Pulse Detail-

HAFNIUM

Score: 38.45

Matched TTPs:

T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1027.008 - Stripped Payloads
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1059 - Command and Scripting Interpreter
T1049 - System Network Connections Discovery
T1608.005 - Link Target
T1583.006 - Web Services
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

menuPass

Score: 48.21

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1491.002 - External Defacement
T1584.008 - Network Devices
T1116 - Code Signing
T1218.013 - Mavinject
T1178 - SID-History Injection
T1087.002 - Domain Account
T1165 - Startup Items
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1547.011 - Plist Modification
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1174 - Password Filter DLL
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation

MITREへのリンク →

Wizard Spider

Score: 70.33

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1584.008 - Network Devices
T1116 - Code Signing
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1684 - Social Engineering
T1038 - DLL Search Order Hijacking
T1032 - Standard Cryptographic Protocol
T1589 - Gather Victim Identity Information
T1059.009 - Cloud API
T1155 - AppleScript
T1583.004 - Server
T1546.005 - Trap
T1588.001 - Malware
T1087.004 - Cloud Account
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1566.004 - Spearphishing Voice
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link
T1556 - Modify Authentication Process

MITREへのリンク →

APT33

Score: 21.20

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1178 - SID-History Injection
T1087.002 - Domain Account
T1583.005 - Botnet
T1546.005 - Trap
T1204 - User Execution
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1556 - Modify Authentication Process

MITREへのリンク →

Fox Kitten

Score: 44.56

Matched TTPs:

T1560.001 - Archive via Utility
T1491.002 - External Defacement
T1218.013 - Mavinject
T1165 - Startup Items
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1583.004 - Server
T1546.005 - Trap
T1177 - LSASS Driver
T1055.013 - Process Doppelgänging
T1588.001 - Malware
T1612 - Build Image on Host
T1059.001 - PowerShell
T1542.004 - ROMMONkit
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation

MITREへのリンク →

Volt Typhoon

Score: 75.08

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1685.001 - Disable or Modify Windows Event Log
T1116 - Code Signing
T1218.013 - Mavinject
T1562.009 - Safe Mode Boot
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1567 - Exfiltration Over Web Service
T1070.008 - Clear Mailbox Data
T1070.006 - Timestomp
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1535 - Unused/Unsupported Cloud Regions
T1546.005 - Trap
T1049 - System Network Connections Discovery
T1583.006 - Web Services
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1546.016 - Installer Packages
T1134 - Access Token Manipulation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

APT1

Score: 15.60

Matched TTPs:

T1560.001 - Archive via Utility
T1218.013 - Mavinject
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1136.002 - Domain Account
T1583.006 - Web Services
T1199 - Trusted Relationship
T1591.004 - Identify Roles
T1622 - Debugger Evasion

MITREへのリンク →

Mustang Panda

Score: 97.31

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1116 - Code Signing
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1567.004 - Exfiltration Over Webhook
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1136.001 - Local Account
T1092 - Communication Through Removable Media
T1055.013 - Process Doppelgänging
T1562.006 - Indicator Blocking
T1677 - Poisoned Pipeline Execution
T1612 - Build Image on Host
T1569.001 - Launchctl
T1608 - Stage Capabilities
T1608.005 - Link Target
T1583.006 - Web Services
T1204 - User Execution
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1087.004 - Cloud Account
T1169 - Sudo
T1199 - Trusted Relationship
T1059.011 - Lua
T1218.010 - Regsvr32
T1591.004 - Identify Roles
T1565.002 - Transmitted Data Manipulation
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1548.006 - TCC Manipulation
T1556 - Modify Authentication Process

MITREへのリンク →

Play

Score: 29.15

Matched TTPs:

T1560.001 - Archive via Utility
T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1546.005 - Trap
T1583.006 - Web Services
T1142 - Keychain
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

Chimera

Score: 58.91

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1116 - Code Signing
T1218.013 - Mavinject
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1590.003 - Network Trust Dependencies
T1567.004 - Exfiltration Over Webhook
T1032 - Standard Cryptographic Protocol
T1155 - AppleScript
T1583.006 - Web Services
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1592.003 - Firmware
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1059.003 - Windows Command Shell
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution
T1578.001 - Create Snapshot

MITREへのリンク →

Gallmaker

Score: 4.67

Matched TTPs:

T1560.001 - Archive via Utility
T1087.002 - Domain Account
T1059.011 - Lua

MITREへのリンク →

Sea Turtle

Score: 14.65

Matched TTPs:

T1560.001 - Archive via Utility
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1556.005 - Reversible Encryption
T1490 - Inhibit System Recovery

MITREへのリンク →

APT39

Score: 70.92

Matched TTPs:

T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1116 - Code Signing
T1218.013 - Mavinject
T1087.002 - Domain Account
T1165 - Startup Items
T1499.002 - Service Exhaustion Flood
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1050 - New Service
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1583.004 - Server
T1546.005 - Trap
T1547.011 - Plist Modification
T1055.013 - Process Doppelgänging
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1599 - Network Boundary Bridging
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1027.004 - Compile After Delivery
T1564.007 - VBA Stomping
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

RedCurl

Score: 34.46

Matched TTPs:

T1560.001 - Archive via Utility
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1558.005 - Ccache Files
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1612 - Build Image on Host
T1574.010 - Services File Permissions Weakness
T1542.004 - ROMMONkit
T1059.011 - Lua
T1128 - Netsh Helper DLL
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption

MITREへのリンク →

APT5

Score: 38.99

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1116 - Code Signing
T1218.013 - Mavinject
T1165 - Startup Items
T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1567.004 - Exfiltration Over Webhook
T1555.003 - Credentials from Web Browsers
T1583.004 - Server
T1546.005 - Trap
T1677 - Poisoned Pipeline Execution
T1583.006 - Web Services
T1546.003 - Windows Management Instrumentation Event Subscription
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1622 - Debugger Evasion

MITREへのリンク →

Agrius

Score: 28.08

Matched TTPs:

T1560.001 - Archive via Utility
T1584.008 - Network Devices
T1116 - Code Signing
T1176.001 - Browser Extensions
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1087.004 - Cloud Account
T1597 - Search Closed Sources
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1134 - Access Token Manipulation
T1622 - Debugger Evasion

MITREへのリンク →

GALLIUM

Score: 35.78

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1584.008 - Network Devices
T1116 - Code Signing
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1547.011 - Plist Modification
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1059.011 - Lua
T1174 - Password Filter DLL
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1537 - Transfer Data to Cloud Account
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT41

Score: 75.71

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1499.001 - OS Exhaustion Flood
T1584.008 - Network Devices
T1218.013 - Mavinject
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1583.004 - Server
T1546.005 - Trap
T1177 - LSASS Driver
T1588.001 - Malware
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1059.011 - Lua
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution
T1037.001 - Logon Script (Windows)
T1055.015 - ListPlanting
T1008 - Fallback Channels

MITREへのリンク →

MuddyWater

Score: 65.33

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1116 - Code Signing
T1218.013 - Mavinject
T1178 - SID-History Injection
T1087.002 - Domain Account
T1547.012 - Print Processors
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1518.002 - Backup Software Discovery
T1546.005 - Trap
T1547.011 - Plist Modification
T1608.005 - Link Target
T1583.006 - Web Services
T1087.004 - Cloud Account
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1556.005 - Reversible Encryption
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT28

Score: 92.81

Matched TTPs:

T1560.001 - Archive via Utility
T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1499.001 - OS Exhaustion Flood
T1685.001 - Disable or Modify Windows Event Log
T1552.005 - Cloud Instance Metadata API
T1116 - Code Signing
T1218.013 - Mavinject
T1087.002 - Domain Account
T1583.005 - Botnet
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1567.004 - Exfiltration Over Webhook
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1547.011 - Plist Modification
T1608.005 - Link Target
T1583.006 - Web Services
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1548.004 - Elevated Execution with Prompt
T1592.003 - Firmware
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1588.003 - Code Signing Certificates
T1548.006 - TCC Manipulation
T1055.008 - Ptrace System Calls
T1564.004 - NTFS File Attributes
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 88.87

Matched TTPs:

T1560.001 - Archive via Utility
T1113 - Screen Capture
T1056.001 - Keylogging
T1014 - Rootkit
T1552.005 - Cloud Instance Metadata API
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1557.001 - Name Resolution Poisoning and SMB Relay
T1136.002 - Domain Account
T1612 - Build Image on Host
T1608.005 - Link Target
T1583.006 - Web Services
T1204 - User Execution
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1218.001 - Compiled HTML File
T1547.002 - Authentication Package
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot
T1569.002 - Service Execution
T1490 - Inhibit System Recovery

MITREへのリンク →

Sowbug

Score: 10.52

Matched TTPs:

T1560.001 - Archive via Utility
T1597.002 - Purchase Technical Data
T1218.013 - Mavinject
T1120 - Peripheral Device Discovery
T1542.004 - ROMMONkit
T1591.004 - Identify Roles

MITREへのリンク →

BRONZE BUTLER

Score: 47.07

Matched TTPs:

T1560.001 - Archive via Utility
T1218.013 - Mavinject
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1546.005 - Trap
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1542.004 - ROMMONkit
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot
T1591.001 - Determine Physical Locations
T1008 - Fallback Channels

MITREへのリンク →

UNC3886

Score: 63.32

Matched TTPs:

T1560.001 - Archive via Utility
T1499.001 - OS Exhaustion Flood
T1116 - Code Signing
T1606.002 - SAML Tokens
T1165 - Startup Items
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1567.004 - Exfiltration Over Webhook
T1021.006 - Windows Remote Management
T1546.005 - Trap
T1585.002 - Email Accounts
T1136.002 - Domain Account
T1588.001 - Malware
T1583.006 - Web Services
T1546.003 - Windows Management Instrumentation Event Subscription
T1606 - Forge Web Credentials
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1219.002 - Remote Desktop Software
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

Kimsuky

Score: 93.11

Matched TTPs:

T1560.001 - Archive via Utility
T1116 - Code Signing
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1003.007 - Proc Filesystem
T1583.005 - Botnet
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1684 - Social Engineering
T1567.004 - Exfiltration Over Webhook
T1205 - Traffic Signaling
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1583.004 - Server
T1546.005 - Trap
T1092 - Communication Through Removable Media
T1588.001 - Malware
T1608 - Stage Capabilities
T1608.005 - Link Target
T1583.006 - Web Services
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1059.011 - Lua
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1565.002 - Transmitted Data Manipulation
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1126 - Network Share Connection Removal
T1008 - Fallback Channels
T1490 - Inhibit System Recovery

MITREへのリンク →

APT3

Score: 42.59

Matched TTPs:

T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1116 - Code Signing
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1032 - Standard Cryptographic Protocol
T1583.004 - Server
T1546.005 - Trap
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1583.006 - Web Services
T1087.004 - Cloud Account
T1059.011 - Lua
T1218.010 - Regsvr32
T1591.004 - Identify Roles
T1578.002 - Create Cloud Instance
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

FIN8

Score: 39.42

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1546.005 - Trap
T1027.017 - SVG Smuggling
T1612 - Build Image on Host
T1204 - User Execution
T1199 - Trusted Relationship
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1556 - Modify Authentication Process

MITREへのリンク →

Ke3chang

Score: 51.01

Matched TTPs:

T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1584.008 - Network Devices
T1218.013 - Mavinject
T1178 - SID-History Injection
T1606.002 - SAML Tokens
T1176.001 - Browser Extensions
T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1583.006 - Web Services
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1059.011 - Lua
T1102.002 - Bidirectional Communication
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Lotus Blossom

Score: 16.36

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1116 - Code Signing
T1176.001 - Browser Extensions
T1059.009 - Cloud API
T1199 - Trusted Relationship
T1570 - Lateral Tool Transfer
T1134 - Access Token Manipulation
T1569.002 - Service Execution

MITREへのリンク →

FIN13

Score: 51.16

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1584.008 - Network Devices
T1116 - Code Signing
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1165 - Startup Items
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1155 - AppleScript
T1583.004 - Server
T1546.005 - Trap
T1588.001 - Malware
T1199 - Trusted Relationship
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1686.001 - Cloud Firewall
T1569.002 - Service Execution

MITREへのリンク →

Earth Lusca

Score: 48.14

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1218.013 - Mavinject
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1546.005 - Trap
T1136.002 - Domain Account
T1608.005 - Link Target
T1583.006 - Web Services
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1218.001 - Compiled HTML File
T1059.011 - Lua
T1562.011 - Spoof Security Alerting
T1027.004 - Compile After Delivery
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1134 - Access Token Manipulation

MITREへのリンク →

Magic Hound

Score: 68.58

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1491.002 - External Defacement
T1218.013 - Mavinject
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1036.009 - Break Process Trees
T1584.003 - Virtual Private Server
T1070.003 - Clear Command History
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1583.004 - Server
T1546.005 - Trap
T1588.001 - Malware
T1608.005 - Link Target
T1583.006 - Web Services
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1683 - Generate Content
T1187 - Forced Authentication
T1592.003 - Firmware
T1547.002 - Authentication Package
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1578.002 - Create Cloud Instance
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1547.008 - LSASS Driver

MITREへのリンク →

Aquatic Panda

Score: 41.72

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1218.013 - Mavinject
T1176.001 - Browser Extensions
T1165 - Startup Items
T1089 - Disabling Security Tools
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1032 - Standard Cryptographic Protocol
T1589 - Gather Victim Identity Information
T1059.009 - Cloud API
T1546.005 - Trap
T1136.002 - Domain Account
T1588.001 - Malware
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

INC Ransom

Score: 23.81

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1218.013 - Mavinject
T1036.009 - Break Process Trees
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Akira

Score: 14.44

Matched TTPs:

T1560.001 - Archive via Utility
T1218.013 - Mavinject
T1586.002 - Email Accounts
T1597 - Search Closed Sources
T1601 - Modify System Image
T1134 - Access Token Manipulation
T1622 - Debugger Evasion

MITREへのリンク →

ToddyCat

Score: 19.85

Matched TTPs:

T1560.001 - Archive via Utility
T1047 - Windows Management Instrumentation
T1218.013 - Mavinject
T1590.003 - Network Trust Dependencies
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1583.006 - Web Services
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1134 - Access Token Manipulation
T1547.008 - LSASS Driver

MITREへのリンク →

Cinnamon Tempest

Score: 15.11

Matched TTPs:

T1047 - Windows Management Instrumentation
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1199 - Trusted Relationship
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Medusa Group

Score: 74.11

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1176.001 - Browser Extensions
T1547.012 - Print Processors
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1218.003 - CMSTP
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1608.005 - Link Target
T1583.006 - Web Services
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1566.004 - Spearphishing Voice
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1598 - Phishing for Information
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link
T1216 - System Script Proxy Execution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Gamaredon Group

Score: 79.62

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1552.005 - Cloud Instance Metadata API
T1218.013 - Mavinject
T1087.002 - Domain Account
T1562.009 - Safe Mode Boot
T1547.012 - Print Processors
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1205 - Traffic Signaling
T1059.009 - Cloud API
T1092 - Communication Through Removable Media
T1612 - Build Image on Host
T1608 - Stage Capabilities
T1608.005 - Link Target
T1583.006 - Web Services
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1061 - Graphical User Interface
T1542.004 - ROMMONkit
T1059.011 - Lua
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1546.017 - Udev Rules

