Trusted Design

AURIGA (FAMILY)

概要

The AURIGA malware family shares a large amount of functionality with the BANGAT backdoor. The malware family contains functionality for keystroke logging, creating and killing processes, performing file system and registry modifications, spawning interactive command shells, performing process injection, logging off the current user or shutting down the local machine. The AURIGA malware contains a driver component which is used to inject the malware DLL into other processes. This driver can also perform process and IP connection hiding. The malware family will create a copy of cmd.exe to perform its C2 activity, and replace the "Microsoft corp" strings in the cmd.exe binary with different values. The malware family typically maintains persistence through installing itself as a service.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 31.72
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 33.50
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1555 - Credentials from Password Stores
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT19

Score: 11.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Kimsuky

Score: 38.72
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1496.004 - Cloud Service Hijacking
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1027.014 - Polymorphic Code
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

UNC3886

Score: 18.80
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Carbanak

Score: 7.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
MITREへのリンク →

APT3

Score: 14.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Magic Hound

Score: 10.80
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
MITREへのリンク →

TA551

Score: 7.02
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.012 - Verclsid
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Blue Mockingbird

Score: 19.35
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1204 - User Execution
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

Wizard Spider

Score: 24.05
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1587 - Develop Capabilities
MITREへのリンク →

APT32

Score: 33.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1608.004 - Drive-by Target
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Lazarus Group

Score: 49.19
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1050 - New Service
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1587 - Develop Capabilities
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 20.14
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1587 - Develop Capabilities
MITREへのリンク →

APT41

Score: 39.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1177 - LSASS Driver
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1008 - Fallback Channels
MITREへのリンク →

Sandworm Team

Score: 16.83
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT28

Score: 35.95
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1205.001 - Port Knocking
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1588.003 - Code Signing Certificates
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

HAFNIUM

Score: 12.59
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT38

Score: 42.77
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1685.002 - Disable or Modify Cloud Log
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1059.005 - Visual Basic
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Daggerfly

Score: 7.46
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 16.02
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1608.004 - Drive-by Target
  • T1679 - Selective Exclusion
  • T1574.010 - Services File Permissions Weakness
  • T1070.009 - Clear Persistence
MITREへのリンク →

LazyScripter

Score: 7.94
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
MITREへのリンク →

Aquatic Panda

Score: 15.31
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
MITREへのリンク →

Storm-0501

Score: 8.25
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

MuddyWater

Score: 23.56
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1547.012 - Print Processors
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustang Panda

Score: 40.57
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1588.006 - Vulnerabilities
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1593.002 - Search Engines
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
MITREへのリンク →

Rocke

Score: 24.19
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 23.40
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Turla

Score: 41.53
Matched TTPs:
  • T1014 - Rootkit
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1684 - Social Engineering
  • T1021 - Remote Services
  • T1059.009 - Cloud API
  • T1003.001 - LSASS Memory
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 21.03
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1686.002 - Network Device Firewall
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

BRONZE BUTLER

Score: 11.87
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1008 - Fallback Channels
MITREへのリンク →

TA2541

Score: 16.60
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 7.50
Matched TTPs:
  • T1218.013 - Mavinject
  • T1110.002 - Password Cracking
  • T1059.009 - Cloud API
MITREへのリンク →

Storm-1811

Score: 7.75
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1205.001 - Port Knocking
  • T1679 - Selective Exclusion
MITREへのリンク →

Indrik Spider

Score: 12.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1498 - Network Denial of Service
MITREへのリンク →

WIRTE

Score: 5.45
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Patchwork

Score: 12.39
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1008 - Fallback Channels
MITREへのリンク →

Earth Lusca

Score: 12.79
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
MITREへのリンク →

BackdoorDiplomacy

Score: 6.52
Matched TTPs:
  • T1218.013 - Mavinject
  • T1136.002 - Domain Account
  • T1587 - Develop Capabilities
MITREへのリンク →

