Trusted Design

Winnti is now targeting pharmaceutical companies

概要

For a long time the Winnti group had been considered as a Chinese threat actor targeting gaming companies specifically. Recently, we’ve seen information indicating that the scope of targets can be wider and is no longer limited to the entertainment business. We actually track samples of Winnti malware all the time, but so far we haven’t been able to catch one with solid clues indicating other targeted industries. Also our visibility as a vendor does not cover every company in the world (at least so far ;)) and the Kaspersky Security Network (KSN) did not reveal other attacks except those against gaming companies. Well, sometimes targeted entities have included telecommunication companies, or better, large holdings, but it seems that at least one of their businesses was in some way related to the production or distribution of computer games.

Created: 2026-02-23

Indicators

類似Pulses

An Update on Winnti (score: 0.57)
Multiple Malwares used to Target an Asian Financial Institution (score: 0.51)
Threat Group-3390 Targets Organizations for Cyberespionage (score: 0.51)
TrendLabs: Spam Campaign Delivers Cross-platform Remote Access Trojan Adwind (score: 0.50)
Operation C-Major actors used Mobile Spyware Against Targets (score: 0.50)

このPulseに関連する脅威アクター (事実ベース)

APT28

Score: 18.35

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1547.002 - Authentication Package
T1146 - Clear Command History
T1546.007 - Netsh Helper DLL
T1566.003 - Spearphishing via Service

MITREへのリンク →

UNC3886

Score: 11.24

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1136.002 - Domain Account
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

APT32

Score: 5.49

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1027.014 - Polymorphic Code

MITREへのリンク →

Kimsuky

Score: 7.89

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package

MITREへのリンク →

APT29

Score: 5.27

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1547.008 - LSASS Driver

MITREへのリンク →

Chimera

Score: 5.34

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1578.001 - Create Snapshot

MITREへのリンク →

Lazarus Group

Score: 17.83

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1547.002 - Authentication Package
T1055.005 - Thread Local Storage
T1055.015 - ListPlanting
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Mustang Panda

Score: 6.88

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1055.005 - Thread Local Storage

MITREへのリンク →

Turla

Score: 7.45

Matched TTPs:

T1136.002 - Domain Account
T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

Scattered Spider

Score: 7.00

Matched TTPs:

T1136.002 - Domain Account
T1027.002 - Software Packing

MITREへのリンク →

APT33

Score: 4.13

Matched TTPs:

T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

Wizard Spider

Score: 4.13

Matched TTPs:

T1567.001 - Exfiltration to Code Repository

MITREへのリンク →

Cobalt Group

Score: 5.67

Matched TTPs:

T1027.014 - Polymorphic Code
T1573 - Encrypted Channel

MITREへのリンク →

APT41

Score: 6.37

Matched TTPs:

T1573 - Encrypted Channel
T1055.015 - ListPlanting

MITREへのリンク →

Sandworm Team

Score: 5.33

Matched TTPs:

T1573 - Encrypted Channel
T1547.002 - Authentication Package

MITREへのリンク →

Moonstone Sleet

Score: 5.45

Matched TTPs:

T1573 - Encrypted Channel
T1547.008 - LSASS Driver

MITREへのリンク →

FIN7

Score: 11.36

Matched TTPs:

T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

Magic Hound

Score: 4.92

Matched TTPs:

T1547.002 - Authentication Package
T1547.008 - LSASS Driver

MITREへのリンク →

ZIRCONIUM

Score: 4.99

Matched TTPs:

T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

OilRig

Score: 5.96

Matched TTPs:

T1055.015 - ListPlanting
T1547.008 - LSASS Driver

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Velvet Ant

Score: 4.13

Matched TTPs:

T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.80

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1578.001 - Create Snapshot
T1055.005 - Thread Local Storage
T1055.015 - ListPlanting
T1547.002 - Authentication Package
T1547.008 - LSASS Driver

MITREへのリンク →

APT28

Score: 0.78

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1146 - Clear Command History
T1546.007 - Netsh Helper DLL
T1547.002 - Authentication Package
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 0.59

Matched TTPs:

T1547.002 - Authentication Package
T1055.015 - ListPlanting
T1578.001 - Create Snapshot
T1573 - Encrypted Channel

MITREへのリンク →

UNC3886

Score: 0.55

Matched TTPs:

T1567.004 - Exfiltration Over Webhook
T1055.015 - ListPlanting
T1136.002 - Domain Account
T1578.001 - Create Snapshot

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る