MITREへのリンク →

APT32

Score: 82.39

Matched TTPs:

T1047 - Windows Management Instrumentation
T1113 - Screen Capture
T1557 - Adversary-in-the-Middle
T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1218.013 - Mavinject
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1684 - Social Engineering
T1567.004 - Exfiltration Over Webhook
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1092 - Communication Through Removable Media
T1055.013 - Process Doppelgänging
T1588.001 - Malware
T1612 - Build Image on Host
T1608.005 - Link Target
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1174 - Password Filter DLL
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process
T1490 - Inhibit System Recovery

MITREへのリンク →

Leviathan

Score: 49.86

Matched TTPs:

T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1491.002 - External Defacement
T1685.001 - Disable or Modify Windows Event Log
T1116 - Code Signing
T1087.002 - Domain Account
T1165 - Startup Items
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1050 - New Service
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1204 - User Execution
T1087.004 - Cloud Account
T1027.014 - Polymorphic Code
T1592.003 - Firmware
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1546.017 - Udev Rules

MITREへのリンク →

Velvet Ant

Score: 38.03

Matched TTPs:

T1047 - Windows Management Instrumentation
T1218.013 - Mavinject
T1089 - Disabling Security Tools
T1583.005 - Botnet
T1036.009 - Break Process Trees
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1566.004 - Spearphishing Voice
T1219.002 - Remote Desktop Software
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution
T1490 - Inhibit System Recovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 70.51

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1165 - Startup Items
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1205 - Traffic Signaling
T1011.001 - Exfiltration Over Bluetooth
T1092 - Communication Through Removable Media
T1055.013 - Process Doppelgänging
T1588.001 - Malware
T1608.005 - Link Target
T1583.006 - Web Services
T1564.002 - Hidden Users
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1055.015 - ListPlanting
T1578.001 - Create Snapshot
T1490 - Inhibit System Recovery

MITREへのリンク →

Blue Mockingbird

Score: 25.55

Matched TTPs:

T1047 - Windows Management Instrumentation
T1491.002 - External Defacement
T1218.013 - Mavinject
T1176.001 - Browser Extensions
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1546.005 - Trap
T1204 - User Execution
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1591.004 - Identify Roles
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Naikon

Score: 10.74

Matched TTPs:

T1047 - Windows Management Instrumentation
T1218.013 - Mavinject
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1588.001 - Malware
T1506 - Web Session Cookie
T1134 - Access Token Manipulation

MITREへのリンク →

Lazarus Group

Score: 118.14

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1132.001 - Standard Encoding
T1491.002 - External Defacement
T1116 - Code Signing
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1165 - Startup Items
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1558.005 - Ccache Files
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1070.008 - Clear Mailbox Data
T1567.004 - Exfiltration Over Webhook
T1205 - Traffic Signaling
T1050 - New Service
T1070.006 - Timestomp
T1032 - Standard Cryptographic Protocol
T1557.001 - Name Resolution Poisoning and SMB Relay
T1547.011 - Plist Modification
T1677 - Poisoned Pipeline Execution
T1588.001 - Malware
T1608.005 - Link Target
T1583.006 - Web Services
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1069.001 - Local Groups
T1597 - Search Closed Sources
T1174 - Password Filter DLL
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion
T1055.015 - ListPlanting
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1569.002 - Service Execution
T1556 - Modify Authentication Process
T1216 - System Script Proxy Execution

MITREへのリンク →

Sandworm Team

Score: 78.57

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1583.005 - Botnet
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1049 - System Network Connections Discovery
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1059.011 - Lua
T1187 - Forced Authentication
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1075 - Pass the Hash
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1548.006 - TCC Manipulation
T1204.001 - Malicious Link

MITREへのリンク →

Indrik Spider

Score: 33.67

Matched TTPs:

T1047 - Windows Management Instrumentation
T1116 - Code Signing
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1165 - Startup Items
T1003.007 - Proc Filesystem
T1059.009 - Cloud API
T1583.004 - Server
T1546.005 - Trap
T1597 - Search Closed Sources
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1498 - Network Denial of Service
T1546.016 - Installer Packages
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

TA2541

Score: 28.44

Matched TTPs:

T1047 - Windows Management Instrumentation
T1491.002 - External Defacement
T1218.013 - Mavinject
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1091 - Replication Through Removable Media
T1684 - Social Engineering
T1136.002 - Domain Account
T1608.005 - Link Target
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1537 - Transfer Data to Cloud Account
T1547.013 - XDG Autostart Entries
T1546.017 - Udev Rules

MITREへのリンク →

Stealth Falcon

Score: 15.02

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1055.013 - Process Doppelgänging
T1583.006 - Web Services
T1087.004 - Cloud Account
T1570 - Lateral Tool Transfer
T1556.005 - Reversible Encryption

MITREへのリンク →

APT29

Score: 59.92

Matched TTPs:

T1047 - Windows Management Instrumentation
T1584.008 - Network Devices
T1218.013 - Mavinject
T1178 - SID-History Injection
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1567.004 - Exfiltration Over Webhook
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1177 - LSASS Driver
T1608.005 - Link Target
T1204 - User Execution
T1199 - Trusted Relationship
T1683 - Generate Content
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1027.004 - Compile After Delivery
T1070.009 - Clear Persistence
T1555.004 - Windows Credential Manager
T1219.002 - Remote Desktop Software
T1537 - Transfer Data to Cloud Account
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver
T1490 - Inhibit System Recovery

MITREへのリンク →

OilRig

Score: 74.47

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1491.002 - External Defacement
T1552.005 - Cloud Instance Metadata API
T1218.013 - Mavinject
T1178 - SID-History Injection
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1562.009 - Safe Mode Boot
T1165 - Startup Items
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1583.006 - Web Services
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1055.015 - ListPlanting
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Windshift

Score: 21.99

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1558 - Steal or Forge Kerberos Tickets
T1583.006 - Web Services
T1059.011 - Lua
T1506 - Web Session Cookie
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

FIN6

Score: 35.00

Matched TTPs:

T1047 - Windows Management Instrumentation
T1087.002 - Domain Account
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1588.001 - Malware
T1612 - Build Image on Host
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1128 - Netsh Helper DLL
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1134 - Access Token Manipulation
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Deep Panda

Score: 14.33

Matched TTPs:

T1047 - Windows Management Instrumentation
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1177 - LSASS Driver
T1583.006 - Web Services
T1027.014 - Polymorphic Code
T1134 - Access Token Manipulation

MITREへのリンク →

Threat Group-3390

Score: 62.49

Matched TTPs:

T1047 - Windows Management Instrumentation
T1557 - Adversary-in-the-Middle
T1491.002 - External Defacement
T1584.008 - Network Devices
T1116 - Code Signing
T1178 - SID-History Injection
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1155 - AppleScript
T1546.005 - Trap
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1570 - Lateral Tool Transfer
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1591.001 - Determine Physical Locations
T1546.017 - Udev Rules

MITREへのリンク →

APT42

Score: 28.90

Matched TTPs:

T1047 - Windows Management Instrumentation
T1218.013 - Mavinject
T1110.002 - Password Cracking
T1120 - Peripheral Device Discovery
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1677 - Poisoned Pipeline Execution
T1612 - Build Image on Host
T1199 - Trusted Relationship
T1599 - Network Boundary Bridging
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1556.005 - Reversible Encryption

MITREへのリンク →

Ember Bear

Score: 42.21

Matched TTPs:

T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1584.008 - Network Devices
T1218.013 - Mavinject
T1178 - SID-History Injection
T1584.003 - Virtual Private Server
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1589 - Gather Victim Identity Information
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1546.005 - Trap
T1136.002 - Domain Account
T1059.001 - PowerShell
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1070.009 - Clear Persistence
T1134 - Access Token Manipulation

MITREへのリンク →

BlackByte

Score: 53.93

Matched TTPs:

T1047 - Windows Management Instrumentation
T1597.002 - Purchase Technical Data
T1176.001 - Browser Extensions
T1120 - Peripheral Device Discovery
T1059.010 - AutoHotKey & AutoIT
T1070.003 - Clear Command History
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1684 - Social Engineering
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1087.004 - Cloud Account
T1597 - Search Closed Sources
T1566.004 - Spearphishing Voice
T1102.002 - Bidirectional Communication
T1570 - Lateral Tool Transfer
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1204.001 - Malicious Link

MITREへのリンク →

APT38

Score: 58.88

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1675 - ESXi Administration Command
T1120 - Peripheral Device Discovery
T1685.002 - Disable or Modify Cloud Log
T1590.003 - Network Trust Dependencies
T1584.003 - Virtual Private Server
T1059.010 - AutoHotKey & AutoIT
T1684 - Social Engineering
T1567.004 - Exfiltration Over Webhook
T1503 - Credentials from Web Browsers
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1583.006 - Web Services
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1597 - Search Closed Sources
T1174 - Password Filter DLL
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution

MITREへのリンク →

Moonstone Sleet

Score: 32.05

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1132.001 - Standard Encoding
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1546.005 - Trap
T1059.011 - Lua
T1573 - Encrypted Channel
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1126 - Network Share Connection Removal
T1027.007 - Dynamic API Resolution
T1547.008 - LSASS Driver

MITREへのリンク →

Winter Vivern

Score: 27.25

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1120 - Peripheral Device Discovery
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1548 - Abuse Elevation Control Mechanism
T1055.013 - Process Doppelgänging
T1588.001 - Malware
T1087.004 - Cloud Account
T1218.001 - Compiled HTML File
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT19

Score: 22.98

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1491.002 - External Defacement
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1059.010 - AutoHotKey & AutoIT
T1059.009 - Cloud API
T1055.013 - Process Doppelgänging
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

FIN10

Score: 11.30

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1199 - Trusted Relationship
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1622 - Debugger Evasion
T1490 - Inhibit System Recovery

MITREへのリンク →

APT37

Score: 33.47

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1584.003 - Virtual Private Server
T1684 - Social Engineering
T1055.013 - Process Doppelgänging
T1583.006 - Web Services
T1059.011 - Lua
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

Tropic Trooper

Score: 39.61

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1491.002 - External Defacement
T1218.013 - Mavinject
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1555.003 - Credentials from Web Browsers
T1583.006 - Web Services
T1683 - Generate Content
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1562.011 - Spoof Security Alerting
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1490 - Inhibit System Recovery

MITREへのリンク →

ZIRCONIUM

Score: 32.87

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1685.001 - Disable or Modify Windows Event Log
T1120 - Peripheral Device Discovery
T1685.002 - Disable or Modify Cloud Log
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware
T1608.005 - Link Target
T1087.004 - Cloud Account
T1547.002 - Authentication Package
T1570 - Lateral Tool Transfer
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1537 - Transfer Data to Cloud Account
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Patchwork

Score: 29.58

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1116 - Code Signing
T1218.013 - Mavinject
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1059.009 - Cloud API
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1008 - Fallback Channels

MITREへのリンク →

LuminousMoth

Score: 19.03

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1089 - Disabling Security Tools
T1584.003 - Virtual Private Server
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1136.002 - Domain Account
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

HEXANE

Score: 25.55

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1091 - Replication Through Removable Media
T1070.006 - Timestomp
T1583.006 - Web Services
T1204 - User Execution
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1134 - Access Token Manipulation
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

Dragonfly

Score: 50.51

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1584.008 - Network Devices
T1116 - Code Signing
T1178 - SID-History Injection
T1087.002 - Domain Account
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1059.009 - Cloud API
T1555.003 - Credentials from Web Browsers
T1583.004 - Server
T1055.013 - Process Doppelgänging
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1570 - Lateral Tool Transfer
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1578.002 - Create Cloud Instance
T1070.009 - Clear Persistence
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation

MITREへのリンク →

Storm-1811

Score: 38.92

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1491.002 - External Defacement
T1116 - Code Signing
T1218.013 - Mavinject
T1087.002 - Domain Account
T1165 - Startup Items
T1089 - Disabling Security Tools
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1032 - Standard Cryptographic Protocol
T1199 - Trusted Relationship
T1599 - Network Boundary Bridging
T1486 - Data Encrypted for Impact
T1566.004 - Spearphishing Voice
T1591.004 - Identify Roles
T1578.002 - Create Cloud Instance
T1565.002 - Transmitted Data Manipulation
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Sidewinder

Score: 24.00

Matched TTPs:

T1557 - Adversary-in-the-Middle
T1491.002 - External Defacement
T1116 - Code Signing
T1218.013 - Mavinject
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1583.006 - Web Services
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1601.001 - Patch System Image
T1556.005 - Reversible Encryption
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

TA577

Score: 4.80

Matched TTPs:

T1132.001 - Standard Encoding
T1591.004 - Identify Roles

MITREへのリンク →

Poseidon Group

Score: 7.77

Matched TTPs:

T1597.002 - Purchase Technical Data
T1218.013 - Mavinject
T1003.007 - Proc Filesystem
T1583.006 - Web Services

MITREへのリンク →

Tonto Team

Score: 16.98

Matched TTPs:

T1597.002 - Purchase Technical Data
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1555.003 - Credentials from Web Browsers
T1547.011 - Plist Modification
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1027.004 - Compile After Delivery
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Suckfly

Score: 3.55

Matched TTPs:

T1597.002 - Purchase Technical Data
T1591.004 - Identify Roles

MITREへのリンク →

Storm-0501

Score: 36.43

Matched TTPs:

T1597.002 - Purchase Technical Data
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1535 - Unused/Unsupported Cloud Regions
T1155 - AppleScript
T1588.001 - Malware
T1583.006 - Web Services
T1027.014 - Polymorphic Code
T1102.002 - Bidirectional Communication
T1506 - Web Session Cookie
T1090.004 - Domain Fronting
T1565.002 - Transmitted Data Manipulation
T1537 - Transfer Data to Cloud Account
T1204.001 - Malicious Link

MITREへのリンク →

Axiom

Score: 26.40

Matched TTPs:

T1597.002 - Purchase Technical Data
T1584.003 - Virtual Private Server
T1140 - Deobfuscate/Decode Files or Information
T1177 - LSASS Driver
T1049 - System Network Connections Discovery
T1114.002 - Remote Email Collection
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion
T1160 - Launch Daemon

MITREへのリンク →

Contagious Interview

Score: 48.27

Matched TTPs:

T1044 - File System Permissions Weakness
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1565.002 - Transmitted Data Manipulation
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1221 - Template Injection
T1126 - Network Share Connection Removal
T1547.008 - LSASS Driver
T1556 - Modify Authentication Process

MITREへのリンク →

Inception

Score: 18.10

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1612 - Build Image on Host
T1583.006 - Web Services
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1159 - Launch Agent

MITREへのリンク →

Dark Caracal

Score: 15.75

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1584.003 - Virtual Private Server
T1048 - Exfiltration Over Alternative Protocol
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1547.008 - LSASS Driver

MITREへのリンク →

Elderwood

Score: 8.47

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Darkhotel

Score: 24.86

Matched TTPs:

T1491.002 - External Defacement
T1218.013 - Mavinject
T1087.002 - Domain Account
T1562.009 - Safe Mode Boot
T1120 - Peripheral Device Discovery
T1059.010 - AutoHotKey & AutoIT
T1583.006 - Web Services
T1564.002 - Hidden Users
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Transparent Tribe

Score: 6.78

Matched TTPs:

T1491.002 - External Defacement
T1218.013 - Mavinject
T1087.002 - Domain Account
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT18

Score: 10.94

Matched TTPs:

T1491.002 - External Defacement
T1120 - Peripheral Device Discovery
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1591.001 - Determine Physical Locations

MITREへのリンク →

Saint Bear

Score: 16.84

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1055.013 - Process Doppelgänging
T1608.005 - Link Target
T1597 - Search Closed Sources
T1218.010 - Regsvr32
T1591.004 - Identify Roles
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

BITTER

Score: 14.38

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1588.001 - Malware
T1199 - Trusted Relationship
T1683 - Generate Content
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA505

Score: 25.27

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1685.002 - Disable or Modify Cloud Log
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.009 - Cloud API
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Higaisa

Score: 27.07

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1588.001 - Malware
T1583.006 - Web Services
T1087.004 - Cloud Account
T1218.010 - Regsvr32
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1578.001 - Create Snapshot
T1569.002 - Service Execution
T1546.017 - Udev Rules

MITREへのリンク →

Malteiro

Score: 10.68

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1059.010 - AutoHotKey & AutoIT
T1102.002 - Bidirectional Communication
T1506 - Web Session Cookie

MITREへのリンク →

Mofang

Score: 5.53

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1546.017 - Udev Rules

MITREへのリンク →

Whitefly

Score: 10.69

Matched TTPs:

T1491.002 - External Defacement
T1218.013 - Mavinject
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1546.005 - Trap
T1055.013 - Process Doppelgänging
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Moses Staff

Score: 11.69

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1032 - Standard Cryptographic Protocol
T1555.003 - Credentials from Web Browsers
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TeamTNT

Score: 53.85

Matched TTPs:

T1491.002 - External Defacement
T1499.001 - OS Exhaustion Flood
T1116 - Code Signing
T1218.013 - Mavinject
T1606.002 - SAML Tokens
T1176.001 - Browser Extensions
T1165 - Startup Items
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1036.009 - Break Process Trees
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1586.002 - Email Accounts
T1558 - Steal or Forge Kerberos Tickets
T1535 - Unused/Unsupported Cloud Regions
T1583.004 - Server
T1612 - Build Image on Host
T1583.006 - Web Services
T1142 - Keychain
T1597 - Search Closed Sources
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Metador

Score: 12.03

Matched TTPs:

T1491.002 - External Defacement
T1136.002 - Domain Account
T1204 - User Execution
T1199 - Trusted Relationship
T1591.004 - Identify Roles
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Putter Panda

Score: 3.39

Matched TTPs:

T1491.002 - External Defacement
T1597 - Search Closed Sources

MITREへのリンク →

Winnti Group

Score: 5.58

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1583.006 - Web Services
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Rocke

Score: 50.87

Matched TTPs:

T1499.001 - OS Exhaustion Flood
T1218.013 - Mavinject
T1165 - Startup Items
T1120 - Peripheral Device Discovery
T1036.009 - Break Process Trees
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1567.004 - Exfiltration Over Webhook
T1535 - Unused/Unsupported Cloud Regions
T1114.003 - Email Forwarding Rule
T1612 - Build Image on Host
T1583.006 - Web Services
T1597 - Search Closed Sources
T1059.011 - Lua
T1059.013 - Container CLI/API
T1506 - Web Session Cookie
T1027.004 - Compile After Delivery
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1556.005 - Reversible Encryption
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

Daggerfly

Score: 23.07

Matched TTPs:

T1584.008 - Network Devices
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1583.004 - Server
T1573 - Encrypted Channel
T1174 - Password Filter DLL
T1570 - Lateral Tool Transfer
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN5

Score: 10.76

Matched TTPs:

T1116 - Code Signing
T1547.011 - Plist Modification
T1055.013 - Process Doppelgänging
T1199 - Trusted Relationship
T1070.009 - Clear Persistence
T1134 - Access Token Manipulation

MITREへのリンク →

BackdoorDiplomacy

Score: 16.47

Matched TTPs:

T1116 - Code Signing
T1218.013 - Mavinject
T1089 - Disabling Security Tools
T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1136.002 - Domain Account
T1588.001 - Malware
T1199 - Trusted Relationship
T1059.011 - Lua
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Mustard Tempest

Score: 11.40

Matched TTPs:

T1218.013 - Mavinject
T1120 - Peripheral Device Discovery
T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1543.002 - Systemd Service
T1547.013 - XDG Autostart Entries

MITREへのリンク →

WIRTE

Score: 9.05

Matched TTPs:

T1218.013 - Mavinject
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

admin@338

Score: 8.10

Matched TTPs:

T1218.013 - Mavinject
T1087.002 - Domain Account
T1003.007 - Proc Filesystem
T1120 - Peripheral Device Discovery
T1218.010 - Regsvr32
T1591.004 - Identify Roles

MITREへのリンク →

PROMETHIUM

Score: 10.39

Matched TTPs:

T1218.013 - Mavinject
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1588.001 - Malware
T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

Machete

Score: 10.27

Matched TTPs:

T1218.013 - Mavinject
T1087.002 - Domain Account
T1685.002 - Disable or Modify Cloud Log
T1027.004 - Compile After Delivery
T1591.004 - Identify Roles
T1059.012 - Hypervisor CLI

MITREへのリンク →

Carbanak

Score: 11.01

Matched TTPs:

T1218.013 - Mavinject
T1176.001 - Browser Extensions
T1586.002 - Email Accounts
T1588.001 - Malware
T1199 - Trusted Relationship
T1547.002 - Authentication Package

MITREへのリンク →

Silence

Score: 30.85

Matched TTPs:

T1218.013 - Mavinject
T1087.002 - Domain Account
T1590.003 - Network Trust Dependencies
T1684 - Social Engineering
T1059.009 - Cloud API
T1546.005 - Trap
T1547.011 - Plist Modification
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1199 - Trusted Relationship
T1048 - Exfiltration Over Alternative Protocol
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution

MITREへのリンク →

SideCopy

Score: 14.55

Matched TTPs:

T1218.013 - Mavinject
T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1120 - Peripheral Device Discovery
T1590.003 - Network Trust Dependencies
T1091 - Replication Through Removable Media
T1506 - Web Session Cookie
T1159 - Launch Agent
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Leafminer

Score: 12.85

Matched TTPs:

T1178 - SID-History Injection
T1583.004 - Server
T1546.005 - Trap
T1199 - Trusted Relationship
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1134 - Access Token Manipulation

MITREへのリンク →

Salt Typhoon

Score: 20.81

Matched TTPs:

T1606.002 - SAML Tokens
T1165 - Startup Items
T1583.005 - Botnet
T1140 - Deobfuscate/Decode Files or Information
T1608.002 - Upload Tool
T1199 - Trusted Relationship
T1498 - Network Denial of Service
T1556 - Modify Authentication Process

MITREへのリンク →

Aoqin Dragon

Score: 11.70

Matched TTPs:

T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Cleaver

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1546.005 - Trap
T1199 - Trusted Relationship

MITREへのリンク →

APT12

Score: 4.68

Matched TTPs:

T1087.002 - Domain Account
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

RTM

Score: 10.50

Matched TTPs:

T1087.002 - Domain Account
T1089 - Disabling Security Tools
T1565.002 - Transmitted Data Manipulation
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

APT-C-36

Score: 6.80

Matched TTPs:

T1087.002 - Domain Account
T1588.001 - Malware
T1199 - Trusted Relationship
T1059.011 - Lua
T1547.013 - XDG Autostart Entries

MITREへのリンク →

CURIUM

Score: 17.68

Matched TTPs:

T1087.002 - Domain Account
T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1555.003 - Credentials from Web Browsers
T1087.004 - Cloud Account
T1218.001 - Compiled HTML File
T1059.012 - Hypervisor CLI
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

PLATINUM

Score: 13.98

Matched TTPs:

T1087.002 - Domain Account
T1558 - Steal or Forge Kerberos Tickets
T1684 - Social Engineering
T1546.005 - Trap
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries
T1686 - Disable or Modify System Firewall

MITREへのリンク →

TA551

Score: 13.54

Matched TTPs:

T1087.002 - Domain Account
T1558 - Steal or Forge Kerberos Tickets
T1027.014 - Polymorphic Code
T1562.011 - Spoof Security Alerting
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

LazyScripter

Score: 15.54

Matched TTPs:

T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1612 - Build Image on Host
T1608.005 - Link Target
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Star Blizzard

Score: 3.61

Matched TTPs:

T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship

MITREへのリンク →

Rancor

Score: 9.83

Matched TTPs:

T1087.002 - Domain Account
T1685.002 - Disable or Modify Cloud Log
T1204 - User Execution
T1591.004 - Identify Roles
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN4

Score: 6.11

Matched TTPs:

T1087.002 - Domain Account
T1574.010 - Services File Permissions Weakness
T1556.005 - Reversible Encryption

MITREへのリンク →

Cobalt Group

Score: 32.38

Matched TTPs:

T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1586.002 - Email Accounts
T1684 - Social Engineering
T1518.002 - Backup Software Discovery
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1128 - Netsh Helper DLL
T1506 - Web Session Cookie
T1591.004 - Identify Roles
T1601.001 - Patch System Image
T1070.009 - Clear Persistence
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion

MITREへのリンク →

EXOTIC LILY

Score: 9.30

Matched TTPs:

T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1612 - Build Image on Host
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Ajax Security Team

Score: 4.09

Matched TTPs:

T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1547.008 - LSASS Driver

MITREへのリンク →

Nomadic Octopus

Score: 4.71

Matched TTPs:

T1087.002 - Domain Account
T1558 - Steal or Forge Kerberos Tickets
T1591.004 - Identify Roles
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gorgon Group

Score: 18.60

Matched TTPs:

T1087.002 - Domain Account
T1590.003 - Network Trust Dependencies
T1059.010 - AutoHotKey & AutoIT
T1050 - New Service
T1059.009 - Cloud API
T1114.003 - Email Forwarding Rule
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1591.004 - Identify Roles
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Andariel

Score: 17.13

Matched TTPs:

T1087.002 - Domain Account
T1584.003 - Virtual Private Server
T1136.002 - Domain Account
T1583.006 - Web Services
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1562.011 - Spoof Security Alerting
T1059.012 - Hypervisor CLI
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Molerats

Score: 11.09

Matched TTPs:

T1087.002 - Domain Account
T1685.002 - Disable or Modify Cloud Log
T1059.010 - AutoHotKey & AutoIT
T1583.006 - Web Services
T1547.013 - XDG Autostart Entries
T1546.017 - Udev Rules

MITREへのリンク →

The White Company

Score: 10.21

Matched TTPs:

T1087.002 - Domain Account
T1218.010 - Regsvr32
T1506 - Web Session Cookie
T1070.009 - Clear Persistence
T1537 - Transfer Data to Cloud Account
T1578.001 - Create Snapshot

MITREへのリンク →

IndigoZebra

Score: 4.43

Matched TTPs:

T1087.002 - Domain Account
T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Confucius

Score: 8.23

Matched TTPs:

T1087.002 - Domain Account
T1608.005 - Link Target
T1087.004 - Cloud Account
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BlackTech

Score: 10.86

Matched TTPs:

T1087.002 - Domain Account
T1165 - Startup Items
T1089 - Disabling Security Tools
T1590.003 - Network Trust Dependencies
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

DarkVishnya

Score: 12.95

Matched TTPs:

T1176.001 - Browser Extensions
T1583.005 - Botnet
T1586.002 - Email Accounts
T1199 - Trusted Relationship
T1213.003 - Code Repositories

MITREへのリンク →

Evilnum

Score: 10.26

Matched TTPs:

T1562.009 - Safe Mode Boot
T1089 - Disabling Security Tools
T1565.002 - Transmitted Data Manipulation
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Scattered Spider

Score: 38.59

Matched TTPs:

T1165 - Startup Items
T1120 - Peripheral Device Discovery
T1535 - Unused/Unsupported Cloud Regions
T1136.002 - Domain Account
T1619 - Cloud Storage Object Discovery
T1087.004 - Cloud Account
T1199 - Trusted Relationship
T1597 - Search Closed Sources
T1090.004 - Domain Fronting
T1565.002 - Transmitted Data Manipulation
T1498 - Network Denial of Service
T1134 - Access Token Manipulation
T1547.013 - XDG Autostart Entries
T1622 - Debugger Evasion
T1548.006 - TCC Manipulation
T1204.001 - Malicious Link

MITREへのリンク →

Windigo

Score: 9.50

Matched TTPs:

T1120 - Peripheral Device Discovery
T1584.003 - Virtual Private Server
T1055.013 - Process Doppelgänging
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

LAPSUS$

Score: 23.34

Matched TTPs:

T1584.003 - Virtual Private Server
T1136.002 - Domain Account
T1619 - Cloud Storage Object Discovery
T1596.004 - CDNs
T1199 - Trusted Relationship
T1601 - Modify System Image
T1592.003 - Firmware
T1548.006 - TCC Manipulation

MITREへのリンク →

GOLD SOUTHFIELD

Score: 8.85

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1586.002 - Email Accounts
T1573 - Encrypted Channel
T1601.001 - Patch System Image

MITREへのリンク →

Volatile Cedar

Score: 4.01

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1555.003 - Credentials from Web Browsers
T1547.013 - XDG Autostart Entries

MITREへのリンク →

MoustachedBouncer

Score: 6.59

Matched TTPs:

T1055.003 - Thread Execution Hijacking
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Threat Group-1314

Score: 6.17

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1591.004 - Identify Roles

MITREへのリンク →

Orangeworm

Score: 3.12

Matched TTPs:

T1032 - Standard Cryptographic Protocol
T1556.005 - Reversible Encryption

MITREへのリンク →

Equation

Score: 8.67

Matched TTPs:

T1589.003 - Employee Names
T1037.001 - Logon Script (Windows)

MITREへのリンク →

POLONIUM

Score: 5.26

Matched TTPs:

T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.002 - Authentication Package

MITREへのリンク →

Thrip

Score: 6.52

Matched TTPs:

T1199 - Trusted Relationship
T1565.002 - Transmitted Data Manipulation
T1556 - Modify Authentication Process

MITREへのリンク →

RedEcho

Score: 3.93

Matched TTPs:

T1128 - Netsh Helper DLL
T1556.005 - Reversible Encryption

MITREへのリンク →

Lazarus Group

Score: 0.80

Matched TTPs:

T1547.008 - LSASS Driver
T1588.001 - Malware
T1070.008 - Clear Mailbox Data
T1677 - Poisoned Pipeline Execution
T1558.005 - Ccache Files
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1557.001 - Name Resolution Poisoning and SMB Relay
T1583.006 - Web Services
T1591.004 - Identify Roles
T1606.002 - SAML Tokens
T1578.001 - Create Snapshot
T1557 - Adversary-in-the-Middle
T1059.010 - AutoHotKey & AutoIT
T1032 - Standard Cryptographic Protocol
T1116 - Code Signing
T1069.001 - Local Groups
T1059.012 - Hypervisor CLI
T1608.005 - Link Target
T1546.016 - Installer Packages
T1491.002 - External Defacement
T1055.005 - Thread Local Storage
T1570 - Lateral Tool Transfer
T1055.015 - ListPlanting
T1556.005 - Reversible Encryption
T1174 - Password Filter DLL
T1547.011 - Plist Modification
T1070.006 - Timestomp
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1132.001 - Standard Encoding
T1087.002 - Domain Account
T1176.001 - Browser Extensions
T1050 - New Service
T1567.004 - Exfiltration Over Webhook
T1070.009 - Clear Persistence
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution
T1218.013 - Mavinject
T1089 - Disabling Security Tools
T1556 - Modify Authentication Process
T1205 - Traffic Signaling
T1165 - Startup Items
T1199 - Trusted Relationship
T1622 - Debugger Evasion
T1584.003 - Virtual Private Server
T1087.004 - Cloud Account
T1569.002 - Service Execution
T1590.003 - Network Trust Dependencies

MITREへのリンク →

Mustang Panda

Score: 0.68

Matched TTPs:

T1597.002 - Purchase Technical Data
T1677 - Poisoned Pipeline Execution
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1583.006 - Web Services
T1591.004 - Identify Roles
T1608 - Stage Capabilities
T1606.002 - SAML Tokens
T1134 - Access Token Manipulation
T1612 - Build Image on Host
T1204 - User Execution
T1560.001 - Archive via Utility
T1059.010 - AutoHotKey & AutoIT
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1116 - Code Signing
T1608.005 - Link Target
T1055.005 - Thread Local Storage
T1555.003 - Credentials from Web Browsers
T1556.005 - Reversible Encryption
T1059.011 - Lua
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1169 - Sudo
T1567.004 - Exfiltration Over Webhook
T1070.009 - Clear Persistence
T1218.013 - Mavinject
T1089 - Disabling Security Tools
T1562.006 - Indicator Blocking
T1159 - Launch Agent
T1556 - Modify Authentication Process
T1055.013 - Process Doppelgänging
T1092 - Communication Through Removable Media
T1199 - Trusted Relationship
T1546.005 - Trap
T1087.004 - Cloud Account
T1136.001 - Local Account
T1569.001 - Launchctl
T1565.002 - Transmitted Data Manipulation
T1548.006 - TCC Manipulation
T1590.003 - Network Trust Dependencies

MITREへのリンク →

Turla

Score: 0.68

Matched TTPs:

T1601.001 - Patch System Image
T1120 - Peripheral Device Discovery
T1506 - Web Session Cookie
T1557.001 - Name Resolution Poisoning and SMB Relay
T1583.006 - Web Services
T1591.004 - Identify Roles
T1606.002 - SAML Tokens
T1134 - Access Token Manipulation
T1612 - Build Image on Host
T1204 - User Execution
T1560.001 - Archive via Utility
T1490 - Inhibit System Recovery
T1578.001 - Create Snapshot
T1552.005 - Cloud Instance Metadata API
T1059.010 - AutoHotKey & AutoIT
T1056.001 - Keylogging
T1032 - Standard Cryptographic Protocol
T1014 - Rootkit
T1059.009 - Cloud API
T1059.012 - Hypervisor CLI
T1608.005 - Link Target
T1546.016 - Installer Packages
T1570 - Lateral Tool Transfer
T1136.002 - Domain Account
T1556.005 - Reversible Encryption
T1113 - Screen Capture
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1003.007 - Proc Filesystem
T1218.013 - Mavinject
T1027.004 - Compile After Delivery
T1218.001 - Compiled HTML File
T1684 - Social Engineering
T1199 - Trusted Relationship
T1584.003 - Virtual Private Server
T1569.002 - Service Execution
T1590.003 - Network Trust Dependencies

MITREへのリンク →

APT28

Score: 0.65

Matched TTPs:

T1059.001 - PowerShell
T1597.002 - Purchase Technical Data
T1548.004 - Elevated Execution with Prompt
T1583.006 - Web Services
T1592.003 - Firmware
T1583.005 - Botnet
T1591.004 - Identify Roles
T1055.008 - Ptrace System Calls
T1564.004 - NTFS File Attributes
T1560.001 - Archive via Utility
T1552.005 - Cloud Instance Metadata API
T1059.010 - AutoHotKey & AutoIT
T1032 - Standard Cryptographic Protocol
T1116 - Code Signing
T1059.012 - Hypervisor CLI
T1608.005 - Link Target
T1491.002 - External Defacement
T1566.003 - Spearphishing via Service
T1555.003 - Credentials from Web Browsers
T1556.005 - Reversible Encryption
T1546.007 - Netsh Helper DLL
T1547.011 - Plist Modification
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1547.002 - Authentication Package
T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1567.004 - Exfiltration Over Webhook
T1070.009 - Clear Persistence
T1499.001 - OS Exhaustion Flood
T1218.013 - Mavinject
T1588.003 - Code Signing Certificates
T1542.004 - ROMMONkit
T1685.001 - Disable or Modify Windows Event Log
T1199 - Trusted Relationship
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1558 - Steal or Forge Kerberos Tickets
T1548.006 - TCC Manipulation

MITREへのリンク →

Kimsuky

Score: 0.64

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1588.001 - Malware
T1601.001 - Patch System Image
T1120 - Peripheral Device Discovery
T1506 - Web Session Cookie
T1008 - Fallback Channels
T1583.006 - Web Services
T1591.004 - Identify Roles
T1583.005 - Botnet
T1606.002 - SAML Tokens
T1608 - Stage Capabilities
T1126 - Network Share Connection Removal
T1560.001 - Archive via Utility
T1490 - Inhibit System Recovery
T1059.010 - AutoHotKey & AutoIT
T1116 - Code Signing
T1059.009 - Cloud API
T1608.005 - Link Target
T1570 - Lateral Tool Transfer
T1555.003 - Credentials from Web Browsers
T1556.005 - Reversible Encryption
T1059.011 - Lua
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1583.004 - Server
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1176.001 - Browser Extensions
T1003.007 - Proc Filesystem
T1567.004 - Exfiltration Over Webhook
T1070.009 - Clear Persistence
T1218.013 - Mavinject
T1027.004 - Compile After Delivery
T1205 - Traffic Signaling
T1092 - Communication Through Removable Media
T1684 - Social Engineering
T1199 - Trusted Relationship
T1622 - Debugger Evasion
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1087.004 - Cloud Account
T1565.002 - Transmitted Data Manipulation
T1027.014 - Polymorphic Code

MITREへのリンク →

APT32

Score: 0.60

Matched TTPs:

T1588.001 - Malware
T1597.002 - Purchase Technical Data
T1601.001 - Patch System Image
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1591.004 - Identify Roles
T1134 - Access Token Manipulation
T1612 - Build Image on Host
T1490 - Inhibit System Recovery
T1557 - Adversary-in-the-Middle
T1032 - Standard Cryptographic Protocol
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1059.009 - Cloud API
T1059.012 - Hypervisor CLI
T1608.005 - Link Target
T1491.002 - External Defacement
T1570 - Lateral Tool Transfer
T1555.003 - Credentials from Web Browsers
T1556.005 - Reversible Encryption
T1113 - Screen Capture
T1174 - Password Filter DLL
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1176.001 - Browser Extensions
T1567.004 - Exfiltration Over Webhook
T1070.009 - Clear Persistence
T1218.013 - Mavinject
T1089 - Disabling Security Tools
T1027.007 - Dynamic API Resolution
T1556 - Modify Authentication Process
T1055.013 - Process Doppelgänging
T1092 - Communication Through Removable Media
T1684 - Social Engineering
T1199 - Trusted Relationship
T1546.005 - Trap
T1087.004 - Cloud Account
T1558 - Steal or Forge Kerberos Tickets
T1027.014 - Polymorphic Code

