Trusted Design

From Invitation to Infection: How SILENTCONNECT Delivers ScreenConnect

概要

A newly discovered loader called SILENTCONNECT is being used in active campaigns to silently install ScreenConnect, a remote monitoring and management tool, on victim machines. The infection chain begins with users being redirected to a Cloudflare Turnstile CAPTCHA page disguised as a digital invitation. Upon clicking, a VBScript file is downloaded, which retrieves and executes C# source code in memory using PowerShell. SILENTCONNECT employs various evasion techniques, including PEB masquerading and UAC bypass. The campaigns leverage trusted hosting providers like Google Drive and Cloudflare, and abuse living-off-the-land binaries. The loader has been active since March 2025 and poses a significant threat due to its stealthy nature and effectiveness.

Created: 2026-03-20

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 47.16
Matched TTPs:
  • T1113 - Screen Capture
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1598.002 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1071.002 - File Transfer Protocols
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

BRONZE BUTLER

Score: 38.47
Matched TTPs:
  • T1113 - Screen Capture
  • T1548.002 - Bypass User Account Control
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1550.003 - Pass the Ticket
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Gamaredon Group

Score: 70.12
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1559.001 - Component Object Model
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

OilRig

Score: 62.49
Matched TTPs:
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1556.002 - Password Filter DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1555.004 - Windows Credential Manager
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT28

Score: 63.55
Matched TTPs:
  • T1113 - Screen Capture
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

MoustachedBouncer

Score: 5.43
Matched TTPs:
  • T1113 - Screen Capture
  • T1090 - Proxy
  • T1059.001 - PowerShell
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.15
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
MITREへのリンク →

APT42

Score: 21.84
Matched TTPs:
  • T1113 - Screen Capture
  • T1608.001 - Upload Malware
  • T1070.008 - Clear Mailbox Data
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
MITREへのリンク →

Magic Hound

Score: 53.22
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1589 - Gather Victim Identity Information
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MuddyWater

Score: 65.00
Matched TTPs:
  • T1113 - Screen Capture
  • T1548.002 - Bypass User Account Control
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Winter Vivern

Score: 24.20
Matched TTPs:
  • T1113 - Screen Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1056.003 - Web Portal Capture
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Silence

Score: 19.30
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1059.005 - Visual Basic
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Volt Typhoon

Score: 70.60
Matched TTPs:
  • T1113 - Screen Capture
  • T1584.008 - Network Devices
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1070.007 - Clear Network Connection History and Configurations
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT39

Score: 40.07
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
  • T1197 - BITS Jobs
  • T1546.010 - AppInit DLLs
  • T1059.005 - Visual Basic
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
MITREへのリンク →

Kimsuky

Score: 100.88
Matched TTPs:
  • T1113 - Screen Capture
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1218.005 - Mshta
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1071.002 - File Transfer Protocols
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1585 - Establish Accounts
  • T1219.002 - Remote Desktop Software
  • T1059.005 - Visual Basic
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 8.66
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 54.85
Matched TTPs:
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1497.002 - User Activity Based Checks
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1102.002 - Bidirectional Communication
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 71.89
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1608 - Stage Capabilities
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1052.001 - Exfiltration over USB
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1219.002 - Remote Desktop Software
  • T1059.005 - Visual Basic
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Sea Turtle

Score: 32.54
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.003 - Virtual Private Server
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1584.002 - DNS Server
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 58.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1003.002 - Security Account Manager
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1585 - Establish Accounts
  • T1595.001 - Scanning IP Blocks
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 27.93
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1484.001 - Group Policy Modification
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 22.99
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Contagious Interview

Score: 55.46
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.007 - Artificial Intelligence
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1090 - Proxy
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1593.001 - Social Media
  • T1585 - Establish Accounts
  • T1543.001 - Launch Agent
  • T1219.002 - Remote Desktop Software
  • T1059.005 - Visual Basic
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 70.74
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 17.08
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1598.002 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Lazarus Group

Score: 74.92
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1620 - Reflective Code Loading
  • T1562.004 - Disable or Modify System Firewall
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1104 - Multi-Stage Channels
  • T1583.006 - Web Services
  • T1491.001 - Internal Defacement
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

TA577

Score: 5.20
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 30.49
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT32

Score: 59.08
Matched TTPs:
  • T1216.001 - PubPrn
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1589 - Gather Victim Identity Information
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1550.003 - Pass the Ticket
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 63.31
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1584.003 - Virtual Private Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1555.004 - Windows Credential Manager
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT38

