Trusted Design

Kuse Web App Abused to Host Phishing Document

概要

Bad actors exploited Kuse, a legitimate AI-based workplace application, to conduct a phishing campaign. Attackers leveraged a Vendor Email Compromise (VEC) to send malicious emails from a trusted vendor's compromised mailbox, establishing initial trust. The attack utilized Kuse's file-sharing features to host a fake blurred document with a Markdown file extension (.md) under the legitimate domain app[.]kuse[.]ai. Victims were presented with a fabricated document preview containing Spanish text prompting them to click a link. This redirected users to a fraudulent Microsoft login page designed to harvest credentials. The attack combined multiple social engineering techniques including domain trust exploitation, unusual file extensions to evade detection, and vendor relationship abuse to bypass security controls and user scrutiny.

Created: 2026-05-01

Indicators

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

Magic Hound

Score: 48.36
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1547.005 - Security Support Provider
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT39

Score: 19.07
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT38

Score: 31.62
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1503 - Credentials from Web Browsers
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1590 - Gather Victim Network Information
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1493 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volt Typhoon

Score: 33.32
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.008 - Clear Mailbox Data
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1584.002 - DNS Server
  • T1065 - Uncommonly Used Port
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Ajax Security Team

Score: 7.39
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 50.57
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1222.002 - Linux and Mac Permissions
  • T1491.002 - External Defacement
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1588.003 - Code Signing Certificates
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 10.67
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

menuPass

Score: 25.49
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT5

Score: 11.58
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Tonto Team

Score: 10.64
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Threat Group-3390

Score: 26.08
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lazarus Group

Score: 50.95
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1070.008 - Clear Mailbox Data
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

Group5

Score: 3.53
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
MITREへのリンク →

PLATINUM

Score: 7.24
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN4

Score: 7.04
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 48.59
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 87.03
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1131 - Authentication Package
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1041 - Exfiltration Over C2 Channel
  • T1055.014 - VDSO Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1132.002 - Non-Standard Encoding
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
MITREへのリンク →

OilRig

Score: 42.22
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.014 - AppDomainManager
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 23.47
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1030 - Data Transfer Size Limits
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

HEXANE

Score: 35.81
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1499.003 - Application Exhaustion Flood
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1055.014 - VDSO Hijacking
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

APT32

Score: 38.81
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 22.76
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 20.88
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.005 - Security Support Provider
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1134.001 - Token Impersonation/Theft
MITREへのリンク →

Ke3chang

Score: 28.27
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1198 - SIP and Trust Provider Hijacking
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT41

Score: 39.08
Matched TTPs:
  • T1596.003 - Digital Certificates
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1177 - LSASS Driver
  • T1055.004 - Asynchronous Procedure Call
  • T1041 - Exfiltration Over C2 Channel
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1002 - Data Compressed
  • T1574.009 - Path Interception by Unquoted Path
  • T1030 - Data Transfer Size Limits
  • T1134 - Access Token Manipulation
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

APT29

Score: 50.77
Matched TTPs:
  • T1222.002 - Linux and Mac Permissions
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1177 - LSASS Driver
  • T1036.004 - Masquerade Task or Service
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1556.008 - Network Provider DLL
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 45.89
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1030 - Data Transfer Size Limits
  • T1027.004 - Compile After Delivery
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 9.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1218.012 - Verclsid
  • T1159 - Launch Agent
MITREへのリンク →

Dark Caracal

Score: 5.88
Matched TTPs:
  • T1491.002 - External Defacement
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Elderwood

Score: 7.04
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 8.56
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT18

Score: 3.02
Matched TTPs:
  • T1491.002 - External Defacement
  • T1157 - Dylib Hijacking
MITREへのリンク →

Leviathan

Score: 28.29
Matched TTPs:
  • T1491.002 - External Defacement
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1157 - Dylib Hijacking
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 25.03
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Saint Bear

Score: 16.96
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1055.013 - Process Doppelgänging
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 13.67
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 8.62
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 28.78
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1527 - Application Access Token
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Higaisa

