Trusted Design

OpenSSL Alternative Chains Certificate Forgery MITM Proxy

概要

This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates (score: 0.46)
Fake Judicial Spam Leads to Backdoor with Fake Certificate Authority (score: 0.42)
NCCIC / US-CERT: Malware Initial Findings Report (MIFR) - 10131859 (score: 0.40)
Acer Portal app for Android does not properly validate SSL certificates (score: 0.40)
NCCIC / US-CERT: Malware Initial Findings Report (MIFR) - 10134756 (score: 0.39)

このPulseに関連する脅威アクター (事実ベース)

Silent Librarian

Score: 3.15

Matched TTPs:

T1588.004 - Digital Certificates

MITREへのリンク →

Lazarus Group

Score: 28.84

Matched TTPs:

T1588.004 - Digital Certificates
T1106 - Native API
T1218 - System Binary Proxy Execution
T1574.013 - KernelCallbackTable
T1102.002 - Bidirectional Communication
T1027.007 - Dynamic API Resolution
T1055.001 - Dynamic-link Library Injection
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Sea Turtle

Score: 5.82

Matched TTPs:

T1588.004 - Digital Certificates
T1078.003 - Local Accounts

MITREへのリンク →

Mustang Panda

Score: 19.20

Matched TTPs:

T1588.004 - Digital Certificates
T1106 - Native API
T1622 - Debugger Evasion
T1027.007 - Dynamic API Resolution
T1003.003 - NTDS
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

UNC3886

Score: 7.28

Matched TTPs:

T1588.004 - Digital Certificates
T1205.001 - Port Knocking

MITREへのリンク →

LuminousMoth

Score: 3.15

Matched TTPs:

T1588.004 - Digital Certificates

MITREへのリンク →

BlackTech

Score: 5.44

Matched TTPs:

T1588.004 - Digital Certificates
T1106 - Native API

MITREへのリンク →

Medusa Group

Score: 4.63

Matched TTPs:

T1106 - Native API
T1003.003 - NTDS

MITREへのリンク →

Higaisa

Score: 6.82

Matched TTPs:

T1106 - Native API
T1029 - Scheduled Transfer

MITREへのリンク →

Gorgon Group

Score: 5.44

Matched TTPs:

T1106 - Native API
T1055.012 - Process Hollowing

MITREへのリンク →

Turla

Score: 10.28

Matched TTPs:

T1106 - Native API
T1102.002 - Bidirectional Communication
T1055.001 - Dynamic-link Library Injection
T1078.003 - Local Accounts

MITREへのリンク →

Chimera

Score: 4.63

Matched TTPs:

T1106 - Native API
T1003.003 - NTDS

MITREへのリンク →

Sandworm Team

Score: 10.87

Matched TTPs:

T1106 - Native API
T1195 - Supply Chain Compromise
T1102.002 - Bidirectional Communication
T1003.003 - NTDS

MITREへのリンク →

Tropic Trooper

Score: 7.88

Matched TTPs:

T1106 - Native API
T1055.001 - Dynamic-link Library Injection
T1078.003 - Local Accounts

MITREへのリンク →

ToddyCat

Score: 4.81

Matched TTPs:

T1106 - Native API
T1566.003 - Spearphishing via Service

MITREへのリンク →

menuPass

Score: 7.78

Matched TTPs:

T1106 - Native API
T1055.012 - Process Hollowing
T1003.003 - NTDS

MITREへのリンク →

APT37

Score: 8.82

Matched TTPs:

T1106 - Native API
T1036.001 - Invalid Code Signature
T1102.002 - Bidirectional Communication

MITREへのリンク →

Gamaredon Group

Score: 4.68

Matched TTPs:

T1106 - Native API
T1102.002 - Bidirectional Communication

MITREへのリンク →

TA505

Score: 5.22

Matched TTPs:

T1106 - Native API
T1055.001 - Dynamic-link Library Injection

MITREへのリンク →

OilRig

Score: 9.11

Matched TTPs:

T1195 - Supply Chain Compromise
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Ember Bear

Score: 11.42

Matched TTPs:

T1195 - Supply Chain Compromise
T1585 - Establish Accounts
T1588.005 - Exploits

MITREへのリンク →

Volt Typhoon

Score: 6.47

Matched TTPs:

T1218 - System Binary Proxy Execution
T1003.003 - NTDS

MITREへのリンク →

PROMETHIUM

Score: 6.80

Matched TTPs:

T1205.001 - Port Knocking
T1078.003 - Local Accounts

MITREへのリンク →

Threat Group-3390

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Patchwork

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

BlackByte

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

TA2541

Score: 3.15

Matched TTPs:

T1055.012 - Process Hollowing

MITREへのリンク →

Kimsuky

Score: 15.79

Matched TTPs:

T1055.012 - Process Hollowing
T1102.002 - Bidirectional Communication
T1585 - Establish Accounts
T1588.005 - Exploits
T1078.003 - Local Accounts

MITREへのリンク →

Windshift

Score: 6.66

Matched TTPs:

T1036.001 - Invalid Code Signature
T1566.003 - Spearphishing via Service

MITREへのリンク →

Axiom

Score: 9.08

Matched TTPs:

T1553 - Subvert Trust Controls
T1563.002 - RDP Hijacking

MITREへのリンク →

Magic Hound

Score: 4.92

Matched TTPs:

T1102.002 - Bidirectional Communication
T1566.003 - Spearphishing via Service

MITREへのリンク →

FIN7

Score: 5.06

Matched TTPs:

T1102.002 - Bidirectional Communication
T1078.003 - Local Accounts

MITREへのリンク →

APT28

Score: 4.74

Matched TTPs:

T1102.002 - Bidirectional Communication
T1003.003 - NTDS

MITREへのリンク →

Contagious Interview

Score: 8.71

Matched TTPs:

T1585 - Establish Accounts
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Fox Kitten

Score: 5.78

Matched TTPs:

T1585 - Establish Accounts
T1003.003 - NTDS

MITREへのリンク →

APT17

Score: 3.44

Matched TTPs:

T1585 - Establish Accounts

MITREへのリンク →

FIN6

Score: 7.61

Matched TTPs:

T1003.003 - NTDS
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Wizard Spider

Score: 8.02

Matched TTPs:

T1003.003 - NTDS
T1055.001 - Dynamic-link Library Injection
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

HAFNIUM

Score: 5.01

Matched TTPs:

T1003.003 - NTDS
T1078.003 - Local Accounts

MITREへのリンク →

APT29

Score: 5.19

Matched TTPs:

T1566.003 - Spearphishing via Service
T1078.003 - Local Accounts

MITREへのリンク →

APT32

Score: 5.41

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1078.003 - Local Accounts

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.70

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1588.004 - Digital Certificates
T1102.002 - Bidirectional Communication
T1106 - Native API
T1218 - System Binary Proxy Execution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1055.001 - Dynamic-link Library Injection
T1566.003 - Spearphishing via Service
T1574.013 - KernelCallbackTable

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る