Pulse Detail-

VENOM: VM Escape (virtual floppy drive 0day)

概要

VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host. Absent mitigation, this VM escape could open access to the host system and all other VMs running on that host, potentially giving adversaries significant elevated access to the host’s local network and adjacent systems. Exploitation of the VENOM vulnerability can expose access to corporate intellectual property (IP), in addition to sensitive and personally identifiable information (PII), potentially impacting the thousands of organizations and millions of end users that rely on affected VMs for the allocation of shared computing resources, as well as connectivity, storage, security, and privacy.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

ZeusVM: Bits and Pieces (score: 0.58)
Locky Ransomware Spreads via Flash and Windows Kernel Exploits (score: 0.53)
Malicious VBScript file delivers Pony Loader (score: 0.53)
iOS Sandbox Vulnerability Puts Enterprise Data at Risk (score: 0.53)
Financial Threat Group Targets Volume Boot Record (score: 0.53)

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 33.64

Matched TTPs:

T1564.008 - Email Hiding Rules
T1578 - Modify Cloud Compute Infrastructure
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1175 - Component Object Model and Distributed COM
T1059.001 - PowerShell
T1218.010 - Regsvr32
T1056 - Input Capture
T1656 - Impersonation
T1209 - Time Providers
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 30.06

Matched TTPs:

T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1686.003 - Windows Host Firewall
T1120 - Peripheral Device Discovery
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1075 - Pass the Hash

MITREへのリンク →

Silent Librarian

Score: 4.47

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1199 - Trusted Relationship

MITREへのリンク →

Magic Hound

Score: 22.28

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1120 - Peripheral Device Discovery
T1070.003 - Clear Command History
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1683 - Generate Content
T1187 - Forced Authentication
T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

Scattered Spider

Score: 12.24

Matched TTPs:

T1578 - Modify Cloud Compute Infrastructure
T1120 - Peripheral Device Discovery
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1056 - Input Capture

MITREへのリンク →

OilRig

Score: 20.41

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1606.002 - SAML Tokens
T1562.009 - Safe Mode Boot
T1120 - Peripheral Device Discovery
T1005 - Data from Local System
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1209 - Time Providers

MITREへのリンク →

Gamaredon Group

Score: 22.14

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1562.009 - Safe Mode Boot
T1120 - Peripheral Device Discovery
T1175 - Component Object Model and Distributed COM
T1606.001 - Web Cookies
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1059.013 - Container CLI/API

MITREへのリンク →

APT28

Score: 37.81

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1140 - Deobfuscate/Decode Files or Information
T1175 - Component Object Model and Distributed COM
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

Turla

Score: 22.90

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1176 - Software Extensions
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1056 - Input Capture
T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

Kimsuky

Score: 22.76

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1056 - Input Capture
T1656 - Impersonation
T1537 - Transfer Data to Cloud Account
T1665 - Hide Infrastructure
T1003.003 - NTDS
T1490 - Inhibit System Recovery

MITREへのリンク →

FIN13

Score: 14.59

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1053.006 - Systemd Timers
T1209 - Time Providers
T1105 - Ingress Tool Transfer

MITREへのリンク →

Moonstone Sleet

Score: 5.82

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1175 - Component Object Model and Distributed COM

MITREへのリンク →

Indrik Spider

Score: 4.11

Matched TTPs:

T1606.002 - SAML Tokens
T1056 - Input Capture

MITREへのリンク →

Lazarus Group

Score: 26.27

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1606.001 - Web Cookies
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure
T1216 - System Script Proxy Execution

MITREへのリンク →

Contagious Interview

Score: 15.97

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1175 - Component Object Model and Distributed COM
T1064 - Scripting
T1199 - Trusted Relationship
T1056 - Input Capture
T1656 - Impersonation

MITREへのリンク →

UNC3886

Score: 44.13

Matched TTPs:

T1606.002 - SAML Tokens
T1689 - Downgrade Attack
T1140 - Deobfuscate/Decode Files or Information
T1090.002 - External Proxy
T1136.002 - Domain Account
T1547.015 - Login Items
T1606 - Forge Web Credentials
T1039 - Data from Network Shared Drive
T1488 - Disk Content Wipe
T1218.010 - Regsvr32
T1546.002 - Screensaver
T1219.002 - Remote Desktop Software
T1003.006 - DCSync

MITREへのリンク →

LuminousMoth

Score: 10.08

Matched TTPs:

T1606.002 - SAML Tokens
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1056 - Input Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

Salt Typhoon

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

APT29

Score: 32.01

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1683 - Generate Content
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1555.004 - Windows Credential Manager
T1219.002 - Remote Desktop Software
T1537 - Transfer Data to Cloud Account
T1490 - Inhibit System Recovery

MITREへのリンク →

Play

Score: 8.29

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

Aoqin Dragon

Score: 6.49

Matched TTPs:

T1606.002 - SAML Tokens
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

RedCurl

Score: 13.51

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1122 - Component Object Model Hijacking
T1542.004 - ROMMONkit
T1209 - Time Providers
T1105 - Ingress Tool Transfer

MITREへのリンク →

Moses Staff

Score: 5.62

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Ke3chang

Score: 9.47

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 28.04

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1136.001 - Local Account
T1562.006 - Indicator Blocking
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1056 - Input Capture
T1209 - Time Providers
T1159 - Launch Agent
T1055.005 - Thread Local Storage
T1105 - Ingress Tool Transfer

MITREへのリンク →

TeamTNT

Score: 14.49

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1153 - Source
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers
T1665 - Hide Infrastructure

MITREへのリンク →

FIN7

Score: 19.84

Matched TTPs:

T1606.002 - SAML Tokens
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1564.002 - Hidden Users
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1056 - Input Capture
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Medusa Group

Score: 17.52

Matched TTPs:

T1036.008 - Masquerade File Type
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1056 - Input Capture
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers
T1216 - System Script Proxy Execution

MITREへのリンク →

Evilnum

Score: 3.44

Matched TTPs:

T1562.009 - Safe Mode Boot

MITREへのリンク →

Volt Typhoon

Score: 33.21

Matched TTPs:

T1562.009 - Safe Mode Boot
T1686.003 - Windows Host Firewall
T1176 - Software Extensions
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1488 - Disk Content Wipe
T1584.002 - DNS Server
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers
T1159 - Launch Agent
T1665 - Hide Infrastructure

MITREへのリンク →

Darkhotel

Score: 15.88

Matched TTPs:

T1562.009 - Safe Mode Boot
T1120 - Peripheral Device Discovery
T1064 - Scripting
T1564.002 - Hidden Users
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Storm-0501

Score: 10.59

Matched TTPs:

T1686.003 - Windows Host Firewall
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1056 - Input Capture
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

HAFNIUM

Score: 24.16

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1175 - Component Object Model and Distributed COM
T1122 - Component Object Model Hijacking
T1039 - Data from Network Shared Drive
T1056 - Input Capture
T1105 - Ingress Tool Transfer
T1055.008 - Ptrace System Calls
T1490 - Inhibit System Recovery

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Windigo

Score: 5.72

Matched TTPs:

T1120 - Peripheral Device Discovery
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

BlackByte

Score: 17.04

Matched TTPs:

T1120 - Peripheral Device Discovery
T1070.003 - Clear Command History
T1140 - Deobfuscate/Decode Files or Information
T1175 - Component Object Model and Distributed COM
T1606.001 - Web Cookies
T1039 - Data from Network Shared Drive
T1209 - Time Providers

MITREへのリンク →

ZIRCONIUM

Score: 7.37

Matched TTPs:

T1120 - Peripheral Device Discovery
T1039 - Data from Network Shared Drive
T1056 - Input Capture
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

APT41

Score: 8.84

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers

MITREへのリンク →

Blue Mockingbird

Score: 3.52

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

HEXANE

Score: 6.81

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1056 - Input Capture
T1159 - Launch Agent

