Trusted Design

Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2

概要

An Iranian threat actor's operational infrastructure was exposed through an open directory, revealing a 15-node relay network spanning Finland and Iran, an SSH-based botnet framework, and an active command and control server. The exposed bash history documented the full operation, including tunnel deployment, DDoS tooling development, and botnet creation. The actor used on-host compilation to evade detection and leveraged a Python script for mass SSH deployment. The botnet client, compiled and renamed 'hex' on infected hosts, showed automatic reconnection capabilities. This operation appears to be financially or personally motivated rather than state-directed, with infrastructure dual-purposed for censorship bypass and attack operations.

Created: 2026-03-17

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 37.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
MITREへのリンク →

menuPass

Score: 25.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Wizard Spider

Score: 30.45
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1038 - DLL Search Order Hijacking
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 10.09
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583.005 - Botnet
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Fox Kitten

Score: 32.57
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

CopyKittens

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1045 - Software Packing
MITREへのリンク →

Volt Typhoon

Score: 61.50
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1164 - Re-opened Applications
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 10.32
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1590.006 - Network Security Appliances
MITREへのリンク →

Mustang Panda

Score: 43.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1546.011 - Application Shimming
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1562.006 - Indicator Blocking
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1159 - Launch Agent
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Play

Score: 15.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1142 - Keychain
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
MITREへのリンク →

Chimera

Score: 27.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1587.003 - Digital Certificates
  • T1003.007 - Proc Filesystem
  • T1062 - Hypervisor
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Sea Turtle

Score: 19.10
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT39

Score: 26.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 17.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT5

Score: 18.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1546.003 - Windows Management Instrumentation Event Subscription
MITREへのリンク →

Agrius

Score: 17.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1209 - Time Providers
MITREへのリンク →

GALLIUM

Score: 20.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT41

Score: 60.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1539 - Steal Web Session Cookie
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1059.008 - Network Device CLI
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1564.003 - Hidden Window
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 37.01
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 66.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1078.001 - Default Accounts
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1542.004 - ROMMONkit
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
  • T1564.004 - NTFS File Attributes
MITREへのリンク →

Turla

Score: 48.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1176 - Software Extensions
  • T1584.003 - Virtual Private Server
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

Sowbug

Score: 7.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1219.001 - IDE Tunneling
  • T1542.004 - ROMMONkit
MITREへのリンク →

BRONZE BUTLER

Score: 22.17
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

UNC3886

Score: 37.12
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1021.006 - Windows Remote Management
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1547.015 - Login Items
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Kimsuky

Score: 65.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1033 - System Owner/User Discovery
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1546.011 - Application Shimming
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1597 - Search Closed Sources
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

APT3

Score: 20.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.003 - Virtual Private Server
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1059.008 - Network Device CLI
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 10.65
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 27.97
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Lotus Blossom

Score: 18.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1099 - Timestomp
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1056.002 - GUI Input Capture
  • T1505 - Server Software Component
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 39.64
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 33.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1557.003 - DHCP Spoofing
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 67.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1596.003 - Digital Certificates
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1587.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1036.009 - Break Process Trees
  • T1584.003 - Virtual Private Server
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Aquatic Panda

Score: 12.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
MITREへのリンク →

INC Ransom

Score: 18.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1209 - Time Providers
MITREへのリンク →

Akira

Score: 14.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1137.005 - Outlook Rules
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

ToddyCat

Score: 8.15
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
MITREへのリンク →

Ember Bear

Score: 42.66
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1584.008 - Network Devices
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1656 - Impersonation
  • T1519 - Emond
  • T1209 - Time Providers
MITREへのリンク →

Indrik Spider

Score: 16.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1546.016 - Installer Packages
MITREへのリンク →

Contagious Interview

Score: 35.15
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1564.009 - Resource Forking
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 68.92
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1596.003 - Digital Certificates
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1075 - Pass the Hash
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 12.51
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT38

Score: 19.58
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.003 - Virtual Private Server
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 7.96
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 10.69
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Threat Group-3390

Score: 27.17
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Lazarus Group

Score: 41.00
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1009 - Binary Padding
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1059.008 - Network Device CLI
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1209 - Time Providers
  • T1569.002 - Service Execution
MITREへのリンク →

PLATINUM

Score: 3.70
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN4

Score: 8.65
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 34.26
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1062 - Hypervisor
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 6.57
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1556.005 - Reversible Encryption
MITREへのリンク →

HEXANE

Score: 17.11
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1099 - Timestomp
  • T1499.003 - Application Exhaustion Flood
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

APT32

Score: 30.44
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 12.40
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1584.003 - Virtual Private Server
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA551

Score: 7.66
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1218.012 - Verclsid
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT29

Score: 47.00
Matched TTPs:
  • T1099 - Timestomp
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 38.64
Matched TTPs:
  • T1099 - Timestomp
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 15.51
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 25.73
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1608.006 - SEO Poisoning
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 27.73
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1554 - Compromise Host Software Binary
  • T1056.002 - GUI Input Capture
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Daggerfly

