Trusted Design

TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind

概要

Activity involving the cross-platform Adwind family Remote Access Trojan was observed in June 2017 by Trend Micro. Targets in this case were aerospace industry enterprises with Switzerland, Ukraine, Austria and the U.S most heavily targeted. The threat instantiates the usual array of RAT functionality – steal credentials, log keystrokes, take pictures and screenshots, exfiltrate data and more. Delivery tactics included a typical style of malicious spam with links to download a PIF (Program Information File) which is a .NET binary that downloads the Adwind malware.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Cinnamon Tempest

Score: 12.75
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Medusa Group

Score: 44.54
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1650 - Acquire Access
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

menuPass

Score: 25.25
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

INC Ransom

Score: 21.12
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Gamaredon Group

Score: 76.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1480 - Execution Guardrails
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

APT32

Score: 56.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1216.001 - PubPrn
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Mustang Panda

Score: 78.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1557 - Adversary-in-the-Middle
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

MuddyWater

Score: 54.02
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Wizard Spider

Score: 41.28
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1547.004 - Winlogon Helper DLL
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Leviathan

Score: 47.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1534 - Internal Spearphishing
  • T1218.010 - Regsvr32
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Velvet Ant

Score: 22.47
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1040 - Network Sniffing
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

FIN7

Score: 57.82
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

GALLIUM

Score: 14.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 60.10
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1069 - Permission Groups Discovery
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1112 - Modify Registry
  • T1584.005 - Botnet
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1614 - System Location Discovery
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
MITREへのリンク →

Blue Mockingbird

Score: 15.32
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 9.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Lazarus Group

Score: 71.56
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1010 - Application Window Discovery
  • T1090.002 - External Proxy
  • T1070 - Indicator Removal
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Lotus Blossom

Score: 12.13
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sandworm Team

Score: 64.51
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1591.002 - Business Relationships
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1499 - Endpoint Denial of Service
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 39.67
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Indrik Spider

Score: 23.39
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 23.68
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Stealth Falcon

Score: 8.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Aquatic Panda

Score: 21.94
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT29

Score: 41.57
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1583.006 - Web Services
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1078.003 - Local Accounts
MITREへのリンク →

OilRig

Score: 61.36
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Windshift

Score: 19.43
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 17.69
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

ToddyCat

Score: 13.64
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 11.49
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
MITREへのリンク →

Threat Group-3390

Score: 44.92
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1021.006 - Windows Remote Management
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1030 - Data Transfer Size Limits
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 17.97
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Ember Bear

Score: 33.95
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

Chimera

Score: 29.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1021.006 - Windows Remote Management
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 40.66
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1003 - OS Credential Dumping
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1112 - Modify Registry
  • T1480 - Execution Guardrails
  • T1491.001 - Internal Defacement
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 33.33
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1069 - Permission Groups Discovery
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1021.006 - Windows Remote Management
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Magic Hound

Score: 55.77
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1113 - Screen Capture
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT41

Score: 42.03
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1014 - Rootkit
  • T1069 - Permission Groups Discovery
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1546.008 - Accessibility Features
  • T1562.006 - Indicator Blocking
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1030 - Data Transfer Size Limits
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 27.01
Matched TTPs:
  • T1047 - Windows Management Instrumentation
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1102 - Web Service
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Dragonfly

Score: 40.08
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1112 - Modify Registry
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 27.46
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 91.16
Matched TTPs:
  • T1113 - Screen Capture
  • T1003 - OS Credential Dumping
  • T1014 - Rootkit
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1557.004 - Evil Twin
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1546.015 - Component Object Model Hijacking
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1030 - Data Transfer Size Limits
  • T1564.003 - Hidden Window
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

MoustachedBouncer

Score: 6.82
Matched TTPs:
  • T1113 - Screen Capture
  • T1659 - Content Injection
MITREへのリンク →

GOLD SOUTHFIELD

Score: 12.56
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1566 - Phishing
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

Winter Vivern

Score: 23.04
Matched TTPs:
  • T1113 - Screen Capture
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Silence

Score: 14.20
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT39

Score: 32.90
Matched TTPs:
  • T1113 - Screen Capture
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Kimsuky

Score: 84.99
Matched TTPs:
  • T1113 - Screen Capture
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1176.001 - Browser Extensions
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1564.003 - Hidden Window
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1078.003 - Local Accounts
MITREへのリンク →

Dark Caracal

Score: 7.36
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sea Turtle

Score: 20.26
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1566 - Phishing
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1078.003 - Local Accounts
MITREへのリンク →

Agrius

Score: 16.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1078.002 - Domain Accounts
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Contagious Interview

