Trusted Design

Sakula Malware Family

概要

Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers analyzed multiple versions of a remote access trojan (RAT) named Sakula (also known as Sakurel and VIPER). The RAT, which according to compile timestamps first surfaced in November 2012, has been used in targeted intrusions through 2015. Sakula enables an adversary to run interactive commands as well as to download and execute additional components. Sakula uses HTTP GET and POST communication for command and control (C2). Network communication is obfuscated with single-byte XOR encoding. Sakula also leverages single-byte XOR encoding to obfuscate various strings and files embedded in the resource section, which are subsequently used for User Account Control (UAC) bypass on both 32 and 64-bit systems. Most samples maintain persistence through a registry Run key, although some samples configure themselves as a service.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 38.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

menuPass

Score: 48.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Wizard Spider

Score: 70.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 21.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Fox Kitten

Score: 44.56
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.004 - SSH
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1546.008 - Accessibility Features
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Volt Typhoon

Score: 75.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1552 - Unsecured Credentials
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1552.004 - Private Keys
  • T1003.001 - LSASS Memory
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 15.60
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Mustang Panda

Score: 97.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1176.002 - IDE Extensions
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1072 - Software Deployment Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 29.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1057 - Process Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Chimera

Score: 58.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1070.006 - Timestomp
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1556.001 - Domain Controller Authentication
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1124 - System Time Discovery
MITREへのリンク →

Gallmaker

Score: 4.67
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sea Turtle

Score: 14.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1071.001 - Web Protocols
  • T1078.003 - Local Accounts
MITREへのリンク →

APT39

Score: 70.92
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1059.010 - AutoHotKey & AutoIT
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 34.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1573.002 - Asymmetric Cryptography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

APT5

Score: 38.99
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.004 - SSH
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1070 - Indicator Removal
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 28.08
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

GALLIUM

Score: 35.78
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 75.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1014 - Rootkit
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1546.008 - Accessibility Features
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1480.001 - Environmental Keying
  • T1008 - Fallback Channels
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 65.33
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 92.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1070.006 - Timestomp
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1137.002 - Office Test
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1001.001 - Junk Data
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Turla

Score: 88.87
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.011 - Fileless Storage
  • T1564.012 - File/Path Exclusions
  • T1546.013 - PowerShell Profile
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1134.002 - Create Process with Token
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

Sowbug

Score: 10.52
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1082 - System Information Discovery
  • T1039 - Data from Network Shared Drive
  • T1059.003 - Windows Command Shell
MITREへのリンク →

BRONZE BUTLER

Score: 47.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
  • T1053.002 - At
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 63.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1014 - Rootkit
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1070.006 - Timestomp
  • T1681 - Search Threat Vendor Data
  • T1003.001 - LSASS Memory
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1037.004 - RC Scripts
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

Kimsuky

Score: 93.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1027.016 - Junk Code Insertion
  • T1036.004 - Masquerade Task or Service
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1587 - Develop Capabilities
  • T1102.001 - Dead Drop Resolver
  • T1078.003 - Local Accounts
MITREへのリンク →

APT3

Score: 42.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1021.002 - SMB/Windows Admin Shares
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN8

Score: 39.42
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Ke3chang

Score: 51.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1614.001 - System Language Discovery
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Lotus Blossom

Score: 16.36
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1074.001 - Local Data Staging
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 51.16
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 48.14
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Magic Hound

Score: 68.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 41.72
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 23.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 14.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ToddyCat

Score: 19.85
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cinnamon Tempest

Score: 15.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 74.11
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1543.003 - Windows Service
  • T1559.001 - Component Object Model
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1072 - Software Deployment Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1650 - Acquire Access
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Gamaredon Group

Score: 79.62
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1559.001 - Component Object Model
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1027.016 - Junk Code Insertion
  • T1102 - Web Service
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

APT32

Score: 82.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.011 - Fileless Storage
  • T1033 - System Owner/User Discovery
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1072 - Software Deployment Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Leviathan

Score: 49.86
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1027.013 - Encrypted/Encoded File
  • T1584.008 - Network Devices
  • T1074.001 - Local Data Staging
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1547.009 - Shortcut Modification
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1041 - Exfiltration Over C2 Channel
  • T1218.010 - Regsvr32
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 38.03
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1037.004 - RC Scripts
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN7

