Trusted Design

AMOS Stealer delivered via Cursor AI agent session

概要

On April 23, 2026, Field Effect MDR identified AMOS Stealer malware delivered through a novel technique exploiting Cursor AI agent sessions running Claude Code. The attack employed social engineering to manipulate operators into prompting the AI agent to download and execute malicious AppleScript loaders. The heavily obfuscated scripts performed sandbox evasion checks, collected sensitive data including credentials, SSH keys, browser data, and cryptocurrency wallets, then exfiltrated compressed archives to remote servers within two minutes. The malware prompted users for local account credentials through fake macOS system dialogs, subsequently using elevated permissions to install persistent implants masquerading as legitimate system services. This delivery mechanism makes detection challenging as malicious commands blend with typical agentic coding behavior, representing an evolution in AMOS Stealer tactics beyond traditional SEO poisoning methods.

Created: 2026-04-28

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 52.55
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 90.96
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1596.003 - Digital Certificates
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1132.002 - Non-Standard Encoding
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sea Turtle

Score: 32.87
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1685 - Disable or Modify Tools
  • T1137.004 - Outlook Home Page
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Magic Hound

Score: 59.26
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1021.008 - Direct Cloud VM Connections
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT39

Score: 19.58
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT38

Score: 38.79
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1590 - Gather Victim Network Information
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1174 - Password Filter DLL
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volt Typhoon

Score: 47.95
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1556.002 - Password Filter DLL
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1584.002 - DNS Server
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

Ajax Security Team

Score: 7.39
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 51.00
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1222.002 - Linux and Mac Permissions
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1175 - Component Object Model and Distributed COM
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 10.67
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

menuPass

Score: 32.73
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

APT5

Score: 14.04
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Tonto Team

Score: 10.64
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 38.75
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Lazarus Group

Score: 60.94
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1210 - Exploitation of Remote Services
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Group5

Score: 3.53
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
MITREへのリンク →

PLATINUM

Score: 9.22
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN4

Score: 13.86
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1666 - Modify Cloud Resource Hierarchy
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 55.95
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1109 - Component Firmware
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1075 - Pass the Hash
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 36.94
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1574.014 - AppDomainManager
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 27.58
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1109 - Component Firmware
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1030 - Data Transfer Size Limits
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

HEXANE

Score: 35.89
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1070.006 - Timestomp
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1097 - Pass the Ticket
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT32

Score: 53.98
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1684 - Social Engineering
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1592.004 - Client Configurations
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 16.13
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 25.06
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1134.001 - Token Impersonation/Theft
  • T1209 - Time Providers
MITREへのリンク →

Ke3chang

Score: 22.65
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1198 - SIP and Trust Provider Hijacking
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 54.54
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1048 - Exfiltration Over Alternative Protocol
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1002 - Data Compressed
  • T1574.009 - Path Interception by Unquoted Path
  • T1030 - Data Transfer Size Limits
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

APT29

Score: 68.61
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1592.004 - Client Configurations
  • T1036.004 - Masquerade Task or Service
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.009 - Regsvcs/Regasm
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1555.004 - Windows Credential Manager
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Contagious Interview

Score: 57.48
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 69.92
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1109 - Component Firmware
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1609 - Container Administration Command
  • T1083 - File and Directory Discovery
  • T1556.008 - Network Provider DLL
  • T1210 - Exploitation of Remote Services
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1022 - Data Encrypted
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Inception

Score: 9.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Dark Caracal

Score: 9.32
Matched TTPs:
  • T1491.002 - External Defacement
  • T1048 - Exfiltration Over Alternative Protocol
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 5.59
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 7.11
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 6.86
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

Leviathan

Score: 30.77
Matched TTPs:
  • T1491.002 - External Defacement
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1027.014 - Polymorphic Code
  • T1488 - Disk Content Wipe
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 17.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 14.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 9.70
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 9.58
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1683 - Generate Content
MITREへのリンク →

TA505

Score: 24.81
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 8.74
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT19

Score: 10.31
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 20.55
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

TA2541

Score: 18.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 4.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Storm-1811

Score: 20.66
Matched TTPs:
  • T1491.002 - External Defacement
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 12.00
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1027.014 - Polymorphic Code
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 23.73
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1683 - Generate Content
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mofang

Score: 3.83
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 8.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 25.15
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1022 - Data Encrypted
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

Moonstone Sleet

Score: 28.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 43.73
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1176 - Software Extensions
  • T1684 - Social Engineering
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN6

Score: 19.66
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1547.008 - LSASS Driver
MITREへのリンク →

MoustachedBouncer

Score: 4.31
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1045 - Software Packing
MITREへのリンク →

MuddyWater

Score: 34.54
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 30.21
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA577

Score: 3.33
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 20.58
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 18.72
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1547.011 - Plist Modification
  • T1048 - Exfiltration Over Alternative Protocol
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
MITREへのリンク →

LazyScripter

Score: 16.10
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 41.20
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Cobalt Group

Score: 24.64
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Indrik Spider

Score: 13.46
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Molerats

Score: 6.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 15.50
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

TA578

Score: 5.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 9.30
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 25.53
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1109 - Component Firmware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

LuminousMoth

Score: 18.78
Matched TTPs:
  • T1109 - Component Firmware
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1574.009 - Path Interception by Unquoted Path
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lotus Blossom

Score: 16.14
Matched TTPs:
  • T1109 - Component Firmware
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Gamaredon Group