Akira

Score: 5.53
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
MITREへのリンク →

APT29

Score: 25.03
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1177 - LSASS Driver
  • T1218.012 - Verclsid
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1546.018 - Python Startup Hooks
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 17.83
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1059.003 - Windows Command Shell
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Ke3chang

Score: 14.20
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tropic Trooper

Score: 25.00
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1590.003 - Network Trust Dependencies
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

PROMETHIUM

Score: 6.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1679 - Selective Exclusion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

INC Ransom

Score: 9.30
Matched TTPs:
  • T1218.013 - Mavinject
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LuminousMoth

Score: 11.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1679 - Selective Exclusion
MITREへのリンク →

OilRig

Score: 17.78
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
MITREへのリンク →

Machete

Score: 4.42
Matched TTPs:
  • T1218.013 - Mavinject
  • T1685.002 - Disable or Modify Cloud Log
MITREへのリンク →

Darkhotel

Score: 9.95
Matched TTPs:
  • T1218.013 - Mavinject
  • T1058 - Service Registry Permissions Weakness
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 5.11
Matched TTPs:
  • T1218.013 - Mavinject
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
MITREへのリンク →

Sidewinder

Score: 7.69
Matched TTPs:
  • T1218.013 - Mavinject
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

menuPass

Score: 16.13
Matched TTPs:
  • T1218.013 - Mavinject
  • T1588.006 - Vulnerabilities
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1174 - Password Filter DLL
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ember Bear

Score: 10.10
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT39

Score: 28.81
Matched TTPs:
  • T1218.013 - Mavinject
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1021 - Remote Services
  • T1679 - Selective Exclusion
  • T1570 - Lateral Tool Transfer
  • T1564.007 - VBA Stomping
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 13.29
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 6.49
Matched TTPs:
  • T1218.013 - Mavinject
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1070.009 - Clear Persistence
MITREへのリンク →

Silence

Score: 12.70
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Fox Kitten

Score: 9.00
Matched TTPs:
  • T1218.013 - Mavinject
  • T1177 - LSASS Driver
  • T1570 - Lateral Tool Transfer
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ToddyCat

Score: 4.94
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1583.006 - Web Services
MITREへのリンク →

SideCopy

Score: 5.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1590.003 - Network Trust Dependencies
  • T1218.012 - Verclsid
MITREへのリンク →

FIN13

Score: 8.35
Matched TTPs:
  • T1218.013 - Mavinject
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 7.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Contagious Interview

Score: 18.39
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1679 - Selective Exclusion
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1059.006 - Python
  • T1070.009 - Clear Persistence
  • T1651 - Cloud Administration Command
MITREへのリンク →

Salt Typhoon

Score: 5.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1498 - Network Denial of Service
MITREへのリンク →

Play

Score: 9.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 8.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Medusa Group

Score: 32.14
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1547.012 - Print Processors
  • T1590.003 - Network Trust Dependencies
  • T1586.002 - Email Accounts
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

DarkVishnya

Score: 4.53
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
MITREへのリンク →

Lotus Blossom

Score: 6.00
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BlackByte

Score: 19.40
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Threat Group-3390

Score: 16.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Agrius

Score: 5.30
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
MITREへのリンク →

Cobalt Group

Score: 17.94
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1586.002 - Email Accounts
  • T1684 - Social Engineering
  • T1518.002 - Backup Software Discovery
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Cinnamon Tempest

Score: 3.50
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Molerats

Score: 10.73
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1546.017 - Udev Rules
MITREへのリンク →

Rancor

Score: 6.12
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1204 - User Execution
MITREへのリンク →

ZIRCONIUM

Score: 10.35
Matched TTPs:
  • T1685.002 - Disable or Modify Cloud Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1679 - Selective Exclusion
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Higaisa

Score: 11.22
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Gorgon Group

Score: 16.44
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1059.009 - Cloud API
  • T1114.003 - Email Forwarding Rule
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
MITREへのリンク →