Score: 70.51
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
  • T1078.003 - Local Accounts
MITREへのリンク →

Blue Mockingbird

Score: 25.55
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.003 - Windows Command Shell
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 10.74
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1036.004 - Masquerade Task or Service
  • T1518.001 - Security Software Discovery
  • T1018 - Remote System Discovery
MITREへのリンク →

Lazarus Group

Score: 118.14
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1070.006 - Timestomp
  • T1620 - Reflective Code Loading
  • T1547.009 - Shortcut Modification
  • T1010 - Application Window Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1134.002 - Create Process with Token
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Sandworm Team

Score: 78.57
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1040 - Network Sniffing
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1584.005 - Botnet
  • T1072 - Software Deployment Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Indrik Spider

Score: 33.67
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1136 - Create Account
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 28.44
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Stealth Falcon

Score: 15.02
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
MITREへのリンク →

APT29

Score: 59.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1070.006 - Timestomp
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1037.004 - RC Scripts
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

OilRig

Score: 74.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1025 - Data from Removable Media
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1021.004 - SSH
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Windshift

Score: 21.99
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 35.00
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Deep Panda

Score: 14.33
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 62.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1003.001 - LSASS Memory
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 28.90
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1547 - Boot or Logon Autostart Execution
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 42.21
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1003.002 - Security Account Manager
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1003.004 - LSA Secrets
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021 - Remote Services
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
MITREへのリンク →

BlackByte

Score: 53.93
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1543.003 - Windows Service
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1021.002 - SMB/Windows Admin Shares
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1614.001 - System Language Discovery
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT38

Score: 58.88
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1565.003 - Runtime Data Manipulation
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1070.006 - Timestomp
  • T1480.002 - Mutual Exclusion
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Moonstone Sleet

Score: 32.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1027 - Obfuscated Files or Information
  • T1195.002 - Compromise Software Supply Chain
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 27.25
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1059 - Command and Scripting Interpreter
  • T1036.004 - Masquerade Task or Service
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 22.98
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN10

Score: 11.30
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

APT37

Score: 33.47
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1059 - Command and Scripting Interpreter
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Tropic Trooper

Score: 39.61
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

ZIRCONIUM

Score: 32.87
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1082 - System Information Discovery
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Patchwork

Score: 29.58
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

LuminousMoth

Score: 19.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 25.55
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Dragonfly

Score: 50.51
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1074.001 - Local Data Staging
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1136.001 - Local Account
  • T1059 - Command and Scripting Interpreter
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1070.004 - File Deletion
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
MITREへのリンク →

Storm-1811

Score: 38.92
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1036.010 - Masquerade Account Name
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 24.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1027.013 - Encrypted/Encoded File
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

TA577

Score: 4.80
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Poseidon Group

Score: 7.77
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Tonto Team

Score: 16.98
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1059.006 - Python
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Suckfly

Score: 3.55
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Storm-0501

Score: 36.43
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1552.004 - Private Keys
  • T1021.006 - Windows Remote Management
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
  • T1027.002 - Software Packing
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Axiom

Score: 26.40
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

Contagious Interview

Score: 48.27
Matched TTPs:
  • T1588.007 - Artificial Intelligence
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1219.002 - Remote Desktop Software
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1204.004 - Malicious Copy and Paste
  • T1587 - Develop Capabilities
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Inception

Score: 18.10
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

Dark Caracal

Score: 15.75
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Elderwood

Score: 8.47
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Darkhotel

Score: 24.86
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1124 - System Time Discovery
MITREへのリンク →

Transparent Tribe

Score: 6.78
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT18

Score: 10.94
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1082 - System Information Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

Saint Bear

Score: 16.84
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1059 - Command and Scripting Interpreter
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.002 - Software Packing
MITREへのリンク →

BITTER

Score: 14.38
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 25.27
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Higaisa

Score: 27.07
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 10.68
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1614.001 - System Language Discovery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Mofang

Score: 5.53
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Whitefly

Score: 10.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1003.001 - LSASS Memory
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Moses Staff