Score: 5.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
MITREへのリンク →

APT19

Score: 9.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 22.23
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1055.013 - Process Doppelgänging
  • T1051 - Shared Webroot
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1656 - Impersonation
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
MITREへのリンク →

TA2541

Score: 14.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Malteiro

Score: 4.52
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
MITREへのリンク →

Storm-1811

Score: 19.92
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1027 - Obfuscated Files or Information
  • T1486 - Data Encrypted for Impact
  • T1030 - Data Transfer Size Limits
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 6.91
Matched TTPs:
  • T1491.002 - External Defacement
  • T1140 - Deobfuscate/Decode Files or Information
  • T1505 - Server Software Component
MITREへのリンク →

Tropic Trooper

Score: 18.87
Matched TTPs:
  • T1491.002 - External Defacement
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1055.004 - Asynchronous Procedure Call
  • T1136.003 - Cloud Account
  • T1159 - Launch Agent
MITREへのリンク →

Mofang

Score: 5.27
Matched TTPs:
  • T1491.002 - External Defacement
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Whitefly

Score: 3.93
Matched TTPs:
  • T1491.002 - External Defacement
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Moses Staff

Score: 8.97
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
MITREへのリンク →

TeamTNT

Score: 27.61
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1519 - Emond
MITREへのリンク →

Metador

Score: 4.26
Matched TTPs:
  • T1491.002 - External Defacement
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Putter Panda

Score: 3.39
Matched TTPs:
  • T1491.002 - External Defacement
  • T1597 - Search Closed Sources
MITREへのリンク →

Moonstone Sleet

Score: 22.57
Matched TTPs:
  • T1491.002 - External Defacement
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1027 - Obfuscated Files or Information
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 35.55
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1063 - Security Software Discovery
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 26.52
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1063 - Security Software Discovery
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1203 - Exploitation for Client Execution
  • T1601.001 - Patch System Image
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 40.22
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1051 - Shared Webroot
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1601.001 - Patch System Image
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 33.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1110.003 - Password Spraying
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA577

Score: 7.45
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 21.49
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1587.003 - Digital Certificates
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1055.013 - Process Doppelgänging
  • T1090 - Proxy
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 12.82
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1598.003 - Spearphishing Link
  • T1547.011 - Plist Modification
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
MITREへのリンク →

LazyScripter

Score: 15.36
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 45.61
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1055.013 - Process Doppelgänging
  • T1218.012 - Verclsid
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1562.001 - Disable or Modify Tools
  • T1027 - Obfuscated Files or Information
  • T1065 - Uncommonly Used Port
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 18.78
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1586.002 - Email Accounts
  • T1518.002 - Backup Software Discovery
  • T1598.004 - Spearphishing Voice
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Indrik Spider

Score: 15.98
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Molerats

Score: 7.71
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leafminer

Score: 16.26
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1562.012 - Disable or Modify Linux Audit System
  • T1101 - Security Support Provider
  • T1051 - Shared Webroot
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Mustang Panda

Score: 58.81
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1136.001 - Local Account
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1055.004 - Asynchronous Procedure Call
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1136.003 - Cloud Account
  • T1203 - Exploitation for Client Execution
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA578

Score: 5.35
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 7.71
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1543.003 - Windows Service
  • T1565.002 - Transmitted Data Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 25.16
Matched TTPs:
  • T1546.013 - PowerShell Profile
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1609 - Container Administration Command
  • T1657 - Financial Theft
  • T1157 - Dylib Hijacking
MITREへのリンク →

Daggerfly

Score: 5.72
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GALLIUM

Score: 12.98
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Dragonfly

Score: 36.26
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1657 - Financial Theft
  • T1041 - Exfiltration Over C2 Channel
  • T1059.001 - PowerShell
  • T1157 - Dylib Hijacking
  • T1531 - Account Access Removal
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
MITREへのリンク →