MITREへのリンク →

TA2541

Score: 6.57

Matched TTPs:

T1120 - Peripheral Device Discovery
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Rocke

Score: 16.91

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1114.003 - Email Forwarding Rule
T1059.013 - Container CLI/API
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT37

Score: 8.09

Matched TTPs:

T1120 - Peripheral Device Discovery
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1216 - System Script Proxy Execution

MITREへのリンク →

APT32

Score: 14.51

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1209 - Time Providers
T1105 - Ingress Tool Transfer
T1490 - Inhibit System Recovery

MITREへのリンク →

Inception

Score: 6.29

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

Higaisa

Score: 5.53

Matched TTPs:

T1120 - Peripheral Device Discovery
T1218.010 - Regsvr32
T1665 - Hide Infrastructure

MITREへのリンク →

CURIUM

Score: 5.49

Matched TTPs:

T1120 - Peripheral Device Discovery
T1175 - Component Object Model and Distributed COM
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT38

Score: 9.49

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1216 - System Script Proxy Execution

MITREへのリンク →

MuddyWater

Score: 14.13

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1159 - Launch Agent

MITREへのリンク →

APT3

Score: 4.75

Matched TTPs:

T1120 - Peripheral Device Discovery
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Sidewinder

Score: 5.45

Matched TTPs:

T1120 - Peripheral Device Discovery
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

APT42

Score: 4.58

Matched TTPs:

T1120 - Peripheral Device Discovery
T1175 - Component Object Model and Distributed COM
T1199 - Trusted Relationship

MITREへのリンク →

SideCopy

Score: 8.08

Matched TTPs:

T1120 - Peripheral Device Discovery
T1584.002 - DNS Server
T1159 - Launch Agent

MITREへのリンク →

APT19

Score: 3.82

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1059.012 - Hypervisor CLI

MITREへのリンク →

FIN8

Score: 4.15

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive

MITREへのリンク →

Tropic Trooper

Score: 19.00

Matched TTPs:

T1120 - Peripheral Device Discovery
T1683 - Generate Content
T1218.010 - Regsvr32
T1209 - Time Providers
T1159 - Launch Agent
T1105 - Ingress Tool Transfer
T1665 - Hide Infrastructure
T1490 - Inhibit System Recovery

MITREへのリンク →

Aquatic Panda

Score: 4.51

Matched TTPs:

T1120 - Peripheral Device Discovery
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Winter Vivern

Score: 6.96

Matched TTPs:

T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1175 - Component Object Model and Distributed COM
T1059.012 - Hypervisor CLI

MITREへのリンク →

Sowbug

Score: 4.24

Matched TTPs:

T1120 - Peripheral Device Discovery
T1542.004 - ROMMONkit

MITREへのリンク →

Wizard Spider

Score: 6.81

Matched TTPs:

T1120 - Peripheral Device Discovery
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1056 - Input Capture

MITREへのリンク →

Patchwork

Score: 10.20

Matched TTPs:

T1120 - Peripheral Device Discovery
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1665 - Hide Infrastructure

MITREへのリンク →

Windshift

Score: 5.72

Matched TTPs:

T1120 - Peripheral Device Discovery
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

Threat Group-3390

Score: 19.00

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1056 - Input Capture
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers

MITREへのリンク →

BackdoorDiplomacy

Score: 6.54

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.22

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking

MITREへのリンク →

BlackTech

Score: 5.58

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1209 - Time Providers

MITREへのリンク →

Sea Turtle

Score: 15.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1175 - Component Object Model and Distributed COM
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1490 - Inhibit System Recovery

MITREへのリンク →

Fox Kitten

Score: 12.45

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1542.004 - ROMMONkit
T1656 - Impersonation
T1209 - Time Providers

MITREへのリンク →

Cinnamon Tempest

Score: 4.33

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1056 - Input Capture

MITREへのリンク →

Agrius

Score: 3.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers

MITREへのリンク →

menuPass

Score: 12.61

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.001 - PowerShell
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1209 - Time Providers