Score: 9.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 41.13
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
  • T1193 - Spearphishing Attachment
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Axiom

Score: 18.35
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LazyScripter

Score: 10.43
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 17.80
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1062 - Hypervisor
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 18.10
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1159 - Launch Agent
MITREへのリンク →

APT18

Score: 6.66
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1219.001 - IDE Tunneling
  • T1157 - Dylib Hijacking
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN7

Score: 37.75
Matched TTPs:
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1062 - Hypervisor
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 23.22
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1219.001 - IDE Tunneling
  • T1588.001 - Malware
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 14.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1556.005 - Reversible Encryption
MITREへのリンク →

LuminousMoth

Score: 13.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1091 - Replication Through Removable Media
  • T1219.001 - IDE Tunneling
  • T1584.005 - Botnet
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 19.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1608.002 - Upload Tool
  • T1009 - Binary Padding
MITREへのリンク →

Aoqin Dragon

Score: 7.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Moses Staff

Score: 9.14
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 37.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1142 - Keychain
  • T1597 - Search Closed Sources
  • T1519 - Emond
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Scattered Spider

Score: 41.52
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1062 - Hypervisor
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1218.005 - Mshta
  • T1619 - Cloud Storage Object Discovery
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Storm-0501

Score: 13.88
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Sidewinder

Score: 17.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 14.34
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1555.003 - Credentials from Web Browsers
  • T1557.003 - DHCP Spoofing
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Patchwork

Score: 13.11
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

admin@338

Score: 6.79
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1218.010 - Regsvr32
MITREへのリンク →

Velvet Ant

Score: 17.07
Matched TTPs:
  • T1583.005 - Botnet
  • T1036.009 - Break Process Trees
  • T1009 - Binary Padding
  • T1219.001 - IDE Tunneling
  • T1597 - Search Closed Sources
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 7.39
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1209 - Time Providers
MITREへのリンク →

Rocke

Score: 15.29
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1008 - Fallback Channels
MITREへのリンク →

LAPSUS$

Score: 27.35
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1045 - Software Packing
  • T1619 - Cloud Storage Object Discovery
  • T1157 - Dylib Hijacking
  • T1564.003 - Hidden Window
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1045 - Software Packing
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 17.24
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1062 - Hypervisor
  • T1588.001 - Malware
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1505 - Server Software Component
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT37

Score: 8.29
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Inception

Score: 13.26
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
MITREへのリンク →

Stealth Falcon

Score: 7.73
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1590.006 - Network Security Appliances
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Dark Caracal

Score: 5.70
Matched TTPs:
  • T1584.003 - Virtual Private Server
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BlackByte

Score: 26.49
Matched TTPs:
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
MITREへのリンク →

Mustard Tempest

Score: 8.38
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

SideCopy

Score: 12.15
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 8.66
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 13.66
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1036.002 - Right-to-Left Override
  • T1588.001 - Malware
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Saint Bear

Score: 8.64
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 4.83
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BackdoorDiplomacy

Score: 7.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1209 - Time Providers
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
MITREへのリンク →

BlackTech

Score: 6.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1209 - Time Providers
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Medusa Group

Score: 32.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1009 - Binary Padding
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1209 - Time Providers
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 7.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
  • T1045 - Software Packing
  • T1157 - Dylib Hijacking
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1505 - Server Software Component
MITREへのリンク →

Volatile Cedar

Score: 5.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Carbanak

Score: 10.85
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1588.001 - Malware
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

Higaisa

Score: 13.71
Matched TTPs:
  • T1569.003 - Systemctl
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

SilverTerrier

Score: 8.09
Matched TTPs:
  • T1131 - Authentication Package
  • T1041 - Exfiltration Over C2 Channel
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Deep Panda

Score: 5.05
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1177 - LSASS Driver
MITREへのリンク →

FIN5

Score: 4.17
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
MITREへのリンク →

Silence

Score: 4.17
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
MITREへのリンク →

APT19

Score: 4.42
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Naikon

Score: 5.33
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1588.001 - Malware
  • T1209 - Time Providers
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Confucius

Score: 9.69
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 4.83
Matched TTPs:
  • T1219.001 - IDE Tunneling
  • T1059.012 - Hypervisor CLI
  • T1209 - Time Providers
MITREへのリンク →

RedEcho

Score: 4.47
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Transparent Tribe

Score: 7.90
Matched TTPs:
  • T1036.002 - Right-to-Left Override
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PROMETHIUM

Score: 7.99
Matched TTPs:
  • T1588.001 - Malware
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1209 - Time Providers
MITREへのリンク →

FIN10

Score: 3.66
Matched TTPs:
  • T1157 - Dylib Hijacking
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Storm-1811

Score: 4.58
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 4.62
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Windshift