BlackTech

Score: 3.78
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 12.58
Matched TTPs:
  • T1590.003 - Network Trust Dependencies
  • T1684 - Social Engineering
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Leviathan

Score: 19.55
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Malteiro

Score: 4.50
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1587 - Develop Capabilities
MITREへのリンク →

PLATINUM

Score: 7.00
Matched TTPs:
  • T1684 - Social Engineering
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Dragonfly

Score: 10.49
Matched TTPs:
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Saint Bear

Score: 7.17
Matched TTPs:
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN8

Score: 10.58
Matched TTPs:
  • T1059.009 - Cloud API
  • T1027.017 - SVG Smuggling
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
MITREへのリンク →

Deep Panda

Score: 7.55
Matched TTPs:
  • T1177 - LSASS Driver
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Axiom

Score: 9.32
Matched TTPs:
  • T1177 - LSASS Driver
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

LAPSUS$

Score: 4.80
Matched TTPs:
  • T1136.002 - Domain Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Metador

Score: 6.67
Matched TTPs:
  • T1136.002 - Domain Account
  • T1204 - User Execution
  • T1070.009 - Clear Persistence
MITREへのリンク →

Andariel

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

Scattered Spider

Score: 13.27
Matched TTPs:
  • T1136.002 - Domain Account
  • T1686.002 - Network Device Firewall
  • T1597 - Search Closed Sources
  • T1498 - Network Denial of Service
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

Inception

Score: 9.30
Matched TTPs:
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1679 - Selective Exclusion
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 5.04
Matched TTPs:
  • T1218.012 - Verclsid
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

CURIUM

Score: 3.84
Matched TTPs:
  • T1205.001 - Port Knocking
MITREへのリンク →

Stealth Falcon

Score: 3.75
Matched TTPs:
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

HEXANE

Score: 4.35
Matched TTPs:
  • T1583.006 - Web Services
  • T1204 - User Execution
MITREへのリンク →

APT33

Score: 5.53
Matched TTPs:
  • T1204 - User Execution
  • T1679 - Selective Exclusion
  • T1218.010 - Regsvr32
MITREへのリンク →

RTM

Score: 4.49
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1008 - Fallback Channels
MITREへのリンク →

FIN6

Score: 9.12
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Putter Panda

Score: 5.93
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1597 - Search Closed Sources
  • T1587 - Develop Capabilities
MITREへのリンク →

Dark Caracal

Score: 3.26
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN10

Score: 5.25
Matched TTPs:
  • T1679 - Selective Exclusion
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN4

Score: 4.13
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Sea Turtle

Score: 6.99
Matched TTPs:
  • T1686.002 - Network Device Firewall
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

GALLIUM

Score: 5.34
Matched TTPs:
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

The White Company

Score: 4.93
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.78
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1218.010 - Regsvr32
  • T1583.006 - Web Services
  • T1583 - Acquire Infrastructure
  • T1606.002 - SAML Tokens
  • T1218.012 - Verclsid
  • T1590.003 - Network Trust Dependencies
  • T1069.001 - Local Groups
  • T1070.009 - Clear Persistence
  • T1174 - Password Filter DLL
  • T1055.005 - Thread Local Storage
  • T1070.008 - Clear Mailbox Data
  • T1587 - Develop Capabilities
  • T1216 - System Script Proxy Execution
  • T1176.001 - Browser Extensions
  • T1679 - Selective Exclusion
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1597 - Search Closed Sources
  • T1050 - New Service
MITREへのリンク →

Turla

Score: 0.70
Matched TTPs:
  • T1136.002 - Domain Account
  • T1204 - User Execution
  • T1021 - Remote Services
  • T1570 - Lateral Tool Transfer
  • T1590.003 - Network Trust Dependencies
  • T1014 - Rootkit
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1587 - Develop Capabilities
  • T1684 - Social Engineering
  • T1597 - Search Closed Sources
  • T1606.002 - SAML Tokens
  • T1490 - Inhibit System Recovery
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1003.001 - LSASS Memory
  • T1218.013 - Mavinject
MITREへのリンク →