MITREへのリンク →

ToddyCat

Score: 6.32

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1056 - Input Capture
T1665 - Hide Infrastructure

MITREへのリンク →

GALLIUM

Score: 4.37

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Earth Lusca

Score: 11.30

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1056 - Input Capture
T1059.012 - Hypervisor CLI

MITREへのリンク →

Leviathan

Score: 10.59

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1488 - Disk Content Wipe
T1218.010 - Regsvr32
T1056 - Input Capture
T1059.012 - Hypervisor CLI

MITREへのリンク →

INC Ransom

Score: 4.08

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

Dragonfly

Score: 10.85

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1175 - Component Object Model and Distributed COM
T1059.001 - PowerShell
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Axiom

Score: 11.79

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1175 - Component Object Model and Distributed COM
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1160 - Launch Daemon

MITREへのリンク →

APT39

Score: 6.14

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers

MITREへのリンク →

LAPSUS$

Score: 10.67

Matched TTPs:

T1136.002 - Domain Account
T1175 - Component Object Model and Distributed COM
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

APT1

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Andariel

Score: 9.56

Matched TTPs:

T1136.002 - Domain Account
T1187 - Forced Authentication
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

TA505

Score: 5.36

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Equation

Score: 8.67

Matched TTPs:

T1589.003 - Employee Names
T1130 - Install Root Certificate

MITREへのリンク →

Gorgon Group

Score: 4.98

Matched TTPs:

T1114.003 - Email Forwarding Rule
T1199 - Trusted Relationship

MITREへのリンク →

Saint Bear

Score: 7.39

Matched TTPs:

T1064 - Scripting
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

PROMETHIUM

Score: 8.56

Matched TTPs:

T1547.015 - Login Items
T1059.012 - Hypervisor CLI
T1490 - Inhibit System Recovery

MITREへのリンク →

Tonto Team

Score: 6.34

Matched TTPs:

T1059.001 - PowerShell
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32

MITREへのリンク →

POLONIUM

Score: 5.61

Matched TTPs:

T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1056 - Input Capture

MITREへのリンク →

DarkVishnya

Score: 7.15

Matched TTPs:

T1199 - Trusted Relationship
T1213.003 - Code Repositories
T1209 - Time Providers

MITREへのリンク →

BITTER

Score: 8.06

Matched TTPs:

T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1683 - Generate Content
T1218.010 - Regsvr32

MITREへのリンク →

Leafminer

Score: 4.38

Matched TTPs:

T1199 - Trusted Relationship
T1059.012 - Hypervisor CLI
T1209 - Time Providers

MITREへのリンク →

BRONZE BUTLER

Score: 9.89

Matched TTPs:

T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1159 - Launch Agent

MITREへのリンク →

FIN6

Score: 4.71

Matched TTPs:

T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1209 - Time Providers

MITREへのリンク →

Cobalt Group

Score: 6.20

Matched TTPs:

T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32
T1209 - Time Providers

MITREへのリンク →

FIN10

Score: 3.52

Matched TTPs:

T1199 - Trusted Relationship
T1490 - Inhibit System Recovery

MITREへのリンク →

APT33

Score: 4.44

Matched TTPs:

T1199 - Trusted Relationship
T1039 - Data from Network Shared Drive
T1218.010 - Regsvr32

MITREへのリンク →

Chimera

Score: 10.49

Matched TTPs:

T1199 - Trusted Relationship
T1542.004 - ROMMONkit
T1056 - Input Capture
T1209 - Time Providers
T1665 - Hide Infrastructure

MITREへのリンク →

PLATINUM

Score: 3.86

Matched TTPs:

T1039 - Data from Network Shared Drive
T1059.012 - Hypervisor CLI

MITREへのリンク →

MoustachedBouncer

Score: 4.15

Matched TTPs:

T1039 - Data from Network Shared Drive
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