Score: 11.69
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 53.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1014 - Rootkit
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1021.004 - SSH
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1552.004 - Private Keys
  • T1136.001 - Local Account
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Metador

Score: 12.03
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1059.003 - Windows Command Shell
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 50.87
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.004 - SSH
  • T1082 - System Information Discovery
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1070.006 - Timestomp
  • T1552.004 - Private Keys
  • T1055.002 - Portable Executable Injection
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1059.006 - Python
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Daggerfly

Score: 23.07
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1136.001 - Local Account
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN5

Score: 10.76
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1090.002 - External Proxy
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 16.47
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mustard Tempest

Score: 11.40
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 9.05
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

admin@338

Score: 8.10
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
MITREへのリンク →

PROMETHIUM

Score: 10.39
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Machete

Score: 10.27
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.006 - Python
  • T1059.003 - Windows Command Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Carbanak

Score: 11.01
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Silence

Score: 30.85
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1090.002 - External Proxy
  • T1072 - Software Deployment Tools
  • T1588.002 - Tool
  • T1218.001 - Compiled HTML File
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

SideCopy

Score: 14.55
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1082 - System Information Discovery
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Leafminer

Score: 12.85
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1136.001 - Local Account
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
MITREへのリンク →

Salt Typhoon

Score: 20.81
Matched TTPs:
  • T1587.001 - Malware
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1588.002 - Tool
  • T1136 - Create Account
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Aoqin Dragon

Score: 11.70
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Cleaver

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1588.002 - Tool
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RTM

Score: 10.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 6.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036.004 - Masquerade Task or Service
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 17.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1041 - Exfiltration Over C2 Channel
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 13.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1003.001 - LSASS Memory
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 13.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 15.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 3.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Rancor

Score: 9.83
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1059.003 - Windows Command Shell
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 6.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
  • T1071.001 - Web Protocols
MITREへのリンク →

Cobalt Group

Score: 32.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1059.003 - Windows Command Shell
  • T1027.010 - Command Obfuscation
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

EXOTIC LILY

Score: 9.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Nomadic Octopus

Score: 4.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 18.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.009 - Shortcut Modification
  • T1112 - Modify Registry
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 17.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Molerats

Score: 11.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 10.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1124 - System Time Discovery
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 8.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1041 - Exfiltration Over C2 Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 10.86
Matched TTPs:
  • T1204.002 - Malicious File
  • T1021.004 - SSH
  • T1574.001 - DLL
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

DarkVishnya

Score: 12.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

Evilnum

Score: 10.26
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Scattered Spider

Score: 38.59
Matched TTPs:
  • T1021.004 - SSH
  • T1082 - System Information Discovery
  • T1552.004 - Private Keys
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1041 - Exfiltration Over C2 Channel
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
  • T1136 - Create Account
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1003.003 - NTDS
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Windigo

Score: 9.50
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1059 - Command and Scripting Interpreter
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

LAPSUS$

Score: 23.34
Matched TTPs:
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1552.008 - Chat Messages
  • T1588.002 - Tool
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1003.003 - NTDS
MITREへのリンク →

GOLD SOUTHFIELD

Score: 8.85
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1195.002 - Compromise Software Supply Chain
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Volatile Cedar

Score: 4.01
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MoustachedBouncer

Score: 6.59
Matched TTPs:
  • T1659 - Content Injection
  • T1027.002 - Software Packing
MITREへのリンク →

Threat Group-1314

Score: 6.17
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1072 - Software Deployment Tools
  • T1059.003 - Windows Command Shell
MITREへのリンク →

Orangeworm

Score: 3.12
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.001 - Web Protocols
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Thrip

