FBI Flash #68 (PlugX)
概要
FBI Flash #68 (PlugX Malware)
The FBI has obtained information regarding intrusions that have compromised various U.S. Government and commercial industries including aerospace, entertainment/media, healthcare, and telecommunications networks. The intrusions resulted in the theft of sensitive U.S government and business information including bulk personally identifiable information (PII). These intrusions involved infrastructure that emanated from China and utilized a specific malware family called "PlugX", a remote access tool (RAT) that has been in existence since 2008. Open source reporting revealed malicious cyber actors almost exclusively in China are using Plug X. Security researchers have linked the use of PlugX to cyber groups tracked as Aurora Panda/APT 17, Hurricane Panda, Emissary Panda, Nightshade Panda/Apt 9, Pale Panda, and Predator Panda. PlugX, if detected, should be immediately flagged, reported to the FBI, and given the highest priority for enhanced mitigation.
Created: 2026-02-23
Indicators
Indicatorsは見つかっていない。
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 19.01
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1578 - Modify Cloud Compute Infrastructure
- T1005 - Data from Local System
- T1550 - Use Alternate Authentication Material
- T1656 - Impersonation
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 26.14
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.47
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 13.60
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1547.002 - Authentication Package
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 10.98
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 23.29
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1547.002 - Authentication Package
- T1656 - Impersonation
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
- T1008 - Fallback Channels
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1606.002 - SAML Tokens
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 9.34
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1565 - Data Manipulation
- T1573 - Encrypted Channel
MITREへのリンク →
Score: 6.58
Matched TTPs:
- T1606.002 - SAML Tokens
- T1546.016 - Installer Packages
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 23.71
Matched TTPs:
- T1606.002 - SAML Tokens
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1547.002 - Authentication Package
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1055.005 - Thread Local Storage
- T1622 - Debugger Evasion
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 20.09
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1021.006 - Windows Remote Management
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1656 - Impersonation
- T1070.009 - Clear Persistence
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 22.89
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1005 - Data from Local System
- T1212 - Exploitation for Credential Access
- T1199 - Trusted Relationship
- T1059.004 - Unix Shell
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 18.33
Matched TTPs:
- T1606.002 - SAML Tokens
- T1021.006 - Windows Remote Management
- T1547.015 - Login Items
- T1059.004 - Unix Shell
- T1070.009 - Clear Persistence
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 8.87
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.53
Matched TTPs:
- T1606.002 - SAML Tokens
- T1592.004 - Client Configurations
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 6.85
Matched TTPs:
- T1606.002 - SAML Tokens
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.84
Matched TTPs:
- T1606.002 - SAML Tokens
- T1070.009 - Clear Persistence
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.29
Matched TTPs:
- T1606.002 - SAML Tokens
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
MITREへのリンク →
Score: 15.84
Matched TTPs:
- T1606.002 - SAML Tokens
- T1212 - Exploitation for Credential Access
- T1199 - Trusted Relationship
- T1059.004 - Unix Shell
- T1547.002 - Authentication Package
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.54
Matched TTPs:
- T1606.002 - SAML Tokens
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 11.79
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1055.005 - Thread Local Storage
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.45
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 16.69
Matched TTPs:
- T1606.002 - SAML Tokens
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1547.002 - Authentication Package
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
- T1055.015 - ListPlanting
MITREへのリンク →
Score: 4.18
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.02
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.87
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1543.002 - Systemd Service
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.96
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1070.009 - Clear Persistence
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.16
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
MITREへのリンク →
Score: 11.26
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1218.003 - CMSTP
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1070.009 - Clear Persistence
MITREへのリンク →
Score: 4.18
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.59
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1550 - Use Alternate Authentication Material
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 14.34
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1550 - Use Alternate Authentication Material
- T1592.004 - Client Configurations
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1070.009 - Clear Persistence
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 12.36
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1212 - Exploitation for Credential Access
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1547.002 - Authentication Package
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.33
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 5.67
Matched TTPs:
- T1091 - Replication Through Removable Media
- T1565 - Data Manipulation
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 17.41
Matched TTPs:
- T1218.003 - CMSTP
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1565 - Data Manipulation
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1094 - Custom Command and Control Protocol
MITREへのリンク →
Score: 12.23
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 14.27
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
- T1059.004 - Unix Shell
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 17.25
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1070.009 - Clear Persistence
