Trusted Design

Intrusions Affecting Multiple Victims Across Multiple Sectors

概要

The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that use multiple malware implants. Initial victims have been identified in several sectors including Information Technology, Energy, Healthcare, Communications, and Critical Manufacturing. According to preliminary analysis, threat actors appear to be leveraging stolen administrative credentials (local and domain) and certificates along with placing sophisticated malware implants on critical systems. Some of the campaign victims have been IT service providers where credential compromises could potentially be leveraged to access customer environments. Depending on the defensive mitigations in place, the threat actor could possibly gain full access to networks and data in a way that appears legitimate to existing monitoring tools.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 65.93
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1070.009 - Clear Persistence
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
  • T1053.002 - At
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sea Turtle

Score: 18.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ember Bear

Score: 42.24
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1564.008 - Email Hiding Rules
  • T1178 - SID-History Injection
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1564.013 - Bind Mounts
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 24.68
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1498 - Network Denial of Service
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Agrius

Score: 10.52
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
MITREへのリンク →

Contagious Interview

Score: 53.36
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1064 - Scripting
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sandworm Team

Score: 51.71
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1166 - Setuid and Setgid
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Star Blizzard

Score: 16.50
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

LAPSUS$

Score: 64.96
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1175 - Component Object Model and Distributed COM
  • T1556.008 - Network Provider DLL
  • T1596.004 - CDNs
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1132.002 - Non-Standard Encoding
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

APT39

Score: 13.13
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

Mustang Panda

Score: 51.57
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1567.002 - Exfiltration to Cloud Storage
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1071.001 - Web Protocols
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1556 - Modify Authentication Process
MITREへのリンク →

Tonto Team

Score: 6.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.001 - PowerShell
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 35.46
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1608.004 - Drive-by Target
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Suckfly

Score: 4.02
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1157 - Dylib Hijacking
MITREへのリンク →

BlackByte

Score: 35.70
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1175 - Component Object Model and Distributed COM
  • T1606.001 - Web Cookies
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 47.33
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1175 - Component Object Model and Distributed COM
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1197 - BITS Jobs
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sowbug

Score: 3.80
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1120 - Peripheral Device Discovery
MITREへのリンク →

Storm-0501

Score: 22.11
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1055.009 - Proc Memory
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Axiom

Score: 14.92
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 26.58
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1592.003 - Firmware
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Turla

Score: 39.50
Matched TTPs:
  • T1014 - Rootkit
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1176 - Software Extensions
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Volt Typhoon

Score: 47.78
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1065 - Uncommonly Used Port
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

ZIRCONIUM

Score: 11.28
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1120 - Peripheral Device Discovery
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 11.78
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1053.002 - At
MITREへのリンク →

APT42

Score: 27.62
Matched TTPs:
  • T1110.002 - Password Cracking
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1030 - Data Transfer Size Limits
  • T1506 - Web Session Cookie
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

MuddyWater

Score: 17.84
Matched TTPs:
  • T1178 - SID-History Injection
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Threat Group-3390

Score: 29.26
Matched TTPs:
  • T1178 - SID-History Injection
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

OilRig

Score: 47.15
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Leafminer

Score: 3.68
Matched TTPs:
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 11.56
Matched TTPs:
  • T1178 - SID-History Injection
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT29

Score: 37.28
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1202 - Indirect Command Execution
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1568 - Dynamic Resolution
  • T1556.008 - Network Provider DLL
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 14.23
Matched TTPs:
  • T1178 - SID-History Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Dragonfly

Score: 34.92
Matched TTPs:
  • T1178 - SID-History Injection
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1193 - Spearphishing Attachment
  • T1175 - Component Object Model and Distributed COM
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ke3chang

Score: 25.80
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN13

Score: 23.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1564.013 - Bind Mounts
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Moonstone Sleet

Score: 23.71
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.013 - XDG Autostart Entries
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 45.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1677 - Poisoned Pipeline Execution
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1567.002 - Exfiltration to Cloud Storage
  • T1570 - Lateral Tool Transfer
  • T1070.009 - Clear Persistence
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

UNC3886

Score: 27.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.013 - Bind Mounts
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1606 - Forge Web Credentials
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1055.015 - ListPlanting
MITREへのリンク →

LuminousMoth

Score: 9.98
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Salt Typhoon

Score: 11.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1498 - Network Denial of Service
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 21.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

RedCurl

Score: 22.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1608.004 - Drive-by Target
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1122 - Component Object Model Hijacking
  • T1574.010 - Services File Permissions Weakness
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
MITREへのリンク →

Moses Staff

Score: 6.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TeamTNT

Score: 23.25
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1547.006 - Kernel Modules and Extensions
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 35.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1065 - Uncommonly Used Port
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Scattered Spider

