Trusted Design

Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories

概要

Void Dokkaebi, also known as Famous Chollima, has evolved its operations into a self-propagating supply chain threat targeting software developers. The North Korea-aligned group uses fabricated job interviews to lure developers into cloning malicious repositories. Once compromised, the victim's machine becomes an infection vector through two mechanisms: malicious VS Code task configurations that execute automatically when workspaces are opened, and active injection of obfuscated JavaScript into source code files with Git history tampering to conceal modifications. This creates a worm-like propagation chain where each compromised developer seeds new repositories with infection vectors. Analysis in March 2026 identified over 750 infected repositories, with contamination reaching organizations including DataStax and Neutralinojs. The campaign delivers payloads via blockchain infrastructure including Tron, Aptos, and Binance Smart Chain, deploying variants of DEV#POPPER RAT and other tools to steal cryptocurre...

Created: 2026-04-21

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 40.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1218.008 - Odbcconf
  • T1593.003 - Code Repositories
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

menuPass

Score: 28.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Wizard Spider

Score: 41.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1593.003 - Code Repositories
  • T1083 - File and Directory Discovery
  • T1567.001 - Exfiltration to Code Repository
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 24.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.016 - Junk Code Insertion
  • T1051 - Shared Webroot
  • T1567.001 - Exfiltration to Code Repository
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 24.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Volt Typhoon

Score: 41.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1083 - File and Directory Discovery
  • T1552.008 - Chat Messages
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1584.002 - DNS Server
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT1

Score: 12.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1591.004 - Identify Roles
  • T1668 - Exclusive Control
MITREへのリンク →

Mustang Panda

Score: 61.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1183 - Image File Execution Options Injection
  • T1092 - Communication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 18.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
MITREへのリンク →

Chimera

Score: 26.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1003.007 - Proc Filesystem
  • T1027.016 - Junk Code Insertion
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
  • T1665 - Hide Infrastructure
MITREへのリンク →

Sea Turtle

Score: 18.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.003 - Application Exhaustion Flood
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT39

Score: 24.53
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedCurl

Score: 20.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1128 - Netsh Helper DLL
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 14.30
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1180 - Screensaver
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Agrius

Score: 17.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1087.004 - Cloud Account
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
MITREへのリンク →

GALLIUM

Score: 23.77
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1593.003 - Code Repositories
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
MITREへのリンク →

APT41

Score: 52.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1177 - LSASS Driver
  • T1041 - Exfiltration Over C2 Channel
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1574.009 - Path Interception by Unquoted Path
  • T1564.003 - Hidden Window
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MuddyWater

Score: 39.90
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 69.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
  • T1585 - Establish Accounts
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 40.26
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1039 - Data from Network Shared Drive
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 14.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 25.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Kimsuky

Score: 91.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1092 - Communication Through Removable Media
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
  • T1565.002 - Transmitted Data Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 19.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1051 - Shared Webroot
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 19.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 31.98
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Lotus Blossom

Score: 9.73
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

FIN13

Score: 25.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1134.001 - Token Impersonation/Theft
  • T1591.004 - Identify Roles
  • T1668 - Exclusive Control
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Earth Lusca

Score: 25.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1546.013 - PowerShell Profile
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 50.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1592.003 - Firmware
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Aquatic Panda

Score: 11.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1668 - Exclusive Control
MITREへのリンク →

INC Ransom

Score: 19.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
MITREへのリンク →

Akira

Score: 15.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

ToddyCat

Score: 15.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 63.90
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1586.003 - Cloud Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1218.008 - Odbcconf
  • T1016 - System Network Configuration Discovery
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1690 - Prevent Command History Logging
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 72.41
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1019 - System Firmware
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1051 - Shared Webroot
  • T1552.003 - Shell History
  • T1087.004 - Cloud Account
  • T1556.008 - Network Provider DLL
  • T1210 - Exploitation of Remote Services
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1565.002 - Transmitted Data Manipulation
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN4

Score: 7.79
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Inception

Score: 11.10
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 6.84
Matched TTPs:
  • T1491.002 - External Defacement
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 7.09
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 15.46
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1064 - Scripting
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 8.60
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 6.72
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1157 - Dylib Hijacking
  • T1591.004 - Identify Roles
MITREへのリンク →