The White Company

Score: 3.55

Matched TTPs:

T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Confucius

Score: 6.34

Matched TTPs:

T1218.010 - Regsvr32
T1056 - Input Capture
T1665 - Hide Infrastructure

MITREへのリンク →

Transparent Tribe

Score: 5.92

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1105 - Ingress Tool Transfer

MITREへのリンク →

Elderwood

Score: 5.31

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1656 - Impersonation

MITREへのリンク →

Dark Caracal

Score: 3.82

Matched TTPs:

T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Velvet Ant

Score: 10.64

Matched TTPs:

T1219.002 - Remote Desktop Software
T1490 - Inhibit System Recovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

UNC3886

Score: 0.86

Matched TTPs:

T1689 - Downgrade Attack
T1090.002 - External Proxy
T1136.002 - Domain Account
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1606.002 - SAML Tokens
T1547.015 - Login Items
T1606 - Forge Web Credentials
T1488 - Disk Content Wipe
T1003.006 - DCSync
T1219.002 - Remote Desktop Software
T1039 - Data from Network Shared Drive
T1546.002 - Screensaver

MITREへのリンク →

APT28

Score: 0.69

Matched TTPs:

T1552.005 - Cloud Instance Metadata API
T1105 - Ingress Tool Transfer
T1218.010 - Regsvr32
T1140 - Deobfuscate/Decode Files or Information
T1546.007 - Netsh Helper DLL
T1059.012 - Hypervisor CLI
T1122 - Component Object Model Hijacking
T1566.003 - Spearphishing via Service
T1175 - Component Object Model and Distributed COM
T1542.004 - ROMMONkit
T1059.001 - PowerShell
T1039 - Data from Network Shared Drive
T1055.008 - Ptrace System Calls
T1199 - Trusted Relationship

MITREへのリンク →

Volt Typhoon

Score: 0.66

Matched TTPs:

T1686.003 - Windows Host Firewall
T1140 - Deobfuscate/Decode Files or Information
T1584.002 - DNS Server
T1665 - Hide Infrastructure
T1488 - Disk Content Wipe
T1562.009 - Safe Mode Boot
T1039 - Data from Network Shared Drive
T1537 - Transfer Data to Cloud Account
T1209 - Time Providers
T1199 - Trusted Relationship
T1176 - Software Extensions
T1159 - Launch Agent

MITREへのリンク →

Ember Bear

Score: 0.60

Matched TTPs:

T1218.010 - Regsvr32
T1136.002 - Domain Account
T1140 - Deobfuscate/Decode Files or Information
T1578 - Modify Cloud Compute Infrastructure
T1056 - Input Capture
T1656 - Impersonation
T1003.003 - NTDS
T1005 - Data from Local System
T1175 - Component Object Model and Distributed COM
T1059.001 - PowerShell
T1209 - Time Providers
T1564.008 - Email Hiding Rules

MITREへのリンク →

Sandworm Team

Score: 0.59

Matched TTPs:

T1686.003 - Windows Host Firewall
T1120 - Peripheral Device Discovery
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1075 - Pass the Hash
T1606.002 - SAML Tokens
T1122 - Component Object Model Hijacking
T1005 - Data from Local System
T1187 - Forced Authentication
T1199 - Trusted Relationship
T1564.008 - Email Hiding Rules

MITREへのリンク →

APT29

Score: 0.59

Matched TTPs:

T1218.009 - Regsvcs/Regasm
T1218.010 - Regsvr32
T1140 - Deobfuscate/Decode Files or Information
T1606.002 - SAML Tokens
T1555.004 - Windows Credential Manager
T1122 - Component Object Model Hijacking
T1219.002 - Remote Desktop Software
T1683 - Generate Content
T1039 - Data from Network Shared Drive
T1537 - Transfer Data to Cloud Account
T1490 - Inhibit System Recovery
T1199 - Trusted Relationship

MITREへのリンク →

Related CVEs

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

VENOM: VM Escape (virtual floppy drive 0day)

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