Trusted Design

Evoltin POS Malware Attacks via Macro

概要

Over the past couple of months McAfee Labs has seen an increase in the usage of macros to deliver malware. This kind of malware, as mentioned in previous posts (Dridex, Bartallex), usually arrives as an attached document within a phishing email. Recently McAfee labs came across a point-of-sale (POS) malware that spreads through malicious macros inside a doc file. This macro comes into users’ systems through a spam email with subjects such as "My Resume," "Openings," Internship," etc. and an attached Microsoft Word file, some with names like these:

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 27.05
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1578.001 - Create Snapshot
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
MITREへのリンク →

Moonstone Sleet

Score: 13.02
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1197 - BITS Jobs
MITREへのリンク →

Contagious Interview

Score: 15.34
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
MITREへのリンク →

Scattered Spider

Score: 14.16
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1136.002 - Domain Account
  • T1197 - BITS Jobs
  • T1557.002 - ARP Cache Poisoning
MITREへのリンク →

FIN4

Score: 8.64
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Kimsuky

Score: 17.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1197 - BITS Jobs
  • T1027.010 - Command Obfuscation
MITREへのリンク →

FIN13

Score: 8.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1588.001 - Malware
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 14.61
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1027.010 - Command Obfuscation
MITREへのリンク →

UNC3886

Score: 14.87
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1588.001 - Malware
  • T1547.015 - Login Items
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 10.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 10.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT29

Score: 6.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Aoqin Dragon

Score: 4.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 9.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 10.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustang Panda

Score: 16.87
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

FIN7

Score: 23.22
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1588.001 - Malware
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
  • T1578.001 - Create Snapshot
MITREへのリンク →

Cobalt Group

Score: 8.75
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

MuddyWater

Score: 16.91
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558.001 - Golden Ticket
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Sidewinder

Score: 14.97
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT28

Score: 23.83
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT37

Score: 10.93
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Gallmaker

Score: 4.41
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Leviathan

Score: 11.90
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 9.97
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
MITREへのリンク →

TA505

Score: 11.69
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Patchwork

Score: 8.75
Matched TTPs:
  • T1206 - Sudo Caching
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Malteiro

Score: 3.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 4.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Elderwood

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 8.67
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 13.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1200 - Hardware Additions
MITREへのリンク →

WIRTE

Score: 3.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT-C-36

Score: 5.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1027.010 - Command Obfuscation
MITREへのリンク →

CURIUM

Score: 4.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
MITREへのリンク →

Tropic Trooper

Score: 8.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

DarkHydrus

Score: 4.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 6.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 4.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1027.010 - Command Obfuscation
MITREへのリンク →

FIN8

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Threat Group-3390

Score: 8.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

LazyScripter

Score: 8.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
MITREへのリンク →

PROMETHIUM

Score: 7.02
Matched TTPs:
  • T1087.002 - Domain Account
  • T1588.001 - Malware
  • T1547.015 - Login Items
MITREへのリンク →

APT39

Score: 9.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Star Blizzard

Score: 7.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Higaisa

Score: 12.40
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

Rancor

Score: 3.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Wizard Spider

Score: 5.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
MITREへのリンク →

Magic Hound

Score: 9.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1588.001 - Malware
  • T1578.002 - Create Cloud Instance
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Storm-1811

Score: 5.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

Inception

Score: 7.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1027.010 - Command Obfuscation
MITREへのリンク →

EXOTIC LILY

Score: 6.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 3.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
MITREへのリンク →

TA459

Score: 4.56
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Gorgon Group

Score: 3.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

TA2541

Score: 12.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 8.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
MITREへのリンク →

SideCopy

Score: 8.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Mofang

Score: 6.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Andariel

Score: 5.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 7.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 6.69
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Naikon

Score: 8.30
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1552.002 - Credentials in Registry
  • T1588.001 - Malware
MITREへのリンク →

Molerats

Score: 7.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 14.96
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.013 - Container CLI/API
  • T1200 - Hardware Additions
  • T1027.010 - Command Obfuscation
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 5.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT32

Score: 12.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

The White Company

Score: 5.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT33

Score: 6.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Silence

Score: 3.07
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Confucius

Score: 9.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1027.010 - Command Obfuscation
MITREへのリンク →

BlackTech

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 4.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Mustard Tempest

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT3

Score: 6.56
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

APT1

Score: 4.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
MITREへのリンク →

ZIRCONIUM

Score: 9.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.001 - Malware
  • T1197 - BITS Jobs
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT42

Score: 4.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT41

Score: 4.46
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
MITREへのリンク →

Ember Bear

Score: 3.95
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

LAPSUS$

Score: 6.59
Matched TTPs:
  • T1136.002 - Domain Account
  • T1557.002 - ARP Cache Poisoning
MITREへのリンク →

Aquatic Panda

Score: 4.55
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.001 - Malware
MITREへのリンク →

BackdoorDiplomacy

Score: 4.55
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.001 - Malware
MITREへのリンク →

INC Ransom

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sea Turtle

Score: 8.40
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Axiom

Score: 4.78
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Rocke

Score: 6.29
Matched TTPs:
  • T1059.013 - Container CLI/API
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HAFNIUM

Score: 6.80
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Medusa Group

Score: 8.16
Matched TTPs:
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.77
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1132.001 - Standard Encoding
  • T1578.001 - Create Snapshot
  • T1588.001 - Malware
  • T1216 - System Script Proxy Execution
  • T1105 - Ingress Tool Transfer
  • T1087.002 - Domain Account
  • T1055.005 - Thread Local Storage
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1606.002 - SAML Tokens
MITREへのリンク →

FIN7

Score: 0.72
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1578.001 - Create Snapshot
  • T1011.001 - Exfiltration Over Bluetooth
  • T1588.001 - Malware
  • T1206 - Sudo Caching
  • T1105 - Ingress Tool Transfer
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT28

Score: 0.71
Matched TTPs:
  • T1206 - Sudo Caching
  • T1105 - Ingress Tool Transfer
  • T1087.002 - Domain Account
  • T1197 - BITS Jobs
  • T1200 - Hardware Additions
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
  • T1146 - Clear Command History
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る