Score: 47.71
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1497 - Virtualization/Sandbox Evasion
  • T1657 - Financial Theft
  • T1480 - Execution Guardrails
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1543.001 - Launch Agent
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Star Blizzard

Score: 13.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
MITREへのリンク →

TA577

Score: 6.65
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 25.67
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195.002 - Compromise Software Supply Chain
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Turla

Score: 66.55
Matched TTPs:
  • T1564.012 - File/Path Exclusions
  • T1016.001 - Internet Connection Discovery
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

Poseidon Group

Score: 6.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Tonto Team

Score: 13.75
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-0501

Score: 19.12
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1021.006 - Windows Remote Management
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1518.001 - Security Software Discovery
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Axiom

Score: 28.24
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1566 - Phishing
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1563.002 - RDP Hijacking
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Winnti Group

Score: 5.58
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Rocke

Score: 18.46
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 27.33
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 28.06
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

HEXANE

Score: 25.74
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

HAFNIUM

Score: 23.19
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

ZIRCONIUM

Score: 26.79
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 14.89
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Scattered Spider

Score: 30.14
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1598 - Phishing for Information
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

TA505

Score: 31.17
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078.002 - Domain Accounts
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT3

Score: 23.98
Matched TTPs:
  • T1069 - Permission Groups Discovery
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

LuminousMoth

Score: 24.03
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.004 - Drive-by Target
  • T1091 - Replication Through Removable Media
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1030 - Data Transfer Size Limits
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 10.19
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 21.32
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1657 - Financial Theft
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1030 - Data Transfer Size Limits
  • T1078.002 - Domain Accounts
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 12.68
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1091 - Replication Through Removable Media
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 16.25
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1102 - Web Service
  • T1056.002 - GUI Input Capture
  • T1039 - Data from Network Shared Drive
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 17.04
Matched TTPs:
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Cobalt Group

Score: 26.28
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Sidewinder

Score: 23.46
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1598.002 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 15.39
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1057 - Process Discovery
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gallmaker

Score: 4.41
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

BITTER

Score: 13.12
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 21.67
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Malteiro

Score: 7.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 9.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 8.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 10.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

WIRTE

Score: 7.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 8.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 3.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 18.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.004 - Drive-by Target
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 29.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1078.003 - Local Accounts
MITREへのリンク →

DarkHydrus

Score: 4.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 10.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 16.40
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

PROMETHIUM

Score: 5.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1078.003 - Local Accounts
MITREへのリンク →

Higaisa

Score: 16.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1564.003 - Hidden Window
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 8.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 8.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 25.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1588.002 - Tool
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 13.54
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102 - Web Service
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 12.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 15.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Whitefly

Score: 4.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 7.02
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 10.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1564.003 - Hidden Window
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 14.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1564.003 - Hidden Window
  • T1189 - Drive-by Compromise
MITREへのリンク →

SideCopy

Score: 18.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1614 - System Location Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 7.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Andariel

Score: 16.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 32.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1565.003 - Runtime Data Manipulation
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Molerats

Score: 14.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 5.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 25.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1566.001 - Spearphishing Attachment
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

The White Company

Score: 5.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

IndigoZebra

Score: 5.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 16.20
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1040 - Network Sniffing
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Confucius

Score: 8.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 13.17
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 11.69
Matched TTPs:
  • T1497.001 - System Checks
  • T1566.002 - Spearphishing Link
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT1

Score: 11.32
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Silent Librarian

Score: 3.31
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
MITREへのリンク →

Daggerfly

Score: 16.92
Matched TTPs:
  • T1574.001 - DLL
  • T1195.002 - Compromise Software Supply Chain
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BackdoorDiplomacy

Score: 7.29
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT5

Score: 18.52
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
  • T1070 - Indicator Removal
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

DarkVishnya

Score: 6.48
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Fox Kitten

Score: 21.56
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1012 - Query Registry
  • T1105 - Ingress Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

Volatile Cedar

Score: 4.84
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Akira

Score: 12.69
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
MITREへのリンク →

LAPSUS$

Score: 22.70
Matched TTPs:
  • T1591.002 - Business Relationships
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1531 - Account Access Removal
  • T1589.001 - Credentials
  • T1213.005 - Messaging Applications
MITREへのリンク →

Metador

Score: 6.92
Matched TTPs:
  • T1588.001 - Malware
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 4.54
Matched TTPs:
  • T1542.002 - Component Firmware
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1657 - Financial Theft
  • T1566 - Phishing
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Thrip

Score: 6.52
Matched TTPs:
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN10