Score: 6.52
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

RedEcho

Score: 3.93
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.80
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1583.006 - Web Services
  • T1547.009 - Shortcut Modification
  • T1218 - System Binary Proxy Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1047 - Windows Management Instrumentation
  • T1189 - Drive-by Compromise
  • T1012 - Query Registry
  • T1082 - System Information Discovery
  • T1562.001 - Disable or Modify Tools
  • T1124 - System Time Discovery
  • T1529 - System Shutdown/Reboot
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1008 - Fallback Channels
  • T1033 - System Owner/User Discovery
  • T1010 - Application Window Discovery
  • T1005 - Data from Local System
  • T1021.001 - Remote Desktop Protocol
  • T1021.004 - SSH
  • T1070 - Indicator Removal
  • T1543.003 - Windows Service
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1134.002 - Create Process with Token
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1090.002 - External Proxy
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
  • T1574.013 - KernelCallbackTable
  • T1036.004 - Masquerade Task or Service
  • T1036.003 - Rename Legitimate Utilities
  • T1027.007 - Dynamic API Resolution
  • T1070.004 - File Deletion
  • T1202 - Indirect Command Execution
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1584.004 - Server
  • T1620 - Reflective Code Loading
  • T1074.001 - Local Data Staging
  • T1071.001 - Web Protocols
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1587.001 - Malware
MITREへのリンク →

Mustang Panda

Score: 0.68
Matched TTPs:
  • T1678 - Delay Execution
  • T1583.006 - Web Services
  • T1176.002 - IDE Extensions
  • T1018 - Remote System Discovery
  • T1219.002 - Remote Desktop Software
  • T1003.003 - NTDS
  • T1027.012 - LNK Icon Smuggling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1505.003 - Web Shell
  • T1608.001 - Upload Malware
  • T1070 - Indicator Removal
  • T1072 - Software Deployment Tools
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1560.001 - Archive via Utility
  • T1027.016 - Junk Code Insertion
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1003 - OS Credential Dumping
  • T1027.007 - Dynamic API Resolution
  • T1070.004 - File Deletion
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1608 - Stage Capabilities
  • T1219.001 - IDE Tunneling
  • T1518 - Software Discovery
  • T1074.001 - Local Data Staging
  • T1071.001 - Web Protocols
  • T1059 - Command and Scripting Interpreter
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Turla

Score: 0.68
Matched TTPs:
  • T1583.006 - Web Services
  • T1018 - Remote System Discovery
  • T1570 - Lateral Tool Transfer
  • T1588.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1189 - Drive-by Compromise
  • T1012 - Query Registry
  • T1082 - System Information Discovery
  • T1562.001 - Disable or Modify Tools
  • T1124 - System Time Discovery
  • T1102.002 - Bidirectional Communication
  • T1546.013 - PowerShell Profile
  • T1005 - Data from Local System
  • T1059.006 - Python
  • T1078.003 - Local Accounts
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1134.002 - Create Process with Token
  • T1584.006 - Web Services
  • T1102 - Web Service
  • T1007 - System Service Discovery
  • T1090.001 - Internal Proxy
  • T1564.012 - File/Path Exclusions
  • T1560.001 - Archive via Utility
  • T1059.003 - Windows Command Shell
  • T1105 - Ingress Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1027.011 - Fileless Storage
  • T1025 - Data from Removable Media
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1106 - Native API
  • T1112 - Modify Registry
  • T1584.004 - Server
  • T1055 - Process Injection
  • T1071.001 - Web Protocols
  • T1518.001 - Security Software Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1587.001 - Malware
MITREへのリンク →

APT28

Score: 0.65
Matched TTPs:
  • T1589.001 - Credentials
  • T1014 - Rootkit
  • T1583.006 - Web Services
  • T1003.003 - NTDS
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1210 - Exploitation of Remote Services
  • T1189 - Drive-by Compromise
  • T1550.001 - Application Access Token
  • T1036 - Masquerading
  • T1669 - Wi-Fi Networks
  • T1001.001 - Junk Data
  • T1102.002 - Bidirectional Communication
  • T1505.003 - Web Shell
  • T1005 - Data from Local System
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1211 - Exploitation for Defense Evasion
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1560.001 - Archive via Utility
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1025 - Data from Removable Media
  • T1137.002 - Office Test
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1074.001 - Local Data Staging
  • T1546.015 - Component Object Model Hijacking
  • T1071.001 - Web Protocols
  • T1584.008 - Network Devices
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1057 - Process Discovery
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1583.006 - Web Services
  • T1219.002 - Remote Desktop Software
  • T1040 - Network Sniffing
  • T1027.012 - LNK Icon Smuggling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1012 - Query Registry
  • T1082 - System Information Discovery
  • T1562.001 - Disable or Modify Tools
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1505.003 - Web Shell
  • T1005 - Data from Local System
  • T1021.001 - Remote Desktop Protocol
  • T1608.001 - Upload Malware
  • T1059.006 - Python
  • T1136.001 - Local Account
  • T1543.003 - Windows Service
  • T1078.003 - Local Accounts
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.010 - Regsvr32
  • T1190 - Exploit Public-Facing Application
  • T1007 - System Service Discovery
  • T1059.003 - Windows Command Shell
  • T1560.001 - Archive via Utility
  • T1027.016 - Junk Code Insertion
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
  • T1027.010 - Command Obfuscation
  • T1036.004 - Masquerade Task or Service
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1620 - Reflective Code Loading
  • T1055 - Process Injection
  • T1587 - Develop Capabilities
  • T1074.001 - Local Data Staging
  • T1071.001 - Web Protocols
  • T1518.001 - Security Software Discovery
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1057 - Process Discovery
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT32