- T1027.018 - Invisible Unicode
- T1546.007 - Netsh Helper DLL
- T1566.003 - Spearphishing via Service
MITREへのリンク →
Score: 6.47
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 6.47
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 10.77
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1565 - Data Manipulation
- T1546.016 - Installer Packages
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.36
Matched TTPs:
- T1592.004 - Client Configurations
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1008 - Fallback Channels
MITREへのリンク →
Score: 6.40
Matched TTPs:
- T1552.003 - Shell History
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1552.003 - Shell History
- T1199 - Trusted Relationship
MITREへのリンク →
Score: 4.17
Matched TTPs:
- T1552.003 - Shell History
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 4.86
Matched TTPs:
- T1552.003 - Shell History
- T1565 - Data Manipulation
MITREへのリンク →
Score: 6.34
Matched TTPs:
- T1567.001 - Exfiltration to Code Repository
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 9.37
Matched TTPs:
- T1567.001 - Exfiltration to Code Repository
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1212 - Exploitation for Credential Access
MITREへのリンク →
Score: 3.15
Matched TTPs:
- T1212 - Exploitation for Credential Access
MITREへのリンク →
Score: 7.03
Matched TTPs:
- T1212 - Exploitation for Credential Access
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 9.86
Matched TTPs:
- T1212 - Exploitation for Credential Access
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1546.016 - Installer Packages
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 4.61
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 13.53
Matched TTPs:
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1055.015 - ListPlanting
- T1008 - Fallback Channels
MITREへのリンク →
Score: 5.24
Matched TTPs:
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.64
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 4.00
Matched TTPs:
- T1199 - Trusted Relationship
- T1059.004 - Unix Shell
MITREへのリンク →
Score: 8.17
Matched TTPs:
- T1199 - Trusted Relationship
- T1573 - Encrypted Channel
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.25
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.59
Matched TTPs:
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.88
Matched TTPs:
- T1199 - Trusted Relationship
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 3.25
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
MITREへのリンク →
Score: 7.54
Matched TTPs:
- T1059.004 - Unix Shell
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 7.43
Matched TTPs:
- T1565 - Data Manipulation
- T1656 - Impersonation
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 7.12
Matched TTPs:
- T1573 - Encrypted Channel
- T1546.016 - Installer Packages
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.76
Matched TTPs:
- T1547.002 - Authentication Package
- T1027.018 - Invisible Unicode
MITREへのリンク →
Score: 3.03
Matched TTPs:
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
MITREへのリンク →
Score: 4.67
Matched TTPs:
- T1070.009 - Clear Persistence
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1130 - Install Root Certificate
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1008 - Fallback Channels
MITREへのリンク →
Score: 4.13
Matched TTPs:
- T1566.003 - Spearphishing via Service
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.86
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1027.018 - Invisible Unicode
- T1070.009 - Clear Persistence
- T1573 - Encrypted Channel
- T1005 - Data from Local System
- T1564.008 - Email Hiding Rules
- T1091 - Replication Through Removable Media
- T1565 - Data Manipulation
- T1606.002 - SAML Tokens
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 0.78
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1055.005 - Thread Local Storage
- T1055.015 - ListPlanting
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1550 - Use Alternate Authentication Material
- T1565 - Data Manipulation
- T1606.002 - SAML Tokens
- T1546.016 - Installer Packages
MITREへのリンク →
Score: 0.75
Matched TTPs:
- T1199 - Trusted Relationship
- T1552.003 - Shell History
- T1547.002 - Authentication Package
- T1027.018 - Invisible Unicode
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1091 - Replication Through Removable Media
- T1565 - Data Manipulation
- T1606.002 - SAML Tokens
- T1008 - Fallback Channels
- T1656 - Impersonation
MITREへのリンク →
Score: 0.74
Matched TTPs:
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
- T1059.004 - Unix Shell
- T1055.015 - ListPlanting
- T1070.009 - Clear Persistence
- T1005 - Data from Local System
- T1622 - Debugger Evasion
- T1091 - Replication Through Removable Media
- T1212 - Exploitation for Credential Access
- T1606.002 - SAML Tokens
MITREへのリンク →
Score: 0.64
Matched TTPs:
- T1199 - Trusted Relationship
- T1552.003 - Shell History
- T1027.018 - Invisible Unicode
- T1070.009 - Clear Persistence
- T1021.006 - Windows Remote Management
- T1091 - Replication Through Removable Media
- T1565 - Data Manipulation
- T1606.002 - SAML Tokens
- T1656 - Impersonation
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1059.004 - Unix Shell
- T1055.015 - ListPlanting
- T1070.009 - Clear Persistence
- T1547.015 - Login Items
- T1021.006 - Windows Remote Management
- T1606.002 - SAML Tokens
MITREへのリンク →
Score: 0.62
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1070.009 - Clear Persistence
- T1005 - Data from Local System
- T1564.008 - Email Hiding Rules
- T1550 - Use Alternate Authentication Material
- T1656 - Impersonation
MITREへのリンク →
Score: 0.61
Matched TTPs:
- T1199 - Trusted Relationship
- T1027.018 - Invisible Unicode
- T1547.002 - Authentication Package
- T1546.007 - Netsh Helper DLL
- T1070.009 - Clear Persistence
- T1566.003 - Spearphishing via Service
- T1550 - Use Alternate Authentication Material
MITREへのリンク →
Score: 0.60
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1027.018 - Invisible Unicode
- T1055.015 - ListPlanting
- T1573 - Encrypted Channel
- T1622 - Debugger Evasion
- T1091 - Replication Through Removable Media
- T1606.002 - SAML Tokens
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1199 - Trusted Relationship
- T1218.003 - CMSTP
- T1552.003 - Shell History
- T1070.009 - Clear Persistence
- T1622 - Debugger Evasion
- T1094 - Custom Command and Control Protocol
- T1565 - Data Manipulation
MITREへのリンク →
Score: 0.59
Matched TTPs:
- T1199 - Trusted Relationship
- T1547.002 - Authentication Package
- T1059.004 - Unix Shell
- T1027.018 - Invisible Unicode
- T1212 - Exploitation for Credential Access
- T1606.002 - SAML Tokens
- T1546.016 - Installer Packages
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design