Score: 48.10
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1036.003 - Rename Legitimate Utilities
  • T1565.002 - Transmitted Data Manipulation
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Evilnum

Score: 12.99
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1497.001 - System Checks
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 23.95
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1555.003 - Credentials from Web Browsers
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cobalt Group

Score: 31.20
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1218.003 - CMSTP
  • T1218.008 - Odbcconf
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Earth Lusca

Score: 50.78
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1583.004 - Server
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Threat Group-3390

Score: 35.23
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 30.83
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Medusa Group

Score: 48.60
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1650 - Acquire Access
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

APT29

Score: 71.26
Matched TTPs:
  • T1548.002 - Bypass User Account Control
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1546.008 - Accessibility Features
  • T1550.003 - Pass the Ticket
  • T1098.005 - Device Registration
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1021.007 - Cloud Services
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1651 - Cloud Administration Command
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 30.76
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 44.63
Matched TTPs:
  • T1584.008 - Network Devices
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1059.001 - PowerShell
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1197 - BITS Jobs
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Daggerfly

Score: 15.15
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1059.001 - PowerShell
  • T1036.003 - Rename Legitimate Utilities
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

GALLIUM

Score: 28.77
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 41.90
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1589 - Gather Victim Identity Information
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1134.003 - Make and Impersonate Token
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1090.001 - Internal Proxy
MITREへのリンク →

Ke3chang

Score: 28.48
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

APT41

Score: 73.52
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1484.001 - Group Policy Modification
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1104 - Multi-Stage Channels
  • T1059.001 - PowerShell
  • T1071.002 - File Transfer Protocols
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1197 - BITS Jobs
  • T1213.003 - Code Repositories
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT5

Score: 14.23
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1505.003 - Web Shell
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

menuPass

Score: 31.38
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1036.003 - Rename Legitimate Utilities
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Wizard Spider

Score: 43.36
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1112 - Modify Registry
  • T1547.004 - Winlogon Helper DLL
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1197 - BITS Jobs
  • T1555.004 - Windows Credential Manager
  • T1018 - Remote System Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1204.001 - Malicious Link
  • T1569.002 - Service Execution
MITREへのリンク →

Axiom

Score: 28.50
Matched TTPs:
  • T1583.002 - DNS Server
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1583.003 - Virtual Private Server
  • T1584.005 - Botnet
  • T1078 - Valid Accounts
  • T1553 - Subvert Trust Controls
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

HEXANE

Score: 32.46
Matched TTPs:
  • T1583.002 - DNS Server
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1110.003 - Password Spraying
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1102.002 - Bidirectional Communication
  • T1059.005 - Visual Basic
  • T1018 - Remote System Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 23.16
Matched TTPs:
  • T1587.001 - Malware
  • T1070.007 - Clear Network Connection History and Configurations
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1587.004 - Exploits
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 18.22
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
MITREへのリンク →

Play

Score: 16.05
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 8.71
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 23.03
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1027 - Obfuscated Files or Information
  • T1059.005 - Visual Basic
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Moses Staff

Score: 10.77
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 35.81
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1036 - Masquerading
  • T1562.004 - Disable or Modify System Firewall
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1595.001 - Scanning IP Blocks
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sidewinder

Score: 25.04
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Gallmaker

Score: 6.62
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

BITTER

Score: 12.25
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 32.40
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1555.003 - Credentials from Web Browsers
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1486 - Data Encrypted for Impact
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Malteiro

Score: 8.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1657 - Financial Theft
  • T1059.005 - Visual Basic
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 8.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Elderwood

Score: 6.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Transparent Tribe

Score: 6.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

WIRTE

Score: 8.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 10.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1219.002 - Remote Desktop Software
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT-C-36

Score: 6.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CURIUM

Score: 19.53
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1505.003 - Web Shell
  • T1583.004 - Server
  • T1583.003 - Virtual Private Server
  • T1059.001 - PowerShell
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 30.04
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505.003 - Web Shell
  • T1547.004 - Winlogon Helper DLL
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1052.001 - Exfiltration over USB
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

PLATINUM

Score: 12.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1055 - Process Injection
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 11.87
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1027.003 - Steganography
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN8

Score: 18.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1055.004 - Asynchronous Procedure Call
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 18.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Higaisa

Score: 11.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1090.001 - Internal Proxy
MITREへのリンク →