Score: 51.55
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1120 - Peripheral Device Discovery
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1556.008 - Network Provider DLL
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1498 - Network Denial of Service
  • T1027.002 - Software Packing
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

Tropic Trooper

Score: 14.13
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Medusa Group

Score: 36.58
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1552.003 - Shell History
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1598 - Phishing for Information
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

DarkVishnya

Score: 7.32
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

Aquatic Panda

Score: 26.63
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 19.21
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lotus Blossom

Score: 6.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT41

Score: 40.08
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1578.003 - Delete Cloud Instance
  • T1199 - Trusted Relationship
  • T1547.006 - Kernel Modules and Extensions
  • T1157 - Dylib Hijacking
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1030 - Data Transfer Size Limits
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1037.001 - Logon Script (Windows)
  • T1055.015 - ListPlanting
  • T1008 - Fallback Channels
MITREへのリンク →

Wizard Spider

Score: 30.74
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1589 - Gather Victim Identity Information
  • T1059.009 - Cloud API
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Blue Mockingbird

Score: 17.85
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1547.006 - Kernel Modules and Extensions
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

APT19

Score: 5.82
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

PROMETHIUM

Score: 4.60
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Carbanak

Score: 4.21
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT3

Score: 12.72
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Earth Lusca

Score: 20.14
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1546.016 - Installer Packages
MITREへのリンク →

Cobalt Group

Score: 9.77
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Cinnamon Tempest

Score: 11.27
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 5.60
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Darkhotel

Score: 16.82
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Gamaredon Group

Score: 31.42
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1175 - Component Object Model and Distributed COM
  • T1612 - Build Image on Host
  • T1606.001 - Web Cookies
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HAFNIUM

Score: 25.94
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1122 - Component Object Model Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1021.001 - Remote Desktop Protocol
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 21.18
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1578.003 - Delete Cloud Instance
  • T1677 - Poisoned Pipeline Execution
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1070.009 - Clear Persistence
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 13.36
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1070.009 - Clear Persistence
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Chimera

Score: 31.53
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1574 - Hijack Execution Flow
  • T1592.003 - Firmware
  • T1570 - Lateral Tool Transfer
  • T1166 - Setuid and Setgid
  • T1059.003 - Windows Command Shell
  • T1070.009 - Clear Persistence
  • T1132.002 - Non-Standard Encoding
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

admin@338

Score: 3.73
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
MITREへのリンク →

APT1

Score: 10.63
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

Windigo

Score: 3.95
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1159 - Launch Agent
MITREへのリンク →

HEXANE

Score: 21.91
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1547.005 - Security Support Provider
  • T1583.006 - Web Services
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA2541

Score: 10.96
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 19.48
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1547.006 - Kernel Modules and Extensions
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

APT37

Score: 7.12
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Inception

Score: 8.84
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1612 - Build Image on Host
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

Higaisa

Score: 6.57
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1567.002 - Exfiltration to Cloud Storage
MITREへのリンク →

CURIUM

Score: 6.25
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1547.008 - LSASS Driver
MITREへのリンク →

Malteiro

Score: 5.63
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1552.003 - Shell History
  • T1506 - Web Session Cookie
MITREへのリンク →

Sidewinder

Score: 11.77
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Magic Hound

Score: 47.71
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1059.009 - Cloud API
  • T1564.013 - Bind Mounts
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

Daggerfly

Score: 9.98
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

SideCopy

Score: 15.51
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1053.002 - At
MITREへのリンク →

APT18

Score: 4.79
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN8

Score: 14.64
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

Winter Vivern

Score: 10.51
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Patchwork

Score: 11.23
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1008 - Fallback Channels
MITREへのリンク →

Windshift

Score: 10.67
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

Stealth Falcon

Score: 8.58
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

IndigoZebra

Score: 4.29
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 7.73
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 11.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1166 - Setuid and Setgid
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BITTER

Score: 3.60
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Saint Bear

Score: 12.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

EXOTIC LILY

Score: 7.02
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1547.008 - LSASS Driver
MITREへのリンク →

BackdoorDiplomacy

Score: 5.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

GOLD SOUTHFIELD

Score: 10.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Fox Kitten

Score: 15.02
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1570 - Lateral Tool Transfer
  • T1547.013 - XDG Autostart Entries
  • T1588.005 - Exploits
MITREへのリンク →

ToddyCat

Score: 9.70
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
  • T1547.008 - LSASS Driver
MITREへのリンク →

GALLIUM

Score: 4.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

INC Ransom

Score: 19.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1055.009 - Proc Memory
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Silence

Score: 11.94
Matched TTPs:
  • T1059.009 - Cloud API
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Gorgon Group