Score: 0.60
Matched TTPs:
  • T1583.006 - Web Services
  • T1018 - Remote System Discovery
  • T1570 - Lateral Tool Transfer
  • T1070.006 - Timestomp
  • T1047 - Windows Management Instrumentation
  • T1189 - Drive-by Compromise
  • T1012 - Query Registry
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1041 - Exfiltration Over C2 Channel
  • T1033 - System Owner/User Discovery
  • T1505.003 - Web Shell
  • T1608.001 - Upload Malware
  • T1072 - Software Deployment Tools
  • T1543.003 - Windows Service
  • T1078.003 - Local Accounts
  • T1027.013 - Encrypted/Encoded File
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1218.010 - Regsvr32
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1027.016 - Junk Code Insertion
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1027.011 - Fileless Storage
  • T1036.004 - Masquerade Task or Service
  • T1003 - OS Credential Dumping
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1055 - Process Injection
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1059 - Command and Scripting Interpreter
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Medusa Group

Score: 0.57
Matched TTPs:
  • T1583.006 - Web Services
  • T1018 - Remote System Discovery
  • T1570 - Lateral Tool Transfer
  • T1608.002 - Upload Tool
  • T1003.003 - NTDS
  • T1047 - Windows Management Instrumentation
  • T1562.001 - Disable or Modify Tools
  • T1082 - System Information Discovery
  • T1529 - System Shutdown/Reboot
  • T1219 - Remote Access Tools
  • T1033 - System Owner/User Discovery
  • T1505.003 - Web Shell
  • T1218.014 - MMC
  • T1021.001 - Remote Desktop Protocol
  • T1650 - Acquire Access
  • T1072 - Software Deployment Tools
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1059.003 - Windows Command Shell
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1559.001 - Component Object Model
  • T1027.010 - Command Obfuscation
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1106 - Native API
  • T1112 - Modify Registry
  • T1490 - Inhibit System Recovery
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1518.001 - Security Software Discovery
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1057 - Process Discovery
MITREへのリンク →

Sandworm Team

Score: 0.57
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1570 - Lateral Tool Transfer
  • T1003.003 - NTDS
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1036 - Masquerading
  • T1041 - Exfiltration Over C2 Channel
  • T1219 - Remote Access Tools
  • T1102.002 - Bidirectional Communication
  • T1033 - System Owner/User Discovery
  • T1505.003 - Web Shell
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1072 - Software Deployment Tools
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1592.002 - Software
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1195.002 - Compromise Software Supply Chain
  • T1584.005 - Botnet
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1584.004 - Server
  • T1490 - Inhibit System Recovery
  • T1071.001 - Web Protocols
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1587.001 - Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Gamaredon Group

Score: 0.57
Matched TTPs:
  • T1583.006 - Web Services
  • T1027.012 - LNK Icon Smuggling
  • T1140 - Deobfuscate/Decode Files or Information
  • T1047 - Windows Management Instrumentation
  • T1012 - Query Registry
  • T1082 - System Information Discovery
  • T1562.001 - Disable or Modify Tools
  • T1497.001 - System Checks
  • T1041 - Exfiltration Over C2 Channel
  • T1102.002 - Bidirectional Communication
  • T1033 - System Owner/User Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1027.015 - Compression
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1102 - Web Service
  • T1059.003 - Windows Command Shell
  • T1027.016 - Junk Code Insertion
  • T1105 - Ingress Tool Transfer
  • T1559.001 - Component Object Model
  • T1027.010 - Command Obfuscation
  • T1025 - Data from Removable Media
  • T1039 - Data from Network Shared Drive
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1001 - Data Obfuscation
  • T1027.004 - Compile After Delivery
  • T1112 - Modify Registry
  • T1620 - Reflective Code Loading
  • T1055 - Process Injection
  • T1071.001 - Web Protocols
  • T1518.001 - Security Software Discovery
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

