 11.70

Matched TTPs:

T1584.008 - Network Devices
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1174 - Password Filter DLL

MITREへのリンク →

APT29

Score: 37.21

Matched TTPs:

T1584.008 - Network Devices
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1568 - Dynamic Resolution
T1218.012 - Verclsid
T1104 - Multi-Stage Channels
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1683 - Generate Content
T1223 - Compiled HTML File

MITREへのリンク →

FIN13

Score: 26.86

Matched TTPs:

T1584.008 - Network Devices
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1564.013 - Bind Mounts
T1055.004 - Asynchronous Procedure Call
T1134.001 - Token Impersonation/Theft
T1199 - Trusted Relationship
T1053.006 - Systemd Timers

MITREへのリンク →

Dragonfly

Score: 27.45

Matched TTPs:

T1584.008 - Network Devices
T1566.002 - Spearphishing Link
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1193 - Spearphishing Attachment
T1657 - Financial Theft
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1546.016 - Installer Packages

MITREへのリンク →

APT41

Score: 33.83

Matched TTPs:

T1584.008 - Network Devices
T1071.004 - DNS
T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1562.012 - Disable or Modify Linux Audit System
T1177 - LSASS Driver
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1547.006 - Kernel Modules and Extensions
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1002 - Data Compressed
T1564.003 - Hidden Window

MITREへのリンク →

APT5

Score: 16.17

Matched TTPs:

T1584.008 - Network Devices
T1218.013 - Mavinject
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1677 - Poisoned Pipeline Execution
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

menuPass

Score: 16.56

Matched TTPs:

T1584.008 - Network Devices
T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1055.004 - Asynchronous Procedure Call
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1174 - Password Filter DLL

MITREへのリンク →

Threat Group-3390

Score: 25.03

Matched TTPs:

T1584.008 - Network Devices
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1555.003 - Credentials from Web Browsers
T1055.004 - Asynchronous Procedure Call
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1573 - Encrypted Channel

MITREへのリンク →

Wizard Spider

Score: 16.71

Matched TTPs:

T1584.008 - Network Devices
T1038 - DLL Search Order Hijacking
T1183 - Image File Execution Options Injection
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie

MITREへのリンク →

Silent Librarian

Score: 12.59

Matched TTPs:

T1596.001 - DNS/Passive DNS
T1566.002 - Spearphishing Link
T1183 - Image File Execution Options Injection
T1584.005 - Botnet
T1199 - Trusted Relationship

MITREへのリンク →

Lazarus Group

Score: 35.16

Matched TTPs:

T1596.001 - DNS/Passive DNS
T1071.004 - DNS
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1009 - Binary Padding
T1183 - Image File Execution Options Injection
T1677 - Poisoned Pipeline Execution
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1606.001 - Web Cookies
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1174 - Password Filter DLL
T1546.016 - Installer Packages

MITREへのリンク →

UNC3886

Score: 27.70

Matched TTPs:

T1596.001 - DNS/Passive DNS
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1564.013 - Bind Mounts
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1606 - Forge Web Credentials
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive

MITREへのリンク →

LuminousMoth

Score: 15.51

Matched TTPs:

T1596.001 - DNS/Passive DNS
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1584.005 - Botnet
T1199 - Trusted Relationship

MITREへのリンク →

BlackTech

Score: 5.47

Matched TTPs:

T1596.001 - DNS/Passive DNS
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Axiom

Score: 16.76

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1049 - System Network Connections Discovery
T1114.002 - Remote Email Collection

MITREへのリンク →

HEXANE

Score: 25.66

Matched TTPs:

T1499.003 - Application Exhaustion Flood
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1055.004 - Asynchronous Procedure Call
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1065 - Uncommonly Used Port
T1159 - Launch Agent

MITREへのリンク →

TeamTNT

Score: 25.27

Matched TTPs:

T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1009 - Binary Padding
T1071.003 - Mail Protocols
T1055.004 - Asynchronous Procedure Call
T1547.006 - Kernel Modules and Extensions
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1519 - Emond

MITREへのリンク →

Gamaredon Group

Score: 24.52

Matched TTPs:

T1218.013 - Mavinject
T1562.009 - Safe Mode Boot
T1091 - Replication Through Removable Media
T1218.012 - Verclsid
T1606.001 - Web Cookies
T1055.014 - VDSO Hijacking
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1059.013 - Container CLI/API
T1506 - Web Session Cookie

MITREへのリンク →

Volt Typhoon

Score: 34.43

Matched TTPs:

T1218.013 - Mavinject
T1562.009 - Safe Mode Boot
T1176 - Software Extensions
T1140 - Deobfuscate/Decode Files or Information
T1547.005 - Security Support Provider
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1055.004 - Asynchronous Procedure Call
T1049 - System Network Connections Discovery
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1065 - Uncommonly Used Port
T1546.016 - Installer Packages
T1159 - Launch Agent

MITREへのリンク →

BRONZE BUTLER

Score: 6.53

Matched TTPs:

T1218.013 - Mavinject
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1159 - Launch Agent

MITREへのリンク →

TA2541

Score: 12.45

Matched TTPs:

T1218.013 - Mavinject
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie

MITREへのリンク →

APT42

Score: 13.82

Matched TTPs:

T1218.013 - Mavinject
T1091 - Replication Through Removable Media
T1562.012 - Disable or Modify Linux Audit System
T1183 - Image File Execution Options Injection
T1677 - Poisoned Pipeline Execution
T1199 - Trusted Relationship
T1506 - Web Session Cookie

MITREへのリンク →

Storm-1811

Score: 4.33

Matched TTPs:

T1218.013 - Mavinject
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information

MITREへのリンク →

FIN7

Score: 27.69

Matched TTPs:

T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1218.012 - Verclsid
T1584.005 - Botnet
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel
T1065 - Uncommonly Used Port

MITREへのリンク →

Mustard Tempest

Score: 3.11

Matched TTPs:

T1218.013 - Mavinject
T1091 - Replication Through Removable Media

MITREへのリンク →

MuddyWater

Score: 26.53

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1518.002 - Backup Software Discovery
T1562.012 - Disable or Modify Linux Audit System
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1159 - Launch Agent

MITREへのリンク →

Patchwork

Score: 8.40

Matched TTPs:

T1218.013 - Mavinject
T1566.002 - Spearphishing Link
T1562.012 - Disable or Modify Linux Audit System
T1199 - Trusted Relationship
T1506 - Web Session Cookie

MITREへのリンク →

Earth Lusca

Score: 21.16

Matched TTPs:

T1218.013 - Mavinject
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1218.001 - Compiled HTML File
T1546.016 - Installer Packages

MITREへのリンク →

BackdoorDiplomacy

Score: 9.41

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship

MITREへのリンク →

RedCurl

Score: 12.16

Matched TTPs:

T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1562.012 - Disable or Modify Linux Audit System
T1122 - Component Object Model Hijacking
T1574.010 - Services File Permissions Weakness

MITREへのリンク →

Naikon

Score: 3.04

Matched TTPs:

T1218.013 - Mavinject
T1506 - Web Session Cookie

MITREへのリンク →

Aquatic Panda

Score: 8.14

Matched TTPs:

T1218.013 - Mavinject
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie

MITREへのリンク →

APT32

Score: 20.57

Matched TTPs:

T1218.013 - Mavinject
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1547.005 - Security Support Provider
T1555.003 - Credentials from Web Browsers
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1174 - Password Filter DLL

MITREへのリンク →

Tropic Trooper

Score: 12.90

Matched TTPs:

T1218.013 - Mavinject
T1555.003 - Credentials from Web Browsers
T1055.004 - Asynchronous Procedure Call
T1683 - Generate Content
T1506 - Web Session Cookie
T1159 - Launch Agent

MITREへのリンク →

Magic Hound

Score: 41.56

Matched TTPs:

T1218.013 - Mavinject
T1566.002 - Spearphishing Link
T1070.003 - Clear Command History
T1140 - Deobfuscate/Decode Files or Information
T1021.008 - Direct Cloud VM Connections
T1547.005 - Security Support Provider
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1564.013 - Bind Mounts
T1183 - Image File Execution Options Injection
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1683 - Generate Content
T1098.002 - Additional Email Delegate Permissions

MITREへのリンク →

INC Ransom

Score: 9.33

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

Whitefly

Score: 4.08

Matched TTPs:

T1218.013 - Mavinject
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive

MITREへのリンク →

OilRig

Score: 27.87

Matched TTPs:

T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1562.009 - Safe Mode Boot
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1009 - Binary Padding
T1562.012 - Disable or Modify Linux Audit System
T1555.003 - Credentials from Web Browsers
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1592.002 - Software

MITREへのリンク →

Carbanak

Score: 4.33

Matched TTPs:

T1218.013 - Mavinject
T1009 - Binary Padding
T1199 - Trusted Relationship

MITREへのリンク →

Darkhotel

Score: 10.32

Matched TTPs:

T1218.013 - Mavinject
T1562.009 - Safe Mode Boot
T1064 - Scripting
T1506 - Web Session Cookie

MITREへのリンク →

APT1

Score: 8.47

Matched TTPs:

T1218.013 - Mavinject
T1183 - Image File Execution Options Injection
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship

MITREへのリンク →

Blue Mockingbird

Score: 10.92

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.006 - Kernel Modules and Extensions
T1505 - Server Software Component

MITREへのリンク →

Sidewinder

Score: 14.20

Matched TTPs:

T1218.013 - Mavinject
T1566.002 - Spearphishing Link
T1218.012 - Verclsid
T1657 - Financial Theft
T1506 - Web Session Cookie
T1159 - Launch Agent

MITREへのリンク →

APT39

Score: 5.22

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship

MITREへのリンク →

Velvet Ant

Score: 11.14

Matched TTPs:

T1218.013 - Mavinject
T1009 - Binary Padding
T1055.004 - Asynchronous Procedure Call
T1597 - Search Closed Sources
T1566.003 - Spearphishing via Service

MITREへのリンク →

Fox Kitten

Score: 10.40

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1059.001 - PowerShell

MITREへのリンク →

ToddyCat

Score: 8.58

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1055.004 - Asynchronous Procedure Call
T1506 - Web Session Cookie

MITREへのリンク →

SideCopy

Score: 13.72

Matched TTPs:

T1218.013 - Mavinject
T1091 - Replication Through Removable Media
T1218.012 - Verclsid
T1657 - Financial Theft
T1506 - Web Session Cookie
T1159 - Launch Agent

MITREへのリンク →

Turla

Score: 28.28

Matched TTPs:

T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1063 - Security Software Discovery
T1176 - Software Extensions
T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1039 - Data from Network Shared Drive
T1506 - Web Session Cookie
T1546.016 - Installer Packages

MITREへのリンク →

Rocke

Score: 15.89

Matched TTPs:

T1218.013 - Mavinject
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1547.006 - Kernel Modules and Extensions
T1597 - Search Closed Sources
T1059.013 - Container CLI/API
T1506 - Web Session Cookie

MITREへのリンク →

Moonstone Sleet

Score: 14.08

Matched TTPs:

T1606.002 - SAML Tokens
T1566.002 - Spearphishing Link
T1091 - Replication Through Removable Media
T1183 - Image File Execution Options Injection
T1027 - Obfuscated Files or Information
T1573 - Encrypted Channel

MITREへのリンク →

Salt Typhoon

Score: 6.76

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1199 - Trusted Relationship

MITREへのリンク →

Play

Score: 8.11

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie

MITREへのリンク →

Moses Staff

Score: 8.52

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship

MITREへのリンク →

FIN6

Score: 14.26

Matched TTPs:

T1063 - Security Software Discovery
T1562.012 - Disable or Modify Linux Audit System
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive
T1505 - Server Software Component

MITREへのリンク →

Evilnum

Score: 3.44

Matched TTPs:

T1562.009 - Safe Mode Boot

MITREへのリンク →

Scattered Spider

Score: 27.44

Matched TTPs:

T1566.002 - Spearphishing Link
T1547.005 - Security Support Provider
T1019 - System Firmware
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1564.003 - Hidden Window
T1027.002 - Software Packing

MITREへのリンク →

ZIRCONIUM

Score: 6.61

Matched TTPs:

T1566.002 - Spearphishing Link
T1562.012 - Disable or Modify Linux Audit System
T1039 - Data from Network Shared Drive

MITREへのリンク →

CURIUM

Score: 10.13

Matched TTPs:

T1566.002 - Spearphishing Link
T1555.003 - Credentials from Web Browsers
T1183 - Image File Execution Options Injection
T1218.001 - Compiled HTML File

MITREへのリンク →

BlackByte

Score: 27.79

Matched TTPs:

T1070.003 - Clear Command History
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1606.001 - Web Cookies
T1134.001 - Token Impersonation/Theft
T1597 - Search Closed Sources
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

LazyScripter

Score: 6.77

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1218.012 - Verclsid

MITREへのリンク →

TA505

Score: 11.47

Matched TTPs:

T1091 - Replication Through Removable Media
T1562.012 - Disable or Modify Linux Audit System
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information

MITREへのリンク →

BITTER

Score: 8.54

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1683 - Generate Content

MITREへのリンク →

Saint Bear

Score: 7.61

Matched TTPs:

T1091 - Replication Through Removable Media
T1064 - Scripting
T1597 - Search Closed Sources

MITREへのリンク →

EXOTIC LILY

Score: 4.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1183 - Image File Execution Options Injection

MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.14

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1573 - Encrypted Channel

MITREへのリンク →

Medusa Group

Score: 23.42

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1183 - Image File Execution Options Injection
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie
T1598 - Phishing for Information

MITREへのリンク →

Storm-0501

Score: 5.71

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

Winter Vivern

Score: 5.09

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.001 - Compiled HTML File

MITREへのリンク →

Leviathan

Score: 11.98

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1183 - Image File Execution Options Injection
T1055.014 - VDSO Hijacking
T1546.016 - Installer Packages

MITREへのリンク →

Volatile Cedar

Score: 7.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1002 - Data Compressed

MITREへのリンク →

Cobalt Group

Score: 11.90

Matched TTPs:

T1518.002 - Backup Software Discovery
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1573 - Encrypted Channel
T1506 - Web Session Cookie

MITREへのリンク →

APT38

Score: 18.35

Matched TTPs:

T1009 - Binary Padding
T1555.003 - Credentials from Web Browsers
T1055.004 - Asynchronous Procedure Call
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027 - Obfuscated Files or Information
T1174 - Password Filter DLL
T1506 - Web Session Cookie

MITREへのリンク →

Malteiro

Score: 3.95

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1506 - Web Session Cookie

MITREへのリンク →

APT3

Score: 7.07

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1177 - LSASS Driver
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

APT33

Score: 5.00

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive

MITREへのリンク →

Inception

Score: 7.99

Matched TTPs:

T1562.012 - Disable or Modify Linux Audit System
T1218.012 - Verclsid
T1199 - Trusted Relationship
T1159 - Launch Agent

MITREへのリンク →

Deep Panda

Score: 5.05

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver

MITREへのリンク →

Tonto Team

Score: 6.61

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1059.001 - PowerShell
T1039 - Data from Network Shared Drive

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Andariel

Score: 4.19

Matched TTPs:

T1136.002 - Domain Account
T1055.004 - Asynchronous Procedure Call

MITREへのリンク →

Equation

Score: 4.54

Matched TTPs:

T1589.003 - Employee Names

MITREへのリンク →

Lotus Blossom

Score: 6.43

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1199 - Trusted Relationship
T1505 - Server Software Component

MITREへのリンク →

POLONIUM

Score: 3.60

Matched TTPs:

T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship

MITREへのリンク →

FIN4

Score: 4.13

Matched TTPs:

T1574.010 - Services File Permissions Weakness

MITREへのリンク →

FIN8

Score: 7.18

Matched TTPs:

T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1027 - Obfuscated Files or Information
T1506 - Web Session Cookie

MITREへのリンク →

Windshift

Score: 4.65

Matched TTPs:

T1506 - Web Session Cookie
T1159 - Launch Agent

MITREへのリンク →

Sandworm Team

Score: 0.70

Matched TTPs:

T1063 - Security Software Discovery
T1055.004 - Asynchronous Procedure Call
T1564.008 - Email Hiding Rules
T1122 - Component Object Model Hijacking
T1049 - System Network Connections Discovery
T1562.012 - Disable or Modify Linux Audit System
T1005 - Data from Local System
T1027 - Obfuscated Files or Information
T1140 - Deobfuscate/Decode Files or Information
T1183 - Image File Execution Options Injection
T1573 - Encrypted Channel
T1193 - Spearphishing Attachment
T1555.003 - Credentials from Web Browsers
T1606.002 - SAML Tokens
T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1566.002 - Spearphishing Link
T1218.013 - Mavinject
T1546.016 - Installer Packages
T1199 - Trusted Relationship

MITREへのリンク →

Magic Hound

Score: 0.57

Matched TTPs:

T1183 - Image File Execution Options Injection
T1055.004 - Asynchronous Procedure Call
T1070.003 - Clear Command History
T1098.002 - Additional Email Delegate Permissions
T1566.002 - Spearphishing Link
T1683 - Generate Content
T1218.013 - Mavinject
T1555.003 - Credentials from Web Browsers
T1597 - Search Closed Sources
T1199 - Trusted Relationship
T1027 - Obfuscated Files or Information
T1009 - Binary Padding
T1547.005 - Security Support Provider
T1021.008 - Direct Cloud VM Connections
T1564.013 - Bind Mounts
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

AI Infrastructure Supply Chain Poisoning Alert

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