Score: 7.06
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1556.005 - Reversible Encryption
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1555.003 - Credentials from Web Browsers
  • T1218.010 - Regsvr32
  • T1091 - Replication Through Removable Media
  • T1075 - Pass the Hash
  • T1219.001 - IDE Tunneling
  • T1566.004 - Spearphishing Voice
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1557.003 - DHCP Spoofing
  • T1564.008 - Email Hiding Rules
  • T1562.004 - Disable or Modify System Firewall
  • T1583.005 - Botnet
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1187 - Forced Authentication
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1548.006 - TCC Manipulation
  • T1027 - Obfuscated Files or Information
  • T1045 - Software Packing
  • T1584.003 - Virtual Private Server
  • T1193 - Spearphishing Attachment
  • T1546.016 - Installer Packages
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Magic Hound

Score: 0.68
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1588.001 - Malware
  • T1555.003 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1070.003 - Clear Command History
  • T1587.003 - Digital Certificates
  • T1036.009 - Break Process Trees
  • T1219.001 - IDE Tunneling
  • T1566.004 - Spearphishing Voice
  • T1099 - Timestomp
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1597 - Search Closed Sources
  • T1562.004 - Disable or Modify System Firewall
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1560.001 - Archive via Utility
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1209 - Time Providers
  • T1027 - Obfuscated Files or Information
  • T1045 - Software Packing
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1584.003 - Virtual Private Server
  • T1608.005 - Link Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1062 - Hypervisor
MITREへのリンク →

APT28

Score: 0.68
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1555.003 - Credentials from Web Browsers
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1564.004 - NTFS File Attributes
  • T1078.001 - Default Accounts
  • T1547.011 - Plist Modification
  • T1219.001 - IDE Tunneling
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1157 - Dylib Hijacking
  • T1685.001 - Disable or Modify Windows Event Log
  • T1562.004 - Disable or Modify System Firewall
  • T1583.005 - Botnet
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1560.001 - Archive via Utility
  • T1131 - Authentication Package
  • T1548.006 - TCC Manipulation
  • T1056.002 - GUI Input Capture
  • T1584.003 - Virtual Private Server
  • T1608.005 - Link Target
  • T1146 - Clear Command History
  • T1059.001 - PowerShell
  • T1197 - BITS Jobs
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Kimsuky

Score: 0.67
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1588.001 - Malware
  • T1008 - Fallback Channels
  • T1555.003 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1656 - Impersonation
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1219.001 - IDE Tunneling
  • T1596.003 - Digital Certificates
  • T1566.002 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1557.003 - DHCP Spoofing
  • T1583.005 - Botnet
  • T1547.002 - Authentication Package
  • T1556.005 - Reversible Encryption
  • T1560.001 - Archive via Utility
  • T1131 - Authentication Package
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1584.003 - Virtual Private Server
  • T1608.005 - Link Target
  • T1003.007 - Proc Filesystem
  • T1197 - BITS Jobs
  • T1140 - Deobfuscate/Decode Files or Information
  • T1041 - Exfiltration Over C2 Channel
  • T1546.011 - Application Shimming
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1590.006 - Network Security Appliances
  • T1219.001 - IDE Tunneling
  • T1566.004 - Spearphishing Voice
  • T1099 - Timestomp
  • T1596.003 - Digital Certificates
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1157 - Dylib Hijacking
  • T1685.001 - Disable or Modify Windows Event Log
  • T1560.001 - Archive via Utility
  • T1548.006 - TCC Manipulation
  • T1209 - Time Providers
  • T1056.002 - GUI Input Capture
  • T1045 - Software Packing
  • T1584.003 - Virtual Private Server
  • T1003.007 - Proc Filesystem
  • T1159 - Launch Agent
  • T1553.002 - Code Signing
  • T1574.002 - DLL Side-Loading
  • T1176 - Software Extensions
  • T1546.016 - Installer Packages
  • T1140 - Deobfuscate/Decode Files or Information
  • T1569.002 - Service Execution
MITREへのリンク →

APT41

Score: 0.61
Matched TTPs:
  • T1588.001 - Malware
  • T1008 - Fallback Channels
  • T1590.006 - Network Security Appliances
  • T1218.010 - Regsvr32
  • T1177 - LSASS Driver
  • T1219.001 - IDE Tunneling
  • T1566.004 - Spearphishing Voice
  • T1596.003 - Digital Certificates
  • T1157 - Dylib Hijacking
  • T1195.001 - Compromise Software Dependencies and Development Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1556.005 - Reversible Encryption
  • T1560.001 - Archive via Utility
  • T1548.006 - TCC Manipulation
  • T1564.003 - Hidden Window
  • T1209 - Time Providers
  • T1059.008 - Network Device CLI
  • T1027 - Obfuscated Files or Information
  • T1539 - Steal Web Session Cookie
  • T1045 - Software Packing
  • T1584.008 - Network Devices
  • T1584.003 - Virtual Private Server
  • T1574.002 - DLL Side-Loading
  • T1140 - Deobfuscate/Decode Files or Information
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る