Rancor

Score: 6.25
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN4

Score: 9.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1056.002 - GUI Input Capture
  • T1078 - Valid Accounts
  • T1059.005 - Visual Basic
  • T1204.001 - Malicious Link
MITREへのリンク →

Storm-1811

Score: 21.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1219.002 - Remote Desktop Software
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 19.04
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
MITREへのリンク →

EXOTIC LILY

Score: 14.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102 - Web Service
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 6.14
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 12.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN6

Score: 24.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1102 - Web Service
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Whitefly

Score: 4.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA459

Score: 4.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

Nomadic Octopus

Score: 4.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1059.001 - PowerShell
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 9.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 13.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 19.02
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

SideCopy

Score: 16.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1016 - System Network Configuration Discovery
  • T1218.005 - Mshta
  • T1598.002 - Spearphishing Attachment
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tonto Team

Score: 12.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 14.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Naikon

Score: 7.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1016 - System Network Configuration Discovery
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Molerats

Score: 12.03
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

admin@338

Score: 7.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Darkhotel

Score: 16.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

IndigoZebra

Score: 4.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 16.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1555.003 - Credentials from Web Browsers
  • T1110.003 - Password Spraying
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Confucius

Score: 12.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1083 - File and Directory Discovery
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 9.46
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 15.84
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1059.005 - Visual Basic
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Scattered Spider

Score: 69.13
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1589 - Gather Victim Identity Information
  • T1598.004 - Spearphishing Voice
  • T1016 - System Network Configuration Discovery
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1204 - User Execution
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1598 - Phishing for Information
  • T1556.009 - Conditional Access Policies
  • T1213.003 - Code Repositories
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1538 - Cloud Service Dashboard
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Storm-0501

Score: 31.06
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1190 - Exploit Public-Facing Application
  • T1484.001 - Group Policy Modification
  • T1657 - Financial Theft
  • T1021.007 - Cloud Services
  • T1059.001 - PowerShell
  • T1110 - Brute Force
  • T1486 - Data Encrypted for Impact
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Silent Librarian

Score: 11.32
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1110.003 - Password Spraying
  • T1608.005 - Link Target
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Chimera

Score: 33.49
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1110.003 - Password Spraying
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1110.004 - Credential Stuffing
  • T1556.001 - Domain Controller Authentication
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Cinnamon Tempest

Score: 17.11
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1484.001 - Group Policy Modification
  • T1090 - Proxy
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Velvet Ant

Score: 22.53
Matched TTPs:
  • T1574.001 - DLL
  • T1071 - Application Layer Protocol
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1090.001 - Internal Proxy
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Aquatic Panda

Score: 15.52
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1112 - Modify Registry
  • T1588.001 - Malware
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1550.002 - Pass the Hash
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT3

Score: 26.99
Matched TTPs:
  • T1574.001 - DLL
  • T1555.003 - Credentials from Web Browsers
  • T1090.002 - External Proxy
  • T1016 - System Network Configuration Discovery
  • T1546.008 - Accessibility Features
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1104 - Multi-Stage Channels
  • T1059.001 - PowerShell
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

BackdoorDiplomacy

Score: 13.11
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HAFNIUM

Score: 26.21
Matched TTPs:
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1083 - File and Directory Discovery
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1059.001 - PowerShell
  • T1018 - Remote System Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

Poseidon Group

Score: 3.32
Matched TTPs:
  • T1007 - System Service Discovery
  • T1059.001 - PowerShell
MITREへのリンク →

APT1

Score: 10.05
Matched TTPs:
  • T1007 - System Service Discovery
  • T1016 - System Network Configuration Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1550.002 - Pass the Hash
MITREへのリンク →

Rocke

Score: 26.42
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1102 - Web Service
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

INC Ransom

Score: 21.38
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Strider

Score: 11.19
Matched TTPs:
  • T1556.002 - Password Filter DLL
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

BlackByte

Score: 40.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1562.004 - Disable or Modify System Firewall
  • T1112 - Modify Registry
  • T1505.003 - Web Shell
  • T1016 - System Network Configuration Discovery
  • T1583.003 - Virtual Private Server
  • T1491.001 - Internal Defacement
  • T1134.003 - Make and Impersonate Token
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Mustard Tempest

Score: 9.16
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1204.001 - Malicious Link
MITREへのリンク →

Fox Kitten

Score: 32.57
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1102 - Web Service
  • T1552.001 - Credentials In Files
  • T1059.001 - PowerShell
  • T1210 - Exploitation of Remote Services
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1585 - Establish Accounts
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1003.003 - NTDS
MITREへのリンク →