Score: 5.25
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Metador

Score: 5.47
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 8.60
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1037.001 - Logon Script (Windows)
MITREへのリンク →

FIN6

Score: 15.64
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 9.88
Matched TTPs:
  • T1552.003 - Shell History
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1601 - Modify System Image
MITREへのリンク →

Threat Group-1314

Score: 5.57
Matched TTPs:
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1166 - Setuid and Setgid
MITREへのリンク →

POLONIUM

Score: 5.02
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
MITREへのリンク →

FIN4

Score: 5.56
Matched TTPs:
  • T1574.010 - Services File Permissions Weakness
  • T1157 - Dylib Hijacking
MITREへのリンク →

Storm-1811

Score: 15.34
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1578.002 - Create Cloud Instance
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN5

Score: 3.65
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN10

Score: 6.32
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1157 - Dylib Hijacking
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Velvet Ant

Score: 10.99
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Naikon

Score: 4.19
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1506 - Web Session Cookie
MITREへのリンク →

The White Company

Score: 3.28
Matched TTPs:
  • T1506 - Web Session Cookie
  • T1070.009 - Clear Persistence
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

Transparent Tribe

Score: 3.29
Matched TTPs:
  • T1053.002 - At
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

LAPSUS$

Score: 0.83
Matched TTPs:
  • T1592.003 - Firmware
  • T1065 - Uncommonly Used Port
  • T1216.001 - PubPrn
  • T1157 - Dylib Hijacking
  • T1547.005 - Security Support Provider
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1199 - Trusted Relationship
  • T1556.008 - Network Provider DLL
  • T1132.002 - Non-Standard Encoding
  • T1030 - Data Transfer Size Limits
  • T1601 - Modify System Image
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1024 - Custom Cryptographic Protocol
  • T1019 - System Firmware
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
  • T1136.002 - Domain Account
  • T1596.004 - CDNs
MITREへのリンク →

Kimsuky

Score: 0.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1059.009 - Cloud API
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1506 - Web Session Cookie
  • T1583.006 - Web Services
  • T1176.001 - Browser Extensions
  • T1055.014 - VDSO Hijacking
  • T1552.003 - Shell History
  • T1008 - Fallback Channels
  • T1091 - Replication Through Removable Media
  • T1132.002 - Non-Standard Encoding
  • T1030 - Data Transfer Size Limits
  • T1547.013 - XDG Autostart Entries
  • T1490 - Inhibit System Recovery
  • T1126 - Network Share Connection Removal
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1024 - Custom Cryptographic Protocol
  • T1003.003 - NTDS
  • T1197 - BITS Jobs
  • T1053.002 - At
  • T1003.007 - Proc Filesystem
MITREへのリンク →

Sandworm Team

Score: 0.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1157 - Dylib Hijacking
  • T1564.008 - Email Hiding Rules
  • T1573 - Encrypted Channel
  • T1546.016 - Installer Packages
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
  • T1193 - Spearphishing Attachment
  • T1547.013 - XDG Autostart Entries
  • T1122 - Component Object Model Hijacking
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1049 - System Network Connections Discovery
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1187 - Forced Authentication
  • T1484.002 - Trust Modification
  • T1005 - Data from Local System
  • T1166 - Setuid and Setgid
MITREへのリンク →

Contagious Interview

Score: 0.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1221 - Template Injection
  • T1597 - Search Closed Sources
  • T1547.005 - Security Support Provider
  • T1218.008 - Odbcconf
  • T1175 - Component Object Model and Distributed COM
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
  • T1044 - File System Permissions Weakness
  • T1021.006 - Windows Remote Management
  • T1547.008 - LSASS Driver
  • T1030 - Data Transfer Size Limits
  • T1556 - Modify Authentication Process
  • T1126 - Network Share Connection Removal
  • T1033 - System Owner/User Discovery
  • T1064 - Scripting
MITREへのリンク →

Scattered Spider

Score: 0.66
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1120 - Peripheral Device Discovery
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1027.002 - Software Packing
  • T1019 - System Firmware
  • T1021.001 - Remote Desktop Protocol
  • T1199 - Trusted Relationship
  • T1136.002 - Domain Account
  • T1498 - Network Denial of Service
  • T1588.005 - Exploits
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1556.008 - Network Provider DLL
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1547.005 - Security Support Provider
  • T1552.003 - Shell History
MITREへのリンク →