Leviathan

Score: 33.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 17.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lazarus Group

Score: 57.36
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1210 - Exploitation of Remote Services
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 20.22
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 13.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 26.43
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 11.70
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT19

Score: 9.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1055.013 - Process Doppelgänging
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Threat Group-3390

Score: 28.41
Matched TTPs:
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA2541

Score: 20.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 8.94
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Storm-1811

Score: 16.40
Matched TTPs:
  • T1491.002 - External Defacement
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1591.004 - Identify Roles
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 10.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 25.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1665 - Hide Infrastructure
MITREへのリンク →

Mofang

Score: 3.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Whitefly

Score: 6.03
Matched TTPs:
  • T1491.002 - External Defacement
  • T1055.013 - Process Doppelgänging
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 7.50
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

TeamTNT

Score: 34.16
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1071.003 - Mail Protocols
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1519 - Emond
  • T1665 - Hide Infrastructure
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

OilRig

Score: 41.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT32

Score: 46.17
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1092 - Communication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 24.03
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 30.13
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1128 - Netsh Helper DLL
  • T1591.004 - Identify Roles
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

MoustachedBouncer

Score: 4.07
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

TA577

Score: 4.29
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 14.23
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 11.91
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
MITREへのリンク →

LazyScripter

Score: 15.75
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 46.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1092 - Communication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 30.49
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1039 - Data from Network Shared Drive
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Indrik Spider

Score: 27.15
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1552.008 - Chat Messages
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1591.004 - Identify Roles
  • T1498 - Network Denial of Service
  • T1134 - Access Token Manipulation
MITREへのリンク →

Molerats

Score: 6.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 17.14
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.016 - Junk Code Insertion
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA578

Score: 5.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 6.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 19.57
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

TA551

Score: 11.05
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1591.004 - Identify Roles
MITREへのリンク →

HEXANE

Score: 24.85
Matched TTPs:
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1027.016 - Junk Code Insertion
  • T1055.014 - VDSO Hijacking
  • T1097 - Pass the Ticket
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT29

Score: 59.76
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1568 - Dynamic Resolution
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1555.004 - Windows Credential Manager
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 51.92
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1092 - Communication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1087.004 - Cloud Account
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 9.64
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 15.78
Matched TTPs:
  • T1584.008 - Network Devices
  • T1530 - Data from Cloud Storage
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 45.03
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ember Bear

Score: 35.59
Matched TTPs:
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.016 - Junk Code Insertion
  • T1051 - Shared Webroot
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1134 - Access Token Manipulation
  • T1668 - Exclusive Control
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 13.28
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LuminousMoth

Score: 17.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1087.004 - Cloud Account
  • T1574.009 - Path Interception by Unquoted Path
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 52.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1686.003 - Windows Host Firewall
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 9.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1498 - Network Denial of Service
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1218.010 - Regsvr32
MITREへのリンク →

Storm-0501

Score: 28.95
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1686.003 - Windows Host Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1506 - Web Session Cookie
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Rocke

Score: 24.69
Matched TTPs:
  • T1180 - Screensaver
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1027.004 - Compile After Delivery
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT38

Score: 35.92
Matched TTPs:
  • T1180 - Screensaver
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1590 - Gather Victim Network Information
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
  • T1493 - Transmitted Data Manipulation
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 17.72
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027.016 - Junk Code Insertion
  • T1609 - Container Administration Command
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 20.20
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1562.012 - Disable or Modify Linux Audit System
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1039 - Data from Network Shared Drive
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1591.004 - Identify Roles
  • T1027.018 - Invisible Unicode
MITREへのリンク →

CURIUM

Score: 13.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1087.004 - Cloud Account
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 19.54
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1530 - Data from Cloud Storage
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 5.85
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
  • T1591.004 - Identify Roles
MITREへのリンク →

Windshift

Score: 8.42
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

WIRTE

Score: 6.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

EXOTIC LILY

Score: 15.87
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 5.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 5.57
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 12.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1087.004 - Cloud Account
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackTech

Score: 5.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gorgon Group

Score: 3.63
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1591.004 - Identify Roles
MITREへのリンク →

Naikon

Score: 4.32
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1506 - Web Session Cookie
  • T1134 - Access Token Manipulation
MITREへのリンク →

SideCopy

Score: 14.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
  • T1506 - Web Session Cookie
MITREへのリンク →

Machete

Score: 7.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 4.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 12.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1039 - Data from Network Shared Drive
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT37

Score: 11.82
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1218.010 - Regsvr32
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

IndigoZebra

Score: 4.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

DarkHydrus

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
MITREへのリンク →

The White Company

Score: 4.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
MITREへのリンク →

PLATINUM

Score: 4.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1039 - Data from Network Shared Drive
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

PROMETHIUM

Score: 5.61
Matched TTPs:
  • T1530 - Data from Cloud Storage
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Velvet Ant

Score: 12.72
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

BlackByte

Score: 34.85
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.003 - Cloud Accounts
  • T1009 - Binary Padding
  • T1593.003 - Code Repositories
  • T1606.001 - Web Cookies
  • T1134.001 - Token Impersonation/Theft
  • T1087.004 - Cloud Account
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT42

Score: 16.61
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 33.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1593.003 - Code Repositories
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
  • T1591.004 - Identify Roles
  • T1598 - Phishing for Information
  • T1134 - Access Token Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 8.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
  • T1591.004 - Identify Roles
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

RedEcho

Score: 6.66
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

SilverTerrier

Score: 9.43
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Stealth Falcon

Score: 6.37
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1087.004 - Cloud Account
MITREへのリンク →

LAPSUS$

Score: 30.46
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1218.008 - Odbcconf
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1157 - Dylib Hijacking
  • T1039 - Data from Network Shared Drive
  • T1592.003 - Firmware
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN5

Score: 10.58
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Deep Panda

Score: 7.57
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
  • T1134 - Access Token Manipulation
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

POLONIUM

Score: 3.44
Matched TTPs:
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
MITREへのリンク →

DarkVishnya

Score: 9.46
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1087.004 - Cloud Account
  • T1091 - Replication Through Removable Media
  • T1213.006 - Databases
  • T1506 - Web Session Cookie
  • T1606.002 - SAML Tokens
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1546.011 - Application Shimming
  • T1041 - Exfiltration Over C2 Channel
  • T1027.018 - Invisible Unicode
  • T1140 - Deobfuscate/Decode Files or Information
  • T1092 - Communication Through Removable Media
  • T1131 - Authentication Package
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1003.007 - Proc Filesystem
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
  • T1609 - Container Administration Command
  • T1546.013 - PowerShell Profile
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1027.004 - Compile After Delivery
  • T1608.005 - Link Target
  • T1565.002 - Transmitted Data Manipulation
  • T1668 - Exclusive Control
  • T1566.002 - Spearphishing Link
  • T1003.003 - NTDS
  • T1598.003 - Spearphishing Link
  • T1591.004 - Identify Roles
  • T1552.003 - Shell History
  • T1560.001 - Archive via Utility
  • T1665 - Hide Infrastructure
MITREへのリンク →

Scattered Spider

Score: 0.55
Matched TTPs:
  • T1556.008 - Network Provider DLL
  • T1087.004 - Cloud Account
  • T1027.002 - Software Packing
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1564.003 - Hidden Window
  • T1027 - Obfuscated Files or Information
  • T1597 - Search Closed Sources
  • T1583.001 - Domains
  • T1051 - Shared Webroot
  • T1197 - BITS Jobs
  • T1039 - Data from Network Shared Drive
  • T1210 - Exploitation of Remote Services
  • T1098.007 - Additional Local or Domain Groups
  • T1498 - Network Denial of Service
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1019 - System Firmware
  • T1565.002 - Transmitted Data Manipulation
  • T1566.002 - Spearphishing Link
  • T1134 - Access Token Manipulation
  • T1157 - Dylib Hijacking
  • T1552.003 - Shell History
  • T1666 - Modify Cloud Resource Hierarchy
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る