ToddyCat

Score: 9.98
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.004 - Disable or Modify System Firewall
  • T1083 - File and Directory Discovery
  • T1059.001 - PowerShell
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 16.28
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1112 - Modify Registry
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

Volatile Cedar

Score: 8.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Akira

Score: 17.56
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1219 - Remote Access Tools
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1078 - Valid Accounts
  • T1486 - Data Encrypted for Impact
  • T1018 - Remote System Discovery
MITREへのリンク →

DarkVishnya

Score: 8.53
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1046 - Network Service Discovery
MITREへのリンク →

Carbanak

Score: 9.60
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

LAPSUS$

Score: 33.16
Matched TTPs:
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1598.004 - Spearphishing Voice
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.003 - Virtual Private Server
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1584.002 - DNS Server
  • T1213.003 - Code Repositories
  • T1003.003 - NTDS
MITREへのリンク →

Lotus Blossom

Score: 15.53
Matched TTPs:
  • T1112 - Modify Registry
  • T1016 - System Network Configuration Discovery
  • T1083 - File and Directory Discovery
  • T1588.002 - Tool
  • T1134 - Access Token Manipulation
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Stealth Falcon

Score: 7.94
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1016 - System Network Configuration Discovery
  • T1059.001 - PowerShell
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Leafminer

Score: 14.54
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1110.003 - Password Spraying
  • T1083 - File and Directory Discovery
  • T1552.001 - Credentials In Files
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1018 - Remote System Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Deep Panda

Score: 10.14
Matched TTPs:
  • T1505.003 - Web Shell
  • T1546.008 - Accessibility Features
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1018 - Remote System Discovery
MITREへのリンク →

FIN5

Score: 9.09
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1110 - Brute Force
  • T1078 - Valid Accounts
  • T1018 - Remote System Discovery
MITREへのリンク →

CopyKittens

Score: 3.99
Matched TTPs:
  • T1090 - Proxy
  • T1059.001 - PowerShell
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 8.15
Matched TTPs:
  • T1090 - Proxy
  • T1083 - File and Directory Discovery
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 9.02
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1078 - Valid Accounts
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT18

Score: 3.50
Matched TTPs:
  • T1083 - File and Directory Discovery
  • T1078 - Valid Accounts
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

SilverTerrier

Score: 6.14
Matched TTPs:
  • T1657 - Financial Theft
  • T1071.002 - File Transfer Protocols
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1583.006 - Web Services
  • T1585 - Establish Accounts
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1583.006 - Web Services
  • T1204.001 - Malicious Link
MITREへのリンク →

Thrip

Score: 4.58
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

FIN10

Score: 3.07
Matched TTPs:
  • T1059.001 - PowerShell
  • T1588.002 - Tool
  • T1078 - Valid Accounts
MITREへのリンク →

Suckfly

Score: 3.19
Matched TTPs:
  • T1078 - Valid Accounts
  • T1046 - Network Service Discovery
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1593.001 - Social Media
  • T1204.001 - Malicious Link
  • T1583 - Acquire Infrastructure
  • T1534 - Internal Spearphishing
  • T1007 - System Service Discovery
  • T1620 - Reflective Code Loading
  • T1027.012 - LNK Icon Smuggling
  • T1055 - Process Injection
  • T1059.001 - PowerShell
  • T1102.001 - Dead Drop Resolver
  • T1588.005 - Exploits
  • T1083 - File and Directory Discovery
  • T1218.010 - Regsvr32
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
  • T1587.001 - Malware
  • T1112 - Modify Registry
  • T1550.002 - Pass the Hash
  • T1016 - System Network Configuration Discovery
  • T1102.002 - Bidirectional Communication
  • T1583.004 - Server
  • T1583.006 - Web Services
  • T1505.003 - Web Shell
  • T1071.002 - File Transfer Protocols
  • T1555.003 - Credentials from Web Browsers
  • T1585 - Establish Accounts
  • T1218.005 - Mshta
  • T1588.002 - Tool
  • T1190 - Exploit Public-Facing Application
  • T1598 - Phishing for Information
  • T1113 - Screen Capture
  • T1059.005 - Visual Basic
  • T1608.001 - Upload Malware
  • T1552.001 - Credentials In Files
  • T1562.004 - Disable or Modify System Firewall
  • T1105 - Ingress Tool Transfer
  • T1557 - Adversary-in-the-Middle
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1562.001 - Disable or Modify Tools
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る