Mustang Panda

Score: 0.66
Matched TTPs:
  • T1071.001 - Web Protocols
  • T1606.002 - SAML Tokens
  • T1136.001 - Local Account
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1567.002 - Exfiltration to Cloud Storage
  • T1583.006 - Web Services
  • T1612 - Build Image on Host
  • T1055.005 - Thread Local Storage
  • T1677 - Poisoned Pipeline Execution
  • T1091 - Replication Through Removable Media
  • T1597.002 - Purchase Technical Data
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1159 - Launch Agent
  • T1024 - Custom Cryptographic Protocol
  • T1169 - Sudo
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1175 - Component Object Model and Distributed COM
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1592.003 - Firmware
  • T1024 - Custom Cryptographic Protocol
  • T1070.009 - Clear Persistence
  • T1021.001 - Remote Desktop Protocol
  • T1199 - Trusted Relationship
  • T1597.002 - Purchase Technical Data
  • T1197 - BITS Jobs
  • T1546.007 - Netsh Helper DLL
  • T1139 - Bash History
  • T1583.006 - Web Services
  • T1566.003 - Spearphishing via Service
  • T1157 - Dylib Hijacking
  • T1547.013 - XDG Autostart Entries
  • T1685.001 - Disable or Modify Windows Event Log
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1065 - Uncommonly Used Port
  • T1570 - Lateral Tool Transfer
  • T1059.009 - Cloud API
  • T1157 - Dylib Hijacking
  • T1547.005 - Security Support Provider
  • T1546.016 - Installer Packages
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1176 - Software Extensions
  • T1583.006 - Web Services
  • T1685.001 - Disable or Modify Windows Event Log
  • T1164 - Re-opened Applications
  • T1547.013 - XDG Autostart Entries
  • T1049 - System Network Connections Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1159 - Launch Agent
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1166 - Setuid and Setgid
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1592.003 - Firmware
  • T1578.002 - Create Cloud Instance
  • T1597 - Search Closed Sources
  • T1059.009 - Cloud API
  • T1547.005 - Security Support Provider
  • T1098.002 - Additional Email Delegate Permissions
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1583.006 - Web Services
  • T1564.013 - Bind Mounts
  • T1547.008 - LSASS Driver
  • T1070.003 - Clear Command History
  • T1547.013 - XDG Autostart Entries
  • T1140 - Deobfuscate/Decode Files or Information
  • T1187 - Forced Authentication
  • T1024 - Custom Cryptographic Protocol
  • T1053.002 - At
  • T1166 - Setuid and Setgid
MITREへのリンク →

Lazarus Group

Score: 0.61
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1157 - Dylib Hijacking
  • T1606.001 - Web Cookies
  • T1546.016 - Installer Packages
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1055.015 - ListPlanting
  • T1567.002 - Exfiltration to Cloud Storage
  • T1583.006 - Web Services
  • T1176.001 - Browser Extensions
  • T1216 - System Script Proxy Execution
  • T1055.005 - Thread Local Storage
  • T1677 - Poisoned Pipeline Execution
  • T1547.008 - LSASS Driver
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
MITREへのリンク →

OilRig

Score: 0.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1570 - Lateral Tool Transfer
  • T1059.009 - Cloud API
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1120 - Peripheral Device Discovery
  • T1070.009 - Clear Persistence
  • T1199 - Trusted Relationship
  • T1055.015 - ListPlanting
  • T1583.006 - Web Services
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1547.008 - LSASS Driver
  • T1178 - SID-History Injection
  • T1547.013 - XDG Autostart Entries
  • T1556 - Modify Authentication Process
  • T1024 - Custom Cryptographic Protocol
  • T1562.009 - Safe Mode Boot
  • T1005 - Data from Local System
  • T1003.007 - Proc Filesystem
  • T1166 - Setuid and Setgid
MITREへのリンク →

Turla

Score: 0.56
Matched TTPs:
  • T1546.016 - Installer Packages
  • T1120 - Peripheral Device Discovery
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1506 - Web Session Cookie
  • T1597 - Search Closed Sources
  • T1176 - Software Extensions
  • T1570 - Lateral Tool Transfer
  • T1014 - Rootkit
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1612 - Build Image on Host
  • T1547.013 - XDG Autostart Entries
  • T1003.007 - Proc Filesystem
  • T1556.009 - Conditional Access Policies
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT41

Score: 0.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1008 - Fallback Channels
  • T1120 - Peripheral Device Discovery
  • T1578.003 - Delete Cloud Instance
  • T1070.009 - Clear Persistence
  • T1027.007 - Dynamic API Resolution
  • T1199 - Trusted Relationship
  • T1055.015 - ListPlanting
  • T1547.006 - Kernel Modules and Extensions
  • T1030 - Data Transfer Size Limits
  • T1037.001 - Logon Script (Windows)
  • T1570 - Lateral Tool Transfer
  • T1059.009 - Cloud API
  • T1157 - Dylib Hijacking
  • T1176.001 - Browser Extensions
  • T1547.013 - XDG Autostart Entries
  • T1573 - Encrypted Channel
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る