Score: 7.40
Matched TTPs:
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

CopyKittens

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1564.003 - Hidden Window
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.003 - Hidden Window
  • T1595.002 - Vulnerability Scanning
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1583.006 - Web Services
  • T1190 - Exploit Public-Facing Application
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1584.008 - Network Devices
  • T1557.004 - Evil Twin
  • T1003 - OS Credential Dumping
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1102.002 - Bidirectional Communication
  • T1091 - Replication Through Removable Media
  • T1030 - Data Transfer Size Limits
  • T1014 - Rootkit
  • T1025 - Data from Removable Media
  • T1559.002 - Dynamic Data Exchange
  • T1669 - Wi-Fi Networks
  • T1203 - Exploitation for Client Execution
  • T1211 - Exploitation for Defense Evasion
  • T1039 - Data from Network Shared Drive
  • T1090.002 - External Proxy
  • T1598.003 - Spearphishing Link
  • T1546.015 - Component Object Model Hijacking
  • T1598 - Phishing for Information
  • T1036 - Masquerading
  • T1204.001 - Malicious Link
  • T1113 - Screen Capture
  • T1589.001 - Credentials
  • T1040 - Network Sniffing
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1140 - Deobfuscate/Decode Files or Information
  • T1534 - Internal Spearphishing
  • T1583 - Acquire Infrastructure
  • T1564.003 - Hidden Window
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1190 - Exploit Public-Facing Application
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1557 - Adversary-in-the-Middle
  • T1518.001 - Security Software Discovery
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1588.005 - Exploits
  • T1007 - System Service Discovery
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1657 - Financial Theft
  • T1608.001 - Upload Malware
  • T1219.002 - Remote Desktop Software
  • T1598.003 - Spearphishing Link
  • T1112 - Modify Registry
  • T1588.003 - Code Signing Certificates
  • T1562.001 - Disable or Modify Tools
  • T1078.003 - Local Accounts
  • T1566 - Phishing
  • T1566.002 - Spearphishing Link
  • T1598 - Phishing for Information
  • T1204.001 - Malicious Link
  • T1113 - Screen Capture
  • T1012 - Query Registry
  • T1040 - Network Sniffing
MITREへのリンク →

Mustang Panda

Score: 0.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1608 - Stage Capabilities
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1003 - OS Credential Dumping
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1518 - Software Discovery
  • T1091 - Replication Through Removable Media
  • T1047 - Windows Management Instrumentation
  • T1027.007 - Dynamic API Resolution
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1219.002 - Remote Desktop Software
  • T1102 - Web Service
  • T1598.003 - Spearphishing Link
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1588.003 - Code Signing Certificates
  • T1622 - Debugger Evasion
  • T1070 - Indicator Removal
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
  • T1574.001 - DLL
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1176.002 - IDE Extensions
  • T1678 - Delay Execution
MITREへのリンク →

Gamaredon Group

Score: 0.71
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1534 - Internal Spearphishing
  • T1564.003 - Hidden Window
  • T1497.001 - System Checks
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1518.001 - Security Software Discovery
  • T1102.002 - Bidirectional Communication
  • T1491.001 - Internal Defacement
  • T1091 - Replication Through Removable Media
  • T1001 - Data Obfuscation
  • T1027.004 - Compile After Delivery
  • T1047 - Windows Management Instrumentation
  • T1025 - Data from Removable Media
  • T1608.001 - Upload Malware
  • T1039 - Data from Network Shared Drive
  • T1102 - Web Service
  • T1016.001 - Internet Connection Discovery
  • T1027.015 - Compression
  • T1112 - Modify Registry
  • T1562.001 - Disable or Modify Tools
  • T1480 - Execution Guardrails
  • T1204.001 - Malicious Link
  • T1113 - Screen Capture
  • T1012 - Query Registry
MITREへのリンク →

Lazarus Group

Score: 0.66
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1584.004 - Server
  • T1583.006 - Web Services
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1491.001 - Internal Defacement
  • T1574.013 - KernelCallbackTable
  • T1010 - Application Window Discovery
  • T1566.003 - Spearphishing via Service
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1027.007 - Dynamic API Resolution
  • T1203 - Exploitation for Client Execution
  • T1218 - System Binary Proxy Execution
  • T1090.002 - External Proxy
  • T1090.001 - Internal Proxy
  • T1562.001 - Disable or Modify Tools
  • T1070 - Indicator Removal
  • T1566.002 - Spearphishing Link
  • T1012 - Query Registry
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

Turla

Score: 0.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.004 - Server
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1189 - Drive-by Compromise
  • T1518.001 - Security Software Discovery
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1588.001 - Malware
  • T1007 - System Service Discovery
  • T1584.006 - Web Services
  • T1025 - Data from Removable Media
  • T1547.004 - Winlogon Helper DLL
  • T1102 - Web Service
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1090.001 - Internal Proxy
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1562.001 - Disable or Modify Tools
  • T1078.003 - Local Accounts
  • T1564.012 - File/Path Exclusions
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
MITREへのリンク →

