Trusted Design

A Look at Targeted Attacks Through the Lense of an NGO

概要

We present an empirical analysis of targeted attacks against a human-rights Non-Governmental Organization (NGO) representing a minority living in China. In particular, we analyze the social engineering techniques, attack vectors, and malware employed in malicious emails received by two members of the NGO over a four-year period. We find that both the language and topic of the emails were highly tailored to the victims, and that sender impersonation was commonly used to lure them into opening malicious attachments. We also show that the majority of attacks employed malicious documents with recent but disclosed vulnerabilities that tend to evade common defenses. Finally, we find that the NGO received malware from different families and that over a quarter of the malware can be linked to entities that have been reported to engage in targeted attacks against political and industrial organizations, and Tibetan NGOs.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 40.89
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 30.56
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
MITREへのリンク →

FIN4

Score: 7.81
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 15.37
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1656 - Impersonation
MITREへのリンク →

Sandworm Team

Score: 38.50
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 9.32
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Kimsuky

Score: 53.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1656 - Impersonation
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 8.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1144 - Gatekeeper Bypass
  • T1552.003 - Shell History
MITREへのリンク →

Moonstone Sleet

Score: 21.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 4.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
MITREへのリンク →

Lazarus Group

Score: 22.67
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 18.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 14.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1547.015 - Login Items
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 9.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 20.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 8.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 9.37
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 5.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 30.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

FIN7

Score: 13.05
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 17.01
Matched TTPs:
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 7.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 10.34
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mofang

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 11.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 16.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 4.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 7.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
MITREへのリンク →

APT33

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

ZIRCONIUM

Score: 10.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 18.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 24.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 6.20
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 7.92
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 10.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 9.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 16.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 5.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA577

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 7.63
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 8.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 10.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 8.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT39

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 7.27
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
MITREへのリンク →

APT28

Score: 28.03
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Star Blizzard

Score: 17.17
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
MITREへのリンク →

CURIUM

Score: 8.14
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 11.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Saint Bear

Score: 13.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 9.14
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

FIN6

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

WIRTE

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
MITREへのリンク →

menuPass

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Threat Group-3390

Score: 7.09
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 13.22
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1200 - Hardware Additions
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BITTER

Score: 7.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 8.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 6.14
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT41

Score: 5.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Gorgon Group

Score: 5.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1114.003 - Email Forwarding Rule
MITREへのリンク →

APT19

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Malteiro

Score: 7.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

SideCopy

Score: 6.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Andariel

Score: 8.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

IndigoZebra

Score: 5.55
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
MITREへのリンク →

DarkHydrus

Score: 4.03
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 5.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 9.45
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
MITREへのリンク →

LAPSUS$

Score: 17.56
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1122 - Component Object Model Hijacking
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

BlackByte

Score: 9.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Medusa Group

Score: 11.36
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Volt Typhoon

Score: 9.09
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
MITREへのリンク →

HAFNIUM

Score: 7.28
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Aquatic Panda

Score: 6.30
Matched TTPs:
  • T1144 - Gatekeeper Bypass
  • T1136.002 - Domain Account
MITREへのリンク →

Rocke

Score: 4.13
Matched TTPs:
  • T1114.003 - Email Forwarding Rule
MITREへのリンク →

INC Ransom

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Storm-0501

Score: 8.89
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

PROMETHIUM

Score: 4.13
Matched TTPs:
  • T1547.015 - Login Items
MITREへのリンク →

APT17

Score: 5.45
Matched TTPs:
  • T1608.005 - Link Target
  • T1656 - Impersonation
MITREへのリンク →

POLONIUM

Score: 4.76
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.03
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sea Turtle

Score: 7.52
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 9.32
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

Fox Kitten

Score: 3.44
Matched TTPs:
  • T1656 - Impersonation
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1030 - Data Transfer Size Limits
  • T1027.014 - Polymorphic Code
  • T1024 - Custom Cryptographic Protocol
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1690 - Prevent Command History Logging
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1027.018 - Invisible Unicode
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1656 - Impersonation
  • T1102.003 - One-Way Communication
MITREへのリンク →

Sandworm Team

Score: 0.64
Matched TTPs:
  • T1005 - Data from Local System
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1564.008 - Email Hiding Rules
  • T1122 - Component Object Model Hijacking
  • T1027.018 - Invisible Unicode
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1183 - Image File Execution Options Injection
  • T1598.003 - Spearphishing Link
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1091 - Replication Through Removable Media
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
MITREへのリンク →

Contagious Interview

Score: 0.62
Matched TTPs:
  • T1547.008 - LSASS Driver
  • T1030 - Data Transfer Size Limits
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
  • T1552.003 - Shell History
  • T1690 - Prevent Command History Logging
  • T1656 - Impersonation
  • T1606.002 - SAML Tokens
  • T1183 - Image File Execution Options Injection
  • T1102.003 - One-Way Communication
  • T1021.006 - Windows Remote Management
  • T1091 - Replication Through Removable Media
  • T1044 - File System Permissions Weakness
  • T1562.010 - Downgrade Attack
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る