Trusted Design

SPEAR: A Threat Actor Resurfaces

概要

Several months ago I examined a malware-tainted Word document titled “ISIS_twitter_list.doc.” I didn’t think much of it and quickly moved on after a cursory analysis. Yet I recently uncovered evidence that suggests it was the work of a well-known Chinese threat group. This group is known to have targeted U.S. government agencies, defense contractors, aerospace firms and foreign militaries since 2009. Until now, it was widely believed the actor's activities had largely subsided in 2013, following numerous public disclosures and detailed analyses of their backdoors.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 4.13
Matched TTPs:
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Sandworm Team

Score: 14.06
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1566.002 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Sidewinder

Score: 6.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
MITREへのリンク →

Mustang Panda

Score: 11.13
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1169 - Sudo
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 12.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1690 - Prevent Command History Logging
  • T1665 - Hide Infrastructure
MITREへのリンク →

Magic Hound

Score: 4.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT28

Score: 8.90
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1200 - Hardware Additions
MITREへのリンク →

Star Blizzard

Score: 6.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
MITREへのリンク →

Moonstone Sleet

Score: 8.27
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1057 - Process Discovery
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 4.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 13.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1200 - Hardware Additions
MITREへのリンク →

Patchwork

Score: 5.29
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1665 - Hide Infrastructure
MITREへのリンク →

UNC3886

Score: 4.13
Matched TTPs:
  • T1021.006 - Windows Remote Management
MITREへのリンク →

Contagious Interview

Score: 10.50
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

LAPSUS$

Score: 7.47
Matched TTPs:
  • T1193 - Spearphishing Attachment
  • T1065 - Uncommonly Used Port
MITREへのリンク →

HAFNIUM

Score: 3.62
Matched TTPs:
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Axiom

Score: 3.62
Matched TTPs:
  • T1049 - System Network Connections Discovery
MITREへのリンク →

Volt Typhoon

Score: 13.36
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1065 - Uncommonly Used Port
  • T1665 - Hide Infrastructure
MITREへのリンク →

SideCopy

Score: 3.62
Matched TTPs:
  • T1657 - Financial Theft
MITREへのリンク →

APT33

Score: 4.13
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
MITREへのリンク →

Wizard Spider

Score: 4.13
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
MITREへのリンク →

Lazarus Group

Score: 12.77
Matched TTPs:
  • T1057 - Process Discovery
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 6.91
Matched TTPs:
  • T1057 - Process Discovery
  • T1065 - Uncommonly Used Port
MITREへのリンク →

EXOTIC LILY

Score: 6.37
Matched TTPs:
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 8.73
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1200 - Hardware Additions
  • T1665 - Hide Infrastructure
MITREへのリンク →

OilRig

Score: 5.27
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN6

Score: 5.27
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT29

Score: 7.06
Matched TTPs:
  • T1546.018 - Python Startup Hooks
  • T1547.008 - LSASS Driver
MITREへのリンク →

HEXANE

Score: 3.62
Matched TTPs:
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Confucius

Score: 5.98
Matched TTPs:
  • T1200 - Hardware Additions
  • T1665 - Hide Infrastructure
MITREへのリンク →

Gamaredon Group

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

Inception

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

DarkHydrus

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

ToddyCat

Score: 5.36
Matched TTPs:
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.85
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1049 - System Network Connections Discovery
  • T1193 - Spearphishing Attachment
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Volt Typhoon

Score: 0.80
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1065 - Uncommonly Used Port
  • T1665 - Hide Infrastructure
  • T1057 - Process Discovery
MITREへのリンク →

Lazarus Group

Score: 0.79
Matched TTPs:
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
  • T1057 - Process Discovery
MITREへのリンク →

Dragonfly

Score: 0.77
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1193 - Spearphishing Attachment
  • T1200 - Hardware Additions
MITREへのリンク →

Kimsuky

Score: 0.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1665 - Hide Infrastructure
  • T1690 - Prevent Command History Logging
  • T1057 - Process Discovery
MITREへのリンク →

Mustang Panda

Score: 0.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1055.005 - Thread Local Storage
  • T1169 - Sudo
MITREへのリンク →

Contagious Interview

Score: 0.62
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1547.008 - LSASS Driver
  • T1690 - Prevent Command History Logging
MITREへのリンク →

APT28

Score: 0.59
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1200 - Hardware Additions
  • T1057 - Process Discovery
MITREへのリンク →

Tropic Trooper

Score: 0.58
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1200 - Hardware Additions
  • T1665 - Hide Infrastructure
MITREへのリンク →

Moonstone Sleet

Score: 0.55
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1547.008 - LSASS Driver
  • T1057 - Process Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る