MITREへのリンク →

Medusa Group

Score: 0.57

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1218.003 - CMSTP
T1601.001 - Patch System Image
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1586.002 - Email Accounts
T1506 - Web Session Cookie
T1583.006 - Web Services
T1591.004 - Identify Roles
T1094 - Custom Command and Control Protocol
T1134 - Access Token Manipulation
T1547.012 - Print Processors
T1557 - Adversary-in-the-Middle
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1059.009 - Cloud API
T1608.005 - Link Target
T1598 - Phishing for Information
T1555.003 - Credentials from Web Browsers
T1556.005 - Reversible Encryption
T1140 - Deobfuscate/Decode Files or Information
T1597 - Search Closed Sources
T1566.004 - Spearphishing Voice
T1128 - Netsh Helper DLL
T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution
T1176.001 - Browser Extensions
T1070.009 - Clear Persistence
T1027.007 - Dynamic API Resolution
T1199 - Trusted Relationship
T1622 - Debugger Evasion
T1546.005 - Trap
T1204.001 - Malicious Link
T1548.006 - TCC Manipulation
T1590.003 - Network Trust Dependencies

MITREへのリンク →

Sandworm Team

Score: 0.57

Matched TTPs:

T1601.001 - Patch System Image
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1586.002 - Email Accounts
T1075 - Pass the Hash
T1583.005 - Botnet
T1606.002 - SAML Tokens
T1134 - Access Token Manipulation
T1005 - Data from Local System
T1557 - Adversary-in-the-Middle
T1059.010 - AutoHotKey & AutoIT
T1032 - Standard Cryptographic Protocol
T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
T1546.016 - Installer Packages
T1555.003 - Credentials from Web Browsers
T1556.005 - Reversible Encryption
T1059.011 - Lua
T1091 - Replication Through Removable Media
T1187 - Forced Authentication
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1547.002 - Authentication Package
T1566.004 - Spearphishing Voice
T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1070.009 - Clear Persistence
T1218.013 - Mavinject
T1199 - Trusted Relationship
T1049 - System Network Connections Discovery
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1087.004 - Cloud Account
T1573 - Encrypted Channel
T1558 - Steal or Forge Kerberos Tickets
T1204.001 - Malicious Link
T1548.006 - TCC Manipulation
T1590.003 - Network Trust Dependencies

MITREへのリンク →

Gamaredon Group

Score: 0.57

Matched TTPs:

T1601.001 - Patch System Image
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1506 - Web Session Cookie
T1583.006 - Web Services
T1591.004 - Identify Roles
T1608 - Stage Capabilities
T1612 - Build Image on Host
T1552.005 - Cloud Instance Metadata API
T1547.012 - Print Processors
T1557 - Adversary-in-the-Middle
T1059.010 - AutoHotKey & AutoIT
T1546.017 - Udev Rules
T1059.009 - Cloud API
T1608.005 - Link Target
T1570 - Lateral Tool Transfer
T1556.005 - Reversible Encryption
T1059.011 - Lua
T1091 - Replication Through Removable Media
T1597 - Search Closed Sources
T1547.002 - Authentication Package
T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1070.009 - Clear Persistence
T1218.013 - Mavinject
T1542.004 - ROMMONkit
T1562.009 - Safe Mode Boot
T1059.013 - Container CLI/API
T1205 - Traffic Signaling
T1092 - Communication Through Removable Media
T1061 - Graphical User Interface
T1684 - Social Engineering
T1199 - Trusted Relationship
T1584.003 - Virtual Private Server
T1087.004 - Cloud Account
T1590.003 - Network Trust Dependencies

MITREへのリンク →

FIN7

Score: 0.56

Matched TTPs:

T1059.001 - PowerShell
T1588.001 - Malware
T1601.001 - Patch System Image
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1586.002 - Email Accounts
T1583.006 - Web Services
T1591.004 - Identify Roles
T1606.002 - SAML Tokens
T1490 - Inhibit System Recovery
T1578.001 - Create Snapshot
T1557 - Adversary-in-the-Middle
T1059.010 - AutoHotKey & AutoIT
T1608.005 - Link Target
T1564.002 - Hidden Users
T1055.015 - ListPlanting
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1547.002 - Authentication Package
T1087.002 - Domain Account
T1547.013 - XDG Autostart Entries
T1176.001 - Browser Extensions
T1011.001 - Exfiltration Over Bluetooth
T1218.013 - Mavinject
T1027.007 - Dynamic API Resolution
T1205 - Traffic Signaling
T1165 - Startup Items
T1055.013 - Process Doppelgänging
T1092 - Communication Through Removable Media
T1199 - Trusted Relationship
T1622 - Debugger Evasion
T1584.003 - Virtual Private Server
T1573 - Encrypted Channel

MITREへのリンク →

APT41

Score: 0.56

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1588.001 - Malware
T1177 - LSASS Driver
T1120 - Peripheral Device Discovery
T1047 - Windows Management Instrumentation
T1008 - Fallback Channels
T1591.004 - Identify Roles
T1134 - Access Token Manipulation
T1560.001 - Archive via Utility
T1557 - Adversary-in-the-Middle
T1032 - Standard Cryptographic Protocol
T1059.009 - Cloud API
T1048 - Exfiltration Over Alternative Protocol
T1570 - Lateral Tool Transfer
T1055.015 - ListPlanting
T1556.005 - Reversible Encryption
T1059.011 - Lua
T1140 - Deobfuscate/Decode Files or Information
T1583.004 - Server
T1218.010 - Regsvr32
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1176.001 - Browser Extensions
T1070.009 - Clear Persistence
T1499.001 - OS Exhaustion Flood
T1584.008 - Network Devices
T1218.013 - Mavinject
T1089 - Disabling Security Tools
T1027.007 - Dynamic API Resolution
T1037.001 - Logon Script (Windows)
T1684 - Social Engineering
T1199 - Trusted Relationship
T1622 - Debugger Evasion
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1573 - Encrypted Channel
T1548.006 - TCC Manipulation

MITREへのリンク →

Volt Typhoon

Score: 0.55

Matched TTPs:

T1537 - Transfer Data to Cloud Account
T1070.008 - Clear Mailbox Data
T1047 - Windows Management Instrumentation
T1583.006 - Web Services
T1591.004 - Identify Roles
T1134 - Access Token Manipulation
T1560.001 - Archive via Utility
T1578.001 - Create Snapshot
T1557 - Adversary-in-the-Middle
T1059.010 - AutoHotKey & AutoIT
T1116 - Code Signing
T1059.009 - Cloud API
T1535 - Unused/Unsupported Cloud Regions
T1546.016 - Installer Packages
T1570 - Lateral Tool Transfer
T1555.003 - Credentials from Web Browsers
T1140 - Deobfuscate/Decode Files or Information
T1070.006 - Timestomp
T1566.004 - Spearphishing Voice
T1547.013 - XDG Autostart Entries
T1003.007 - Proc Filesystem
T1070.009 - Clear Persistence
T1218.013 - Mavinject
T1159 - Launch Agent
T1562.009 - Safe Mode Boot
T1685.001 - Disable or Modify Windows Event Log
T1199 - Trusted Relationship
T1049 - System Network Connections Discovery
T1622 - Debugger Evasion
T1584.003 - Virtual Private Server
T1546.005 - Trap
T1569.002 - Service Execution
T1567 - Exfiltration Over Web Service
T1548.006 - TCC Manipulation

MITREへのリンク →

Sakula Malware Family

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)