Agrius

Score: 7.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 27.56
Matched TTPs:
  • T1584.008 - Network Devices
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1038 - DLL Search Order Hijacking
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1556.009 - Conditional Access Policies
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 29.44
Matched TTPs:
  • T1584.008 - Network Devices
  • T1140 - Deobfuscate/Decode Files or Information
  • T1051 - Shared Webroot
  • T1059.001 - PowerShell
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1656 - Impersonation
  • T1519 - Emond
  • T1134 - Access Token Manipulation
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 22.58
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1587.003 - Digital Certificates
  • T1063 - Security Software Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.007 - Additional Local or Domain Groups
  • T1218 - System Binary Proxy Execution
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
MITREへのリンク →

Axiom

Score: 19.61
Matched TTPs:
  • T1499.003 - Application Exhaustion Flood
  • T1140 - Deobfuscate/Decode Files or Information
  • T1177 - LSASS Driver
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1157 - Dylib Hijacking
  • T1114.002 - Remote Email Collection
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RedCurl

Score: 22.89
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1562.012 - Disable or Modify Linux Audit System
  • T1090 - Proxy
  • T1051 - Shared Webroot
  • T1027.004 - Compile After Delivery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 12.62
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

Chimera

Score: 19.48
Matched TTPs:
  • T1587.003 - Digital Certificates
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1157 - Dylib Hijacking
  • T1059.003 - Windows Command Shell
  • T1601.001 - Patch System Image
  • T1132.002 - Non-Standard Encoding
  • T1134 - Access Token Manipulation
MITREへのリンク →

UNC3886

Score: 18.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

LuminousMoth

Score: 17.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1574.009 - Path Interception by Unquoted Path
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 9.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1110.003 - Password Spraying
MITREへのリンク →

Play

Score: 15.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1574.009 - Path Interception by Unquoted Path
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
MITREへのリンク →

Aoqin Dragon

Score: 5.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
MITREへのリンク →

Scattered Spider

Score: 55.47
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1583.001 - Domains
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1590.006 - Network Security Appliances
  • T1609 - Container Administration Command
  • T1051 - Shared Webroot
  • T1556.008 - Network Provider DLL
  • T1210 - Exploitation of Remote Services
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1027.002 - Software Packing
MITREへのリンク →

Storm-0501

Score: 15.41
Matched TTPs:
  • T1685.004 - Disable or Modify Linux Audit System Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1158 - Hidden Files and Directories
MITREへのリンク →

Gamaredon Group

Score: 36.72
Matched TTPs:
  • T1527 - Application Access Token
  • T1598.003 - Spearphishing Link
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1090 - Proxy
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1601.001 - Patch System Image
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 5.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 8.03
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 7.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 6.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 10.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 18.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1027.004 - Compile After Delivery
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 11.98
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 10.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 11.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 18.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1609 - Container Administration Command
  • T1584.005 - Botnet
  • T1157 - Dylib Hijacking
MITREへのリンク →

CURIUM

Score: 15.05
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 4.08
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
MITREへのリンク →

BRONZE BUTLER

Score: 11.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1597 - Search Closed Sources
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
  • T1134 - Access Token Manipulation
  • T1159 - Launch Agent
MITREへのリンク →

WIRTE

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

TA551

Score: 5.08
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1601.001 - Patch System Image
MITREへのリンク →

RTM

Score: 5.57
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Naikon

Score: 3.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1590.006 - Network Security Appliances
  • T1134 - Access Token Manipulation
MITREへのリンク →

APT12

Score: 5.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

SideCopy

Score: 17.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1590.006 - Network Security Appliances
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
  • T1159 - Launch Agent
MITREへのリンク →

Andariel

Score: 4.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1055.004 - Asynchronous Procedure Call
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 9.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.012 - Disable or Modify Linux Audit System
  • T1055.013 - Process Doppelgänging
  • T1027.004 - Compile After Delivery
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

IndigoZebra

Score: 7.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

DarkHydrus

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1531 - Account Access Removal
MITREへのリンク →

APT-C-36

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

HAFNIUM

Score: 16.85
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

Strider

Score: 8.26
Matched TTPs:
  • T1574.014 - AppDomainManager
  • T1130 - Install Root Certificate
MITREへのリンク →