Sandworm Team

Score: 0.63
Matched TTPs:
  • T1592.002 - Software
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583 - Acquire Infrastructure
  • T1595.002 - Vulnerability Scanning
  • T1584.004 - Server
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1195 - Supply Chain Compromise
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1588.002 - Tool
  • T1204.002 - Malicious File
  • T1591.002 - Business Relationships
  • T1078.002 - Domain Accounts
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1499 - Endpoint Denial of Service
  • T1047 - Windows Management Instrumentation
  • T1203 - Exploitation for Client Execution
  • T1219 - Remote Access Tools
  • T1195.002 - Compromise Software Supply Chain
  • T1608.001 - Upload Malware
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1204.001 - Malicious Link
  • T1570 - Lateral Tool Transfer
  • T1040 - Network Sniffing
MITREへのリンク →

FIN7

Score: 0.61
Matched TTPs:
  • T1674 - Input Injection
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1140 - Deobfuscate/Decode Files or Information
  • T1564.003 - Hidden Window
  • T1583.006 - Web Services
  • T1190 - Exploit Public-Facing Application
  • T1608.004 - Drive-by Target
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1569.002 - Service Execution
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1091 - Replication Through Removable Media
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1559.002 - Dynamic Data Exchange
  • T1219 - Remote Access Tools
  • T1195.002 - Compromise Software Supply Chain
  • T1608.001 - Upload Malware
  • T1078.003 - Local Accounts
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
  • T1113 - Screen Capture
MITREへのリンク →

OilRig

Score: 0.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497.001 - System Checks
  • T1137.004 - Outlook Home Page
  • T1195 - Supply Chain Compromise
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1078.002 - Domain Accounts
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1566.003 - Spearphishing via Service
  • T1047 - Windows Management Instrumentation
  • T1025 - Data from Removable Media
  • T1021.001 - Remote Desktop Protocol
  • T1203 - Exploitation for Client Execution
  • T1219 - Remote Access Tools
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.003 - Code Signing Certificates
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1204.001 - Malicious Link
  • T1113 - Screen Capture
  • T1012 - Query Registry
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Volt Typhoon

Score: 0.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1614 - System Location Discovery
  • T1584.004 - Server
  • T1497.001 - System Checks
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1105 - Ingress Tool Transfer
  • T1584.008 - Network Devices
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1078.002 - Domain Accounts
  • T1518 - Software Discovery
  • T1007 - System Service Discovery
  • T1010 - Application Window Discovery
  • T1069 - Permission Groups Discovery
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1218 - System Binary Proxy Execution
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1090.001 - Internal Proxy
  • T1570 - Lateral Tool Transfer
  • T1113 - Screen Capture
  • T1012 - Query Registry
MITREへのリンク →

APT32

Score: 0.55
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1564.003 - Hidden Window
  • T1583.006 - Web Services
  • T1608.004 - Drive-by Target
  • T1566.001 - Spearphishing Attachment
  • T1105 - Ingress Tool Transfer
  • T1003 - OS Credential Dumping
  • T1588.002 - Tool
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1569.002 - Service Execution
  • T1218.010 - Regsvr32
  • T1047 - Windows Management Instrumentation
  • T1203 - Exploitation for Client Execution
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1598.003 - Spearphishing Link
  • T1112 - Modify Registry
  • T1078.003 - Local Accounts
  • T1216.001 - PubPrn
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1204.001 - Malicious Link
  • T1570 - Lateral Tool Transfer
  • T1012 - Query Registry
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

Magic Hound

Score: 0.55
Matched TTPs:
  • T1592.002 - Software
  • T1562 - Impair Defenses
  • T1564.003 - Hidden Window
  • T1595.002 - Vulnerability Scanning
  • T1583.006 - Web Services
  • T1190 - Exploit Public-Facing Application
  • T1105 - Ingress Tool Transfer
  • T1588.002 - Tool
  • T1057 - Process Discovery
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1078.002 - Domain Accounts
  • T1102.002 - Bidirectional Communication
  • T1566.003 - Spearphishing via Service
  • T1047 - Windows Management Instrumentation
  • T1021.001 - Remote Desktop Protocol
  • T1598.003 - Spearphishing Link
  • T1016.001 - Internet Connection Discovery
  • T1112 - Modify Registry
  • T1573 - Encrypted Channel
  • T1562.001 - Disable or Modify Tools
  • T1566.002 - Spearphishing Link
  • T1204.001 - Malicious Link
  • T1570 - Lateral Tool Transfer
  • T1113 - Screen Capture
  • T1589.001 - Credentials
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る