Trusted Design

Targeted Crimeware in the Midst of Indiscriminate Activity

概要

Although we have observed low volume spam campaigns by some cybercriminals who have purchased MWI, we recently discovered spearphishing emails by one group using MWI to direct an attack against point-of-sale (POS) service providers. Despite the targeted nature of the spearphishing emails, the payload was the widely distributed Vawktrak banking Trojan. In addition, we found that the infrastructure used in this case overlaps with FindPOS/PoSeidon as well as Chanitor and sits amidst a cluster of largely indiscriminate malicious activity.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 19.06
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Scattered Spider

Score: 29.49
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1560.003 - Archive via Custom Method
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
MITREへのリンク →

FIN4

Score: 6.45
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Ember Bear

Score: 23.34
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1578 - Modify Cloud Compute Infrastructure
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 42.12
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Mustard Tempest

Score: 7.96
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT41

Score: 13.44
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 10.04
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

Volt Typhoon

Score: 19.85
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1546.016 - Installer Packages
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT3

Score: 6.23
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN13

Score: 9.46
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
MITREへのリンク →

Silent Librarian

Score: 10.89
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
MITREへのリンク →

Magic Hound

Score: 24.85
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1187 - Forced Authentication
  • T1547.008 - LSASS Driver
MITREへのリンク →

BlackTech

Score: 5.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 7.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 5.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

Confucius

Score: 8.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
MITREへのリンク →

Kimsuky

Score: 50.99
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sidewinder

Score: 9.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN7

Score: 7.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
MITREへのリンク →

Transparent Tribe

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustang Panda

Score: 18.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 18.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 7.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
MITREへのリンク →

Lazarus Group

Score: 18.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Leviathan

Score: 16.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

APT33

Score: 7.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.001 - Exfiltration to Code Repository
  • T1218.010 - Regsvr32
MITREへのリンク →

ZIRCONIUM

Score: 11.54
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
MITREへのリンク →

EXOTIC LILY

Score: 16.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 17.01
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 7.03
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

APT29

Score: 16.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA2541

Score: 8.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

Earth Lusca

Score: 15.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1546.016 - Installer Packages
MITREへのリンク →

RedCurl

Score: 6.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1055.009 - Proc Memory
MITREへのリンク →

Storm-1811

Score: 18.27
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 12.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1546.016 - Installer Packages
MITREへのリンク →

Wizard Spider

Score: 8.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1567.001 - Exfiltration to Code Repository
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

Patchwork

Score: 12.39
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
  • T1008 - Fallback Channels
MITREへのリンク →

LazyScripter

Score: 10.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 8.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT39

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT28

Score: 16.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
MITREへのリンク →

Star Blizzard

Score: 17.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
MITREへのリンク →

Moonstone Sleet

Score: 16.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 11.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 16.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Saint Bear

Score: 11.91
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Tropic Trooper

Score: 5.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN6

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 11.68
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1008 - Fallback Channels
MITREへのリンク →

menuPass

Score: 4.53
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Threat Group-3390

Score: 5.81
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 8.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

BITTER

Score: 4.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 5.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
MITREへのリンク →

RTM

Score: 4.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 8.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Higaisa

Score: 5.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 6.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Andariel

Score: 8.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

IndigoZebra

Score: 5.55
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
MITREへのリンク →

PLATINUM

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

HAFNIUM

Score: 13.47
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Ke3chang

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

HEXANE

Score: 13.07
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

TeamTNT

Score: 6.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1665 - Hide Infrastructure
MITREへのリンク →

BlackByte

Score: 3.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Contagious Interview

Score: 27.80
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 4.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1008 - Fallback Channels
MITREへのリンク →

BackdoorDiplomacy

Score: 3.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 17.37
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1598 - Phishing for Information
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 6.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Storm-0501

Score: 7.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1055.009 - Proc Memory
MITREへのリンク →

Cinnamon Tempest

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

Agrius

Score: 3.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

ToddyCat

Score: 6.83
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

INC Ransom

Score: 11.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1055.009 - Proc Memory
MITREへのリンク →

UNC3886

Score: 9.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 14.41
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

Play

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

Aoqin Dragon

Score: 3.68
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Indrik Spider

Score: 5.12
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1546.016 - Installer Packages
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1102.003 - One-Way Communication
  • T1183 - Image File Execution Options Injection
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1055.014 - VDSO Hijacking
  • T1030 - Data Transfer Size Limits
  • T1608.005 - Link Target
  • T1690 - Prevent Command History Logging
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1024 - Custom Cryptographic Protocol
  • T1598.003 - Spearphishing Link
  • T1665 - Hide Infrastructure
  • T1197 - BITS Jobs
  • T1008 - Fallback Channels
  • T1552.003 - Shell History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.003 - NTDS
  • T1134.002 - Create Process with Token
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1183 - Image File Execution Options Injection
  • T1543.003 - Windows Service
  • T1134.002 - Create Process with Token
  • T1187 - Forced Authentication
  • T1546.016 - Installer Packages
  • T1091 - Replication Through Removable Media
  • T1566.002 - Spearphishing Link
  • T1564.008 - Email Hiding Rules
  • T1193 - Spearphishing Attachment
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る