LAPSUS$

Score: 30.77
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1562.012 - Disable or Modify Linux Audit System
  • T1019 - System Firmware
  • T1609 - Container Administration Command
  • T1556.008 - Network Provider DLL
  • T1157 - Dylib Hijacking
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1132.002 - Non-Standard Encoding
MITREへのリンク →

BlackByte

Score: 21.08
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1590.006 - Network Security Appliances
  • T1134.001 - Token Impersonation/Theft
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

Rocke

Score: 11.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1134 - Access Token Manipulation
MITREへのリンク →

BackdoorDiplomacy

Score: 5.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.21
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1601.001 - Patch System Image
MITREへのリンク →

Medusa Group

Score: 25.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1183 - Image File Execution Options Injection
  • T1590.006 - Network Security Appliances
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1598 - Phishing for Information
  • T1601.001 - Patch System Image
  • T1134 - Access Token Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1157 - Dylib Hijacking
  • T1027.004 - Compile After Delivery
MITREへのリンク →

ToddyCat

Score: 12.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 14.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1055.004 - Asynchronous Procedure Call
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Akira

Score: 14.23
Matched TTPs:
  • T1137.005 - Outlook Rules
  • T1586.002 - Email Accounts
  • T1597 - Search Closed Sources
  • T1157 - Dylib Hijacking
  • T1027 - Obfuscated Files or Information
  • T1134 - Access Token Manipulation
MITREへのリンク →

DarkVishnya

Score: 4.99
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Carbanak

Score: 6.36
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1009 - Binary Padding
  • T1157 - Dylib Hijacking
MITREへのリンク →

RedEcho

Score: 3.92
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Velvet Ant

Score: 12.40
Matched TTPs:
  • T1009 - Binary Padding
  • T1055.004 - Asynchronous Procedure Call
  • T1597 - Search Closed Sources
  • T1562.001 - Disable or Modify Tools
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

SilverTerrier

Score: 6.91
Matched TTPs:
  • T1131 - Authentication Package
  • T1041 - Exfiltration Over C2 Channel
MITREへのリンク →

Stealth Falcon

Score: 9.49
Matched TTPs:
  • T1562.012 - Disable or Modify Linux Audit System
  • T1590.006 - Network Security Appliances
  • T1055.013 - Process Doppelgänging
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

FIN5

Score: 8.05
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1055.013 - Process Doppelgänging
  • T1157 - Dylib Hijacking
  • T1134 - Access Token Manipulation
MITREへのリンク →

Lotus Blossom

Score: 8.59
Matched TTPs:
  • T1590.006 - Network Security Appliances
  • T1055.004 - Asynchronous Procedure Call
  • T1505 - Server Software Component
  • T1134 - Access Token Manipulation
MITREへのリンク →

Deep Panda

Score: 4.83
Matched TTPs:
  • T1177 - LSASS Driver
  • T1134 - Access Token Manipulation
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1055.013 - Process Doppelgänging
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

POLONIUM

Score: 3.44
Matched TTPs:
  • T1608.005 - Link Target
  • T1157 - Dylib Hijacking
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Aquatic Panda

Score: 3.66
Matched TTPs:
  • T1597 - Search Closed Sources
  • T1601.001 - Patch System Image
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.70
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1027.018 - Invisible Unicode
  • T1590.006 - Network Security Appliances
  • T1197 - BITS Jobs
  • T1131 - Authentication Package
  • T1051 - Shared Webroot
  • T1597 - Search Closed Sources
  • T1009 - Binary Padding
  • T1598.003 - Spearphishing Link
  • T1596.003 - Digital Certificates
  • T1027.004 - Compile After Delivery
  • T1218.012 - Verclsid
  • T1003.003 - NTDS
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1055.014 - VDSO Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1213.006 - Databases
  • T1546.013 - PowerShell Profile
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1565.002 - Transmitted Data Manipulation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1609 - Container Administration Command
  • T1562.012 - Disable or Modify Linux Audit System
  • T1041 - Exfiltration Over C2 Channel
  • T1132.002 - Non-Standard Encoding
  • T1601.001 - Patch System Image
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る