Score: 48.30
Matched TTPs:
  • T1099 - Timestomp
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1684 - Social Engineering
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HAFNIUM

Score: 22.12
Matched TTPs:
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
  • T1134 - Access Token Manipulation
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN8

Score: 12.15
Matched TTPs:
  • T1099 - Timestomp
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 9.64
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 11.93
Matched TTPs:
  • T1584.008 - Network Devices
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 16.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1174 - Password Filter DLL
  • T1134 - Access Token Manipulation
MITREへのリンク →

Dragonfly

Score: 41.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1573 - Encrypted Channel
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 13.88
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Wizard Spider

Score: 28.57
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 21.54
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1175 - Component Object Model and Distributed COM
  • T1059.001 - PowerShell
  • T1097 - Pass the Ticket
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Axiom

Score: 18.85
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1175 - Component Object Model and Distributed COM
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

RedCurl

Score: 21.53
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1574.010 - Services File Permissions Weakness
  • T1027.004 - Compile After Delivery
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 11.17
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 24.08
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1132.002 - Non-Standard Encoding
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
  • T1665 - Hide Infrastructure
MITREへのリンク →

UNC3886

Score: 23.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1488 - Disk Content Wipe
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Salt Typhoon

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
MITREへのリンク →

Play

Score: 17.77
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 7.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Storm-0501

Score: 20.68
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1097 - Pass the Ticket
  • T1027 - Obfuscated Files or Information
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Silent Librarian

Score: 18.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

ZIRCONIUM

Score: 18.84
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

CURIUM

Score: 17.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1175 - Component Object Model and Distributed COM
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 13.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

admin@338

Score: 4.08
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Windshift

Score: 8.71
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 18.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1591.001 - Determine Physical Locations
MITREへのリンク →

WIRTE

Score: 6.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1027.014 - Polymorphic Code
MITREへのリンク →

EXOTIC LILY

Score: 14.38
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 10.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
  • T1601.001 - Patch System Image
MITREへのリンク →

RTM

Score: 5.57
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Confucius

Score: 9.42
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackTech

Score: 5.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Naikon

Score: 5.65
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

SideCopy

Score: 14.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Machete

Score: 6.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 4.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 9.49
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1684 - Social Engineering
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

IndigoZebra

Score: 4.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

DarkHydrus

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
MITREへのリンク →

APT-C-36

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

BlackByte

Score: 29.08
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Rocke

Score: 21.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
  • T1027.004 - Compile After Delivery
  • T1022 - Data Encrypted
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

BackdoorDiplomacy

Score: 4.97
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1209 - Time Providers
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 28.98
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1209 - Time Providers
MITREへのリンク →

Cinnamon Tempest

Score: 7.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
MITREへのリンク →

ToddyCat

Score: 12.44
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1134 - Access Token Manipulation
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 14.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1209 - Time Providers
MITREへのリンク →

Akira

Score: 11.64
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Velvet Ant

Score: 13.40
Matched TTPs:
  • T1684 - Social Engineering
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1490 - Inhibit System Recovery
MITREへのリンク →

LAPSUS$

Score: 33.47
Matched TTPs:
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1175 - Component Object Model and Distributed COM
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1157 - Dylib Hijacking
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

Carbanak

Score: 3.77
Matched TTPs:
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

SilverTerrier

Score: 6.91
Matched TTPs:
  • T1131 - Authentication Package
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Stealth Falcon

Score: 3.52
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
MITREへのリンク →

FIN5

Score: 8.24
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1097 - Pass the Ticket
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Deep Panda

Score: 7.57
Matched TTPs:
  • T1177 - LSASS Driver
  • T1027.014 - Polymorphic Code
  • T1134 - Access Token Manipulation
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 5.78
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
MITREへのリンク →

DarkVishnya

Score: 6.69
Matched TTPs:
  • T1097 - Pass the Ticket
  • T1562.001 - Disable or Modify Tools
  • T1209 - Time Providers
MITREへのリンク →

Aquatic Panda

Score: 3.66
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
MITREへのリンク →

FIN10

Score: 4.09
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1490 - Inhibit System Recovery
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Equation

Score: 8.26
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1132.002 - Non-Standard Encoding
  • T1213.006 - Databases
  • T1009 - Binary Padding
  • T1218.012 - Verclsid
  • T1041 - Exfiltration Over C2 Channel
  • T1665 - Hide Infrastructure
  • T1131 - Authentication Package
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1027.014 - Polymorphic Code
  • T1565.002 - Transmitted Data Manipulation
  • T1030 - Data Transfer Size Limits
  • T1590.006 - Network Security Appliances
  • T1546.013 - PowerShell Profile
  • T1027.018 - Invisible Unicode
  • T1690 - Prevent Command History Logging
  • T1606.002 - SAML Tokens
  • T1601.001 - Patch System Image
  • T1596.003 - Digital Certificates
  • T1037 - Boot or Logon Initialization Scripts
  • T1109 - Component Firmware
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1140 - Deobfuscate/Decode Files or Information
  • T1684 - Social Engineering
  • T1490 - Inhibit System Recovery
  • T1183 - Image File Execution Options Injection
  • T1197 - BITS Jobs
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.004 - Compile After Delivery
  • T1598.003 - Spearphishing Link
  • T1055.014 - VDSO Hijacking
  • T1098.007 - Additional Local or Domain Groups
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る