FIN7

Score: 0.56
Matched TTPs:
  • T1583.006 - Web Services
  • T1140 - Deobfuscate/Decode Files or Information
  • T1210 - Exploitation of Remote Services
  • T1047 - Windows Management Instrumentation
  • T1082 - System Information Discovery
  • T1124 - System Time Discovery
  • T1219 - Remote Access Tools
  • T1102.002 - Bidirectional Communication
  • T1033 - System Owner/User Discovery
  • T1008 - Fallback Channels
  • T1005 - Data from Local System
  • T1021.001 - Remote Desktop Protocol
  • T1021.004 - SSH
  • T1608.001 - Upload Malware
  • T1543.003 - Windows Service
  • T1078.003 - Local Accounts
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1059.003 - Windows Command Shell
  • T1027.016 - Junk Code Insertion
  • T1105 - Ingress Tool Transfer
  • T1027.010 - Command Obfuscation
  • T1036.004 - Masquerade Task or Service
  • T1195.002 - Compromise Software Supply Chain
  • T1204.002 - Malicious File
  • T1620 - Reflective Code Loading
  • T1569.002 - Service Execution
  • T1059 - Command and Scripting Interpreter
  • T1674 - Input Injection
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1587.001 - Malware
  • T1497.002 - User Activity Based Checks
MITREへのリンク →

APT41

Score: 0.56
Matched TTPs:
  • T1014 - Rootkit
  • T1018 - Remote System Discovery
  • T1570 - Lateral Tool Transfer
  • T1003.003 - NTDS
  • T1047 - Windows Management Instrumentation
  • T1012 - Query Registry
  • T1082 - System Information Discovery
  • T1008 - Fallback Channels
  • T1033 - System Owner/User Discovery
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1021.001 - Remote Desktop Protocol
  • T1136.001 - Local Account
  • T1543.003 - Windows Service
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1059.003 - Windows Command Shell
  • T1560.001 - Archive via Utility
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
  • T1036.004 - Masquerade Task or Service
  • T1195.002 - Compromise Software Supply Chain
  • T1546.008 - Accessibility Features
  • T1070.004 - File Deletion
  • T1112 - Modify Registry
  • T1218.001 - Compiled HTML File
  • T1480.001 - Environmental Keying
  • T1055 - Process Injection
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1021.002 - SMB/Windows Admin Shares
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Volt Typhoon

Score: 0.55
Matched TTPs:
  • T1018 - Remote System Discovery
  • T1570 - Lateral Tool Transfer
  • T1218 - System Binary Proxy Execution
  • T1003.003 - NTDS
  • T1140 - Deobfuscate/Decode Files or Information
  • T1047 - Windows Management Instrumentation
  • T1552 - Unsecured Credentials
  • T1012 - Query Registry
  • T1124 - System Time Discovery
  • T1497.001 - System Checks
  • T1033 - System Owner/User Discovery
  • T1505.003 - Web Shell
  • T1010 - Application Window Discovery
  • T1005 - Data from Local System
  • T1021.001 - Remote Desktop Protocol
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1190 - Exploit Public-Facing Application
  • T1007 - System Service Discovery
  • T1552.004 - Private Keys
  • T1090.001 - Internal Proxy
  • T1059.003 - Windows Command Shell
  • T1560.001 - Archive via Utility
  • T1003.001 - LSASS Memory
  • T1105 - Ingress Tool Transfer
  • T1584.005 - Botnet
  • T1070.004 - File Deletion
  • T1112 - Modify Registry
  • T1584.004 - Server
  • T1074.001 - Local Data Staging
  • T1584.008 - Network Devices
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1057 - Process Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る