APT38

Score: 0.67
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1218.012 - Verclsid
  • T1590.003 - Network Trust Dependencies
  • T1070.009 - Clear Persistence
  • T1059.005 - Visual Basic
  • T1059.010 - AutoHotKey & AutoIT
  • T1537 - Transfer Data to Cloud Account
  • T1583.006 - Web Services
  • T1174 - Password Filter DLL
  • T1216 - System Script Proxy Execution
  • T1684 - Social Engineering
  • T1583 - Acquire Infrastructure
  • T1597 - Search Closed Sources
  • T1685.002 - Disable or Modify Cloud Log
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1503 - Credentials from Web Browsers
MITREへのリンク →

APT41

Score: 0.64
Matched TTPs:
  • T1008 - Fallback Channels
  • T1499.001 - OS Exhaustion Flood
  • T1570 - Lateral Tool Transfer
  • T1218.010 - Regsvr32
  • T1027.007 - Dynamic API Resolution
  • T1177 - LSASS Driver
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1037.001 - Logon Script (Windows)
  • T1686.002 - Network Device Firewall
  • T1684 - Social Engineering
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.013 - Mavinject
MITREへのリンク →

Mustang Panda

Score: 0.62
Matched TTPs:
  • T1204 - User Execution
  • T1218.012 - Verclsid
  • T1590.003 - Network Trust Dependencies
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1003 - OS Credential Dumping
  • T1058 - Service Registry Permissions Weakness
  • T1583.006 - Web Services
  • T1588.006 - Vulnerabilities
  • T1548.006 - TCC Manipulation
  • T1593.002 - Search Engines
  • T1606.002 - SAML Tokens
  • T1679 - Selective Exclusion
  • T1055.005 - Thread Local Storage
  • T1218.013 - Mavinject
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1218.012 - Verclsid
  • T1059.010 - AutoHotKey & AutoIT
  • T1586.002 - Email Accounts
  • T1058 - Service Registry Permissions Weakness
  • T1583.006 - Web Services
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1606.002 - SAML Tokens
  • T1555 - Credentials from Password Stores
  • T1490 - Inhibit System Recovery
  • T1679 - Selective Exclusion
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.013 - Mavinject
MITREへのリンク →

Kimsuky

Score: 0.61
Matched TTPs:
  • T1008 - Fallback Channels
  • T1570 - Lateral Tool Transfer
  • T1218.012 - Verclsid
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
  • T1583.006 - Web Services
  • T1684 - Social Engineering
  • T1583 - Acquire Infrastructure
  • T1597 - Search Closed Sources
  • T1176.001 - Browser Extensions
  • T1606.002 - SAML Tokens
  • T1496.004 - Cloud Service Hijacking
  • T1490 - Inhibit System Recovery
  • T1059.009 - Cloud API
  • T1679 - Selective Exclusion
  • T1218.013 - Mavinject
MITREへのリンク →

Medusa Group

Score: 0.56
Matched TTPs:
  • T1547.012 - Print Processors
  • T1027.007 - Dynamic API Resolution
  • T1590.003 - Network Trust Dependencies
  • T1070.009 - Clear Persistence
  • T1586.002 - Email Accounts
  • T1537 - Transfer Data to Cloud Account
  • T1094 - Custom Command and Control Protocol
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1216 - System Script Proxy Execution
  • T1597 - Search Closed Sources
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1059.010 - AutoHotKey & AutoIT
  • T1058 - Service Registry Permissions Weakness
  • T1583.006 - Web Services
  • T1548.006 - TCC Manipulation
  • T1583 - Acquire Infrastructure
  • T1548.004 - Elevated Execution with Prompt
  • T1588.003 - Code Signing Certificates
  • T1055.008 - Ptrace System Calls
  • T1205.001 - Port Knocking
  • T1679 - Selective Exclusion
  • T1218.013 - Mavinject
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る