Pulse Detail-

Discovering Recent PlugX Campaigns Programmatically

概要

One of the hardest things to do when you are receiving malware that have “anonymized” (e.g. name-is-hash) names or general samples that lack any indication of the infection vector is to determine the origin of the file and its intended target. Even harder is when you do not receive telemetry data from products that contains information about infected machines. To that end, I have been working on automating ways to help ASERT better understand the context around samples so we can answer question about what may have been targeted, why it was targeted and when it was targeted. This post will use the PlugX malware as an example (PlugX is well known and has had its various iterations analyzed many times), due in part to its ongoing activity and will focus on leveraging metadata from VirusTotal due to it being publicly accessible.

Created: 2026-02-23

Indicators

類似Pulses

PlugX Malware from PlugX Tracker (score: 0.66)
Covert Channels and Poor Decisions: The Tale of DNSMessenger (score: 0.61)
Aggressive Malware Pushers: Prolific Cyber Surfers Beware (score: 0.59)
Analysis of an Undetected Dridex Sample (score: 0.59)
PowerSniff Malware Used in Macro-based Attacks (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

Inception

Score: 5.26

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool

MITREへのリンク →

Dark Caracal

Score: 7.47

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1083 - File and Directory Discovery
T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Elderwood

Score: 3.65

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1027.002 - Software Packing

MITREへのリンク →

Darkhotel

Score: 13.91

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1497.001 - System Checks
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1518.001 - Security Software Discovery
T1124 - System Time Discovery

MITREへのリンク →

APT28

Score: 19.04

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information
T1070.006 - Timestomp
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1550.002 - Pass the Hash
T1669 - Wi-Fi Networks

MITREへのリンク →

Leviathan

Score: 6.31

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1027.015 - Compression

MITREへのリンク →

Sidewinder

Score: 11.09

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1119 - Automated Collection
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1518.001 - Security Software Discovery
T1124 - System Time Discovery

MITREへのリンク →

APT39

Score: 7.36

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1588.002 - Tool
T1027.002 - Software Packing

MITREへのリンク →

Lazarus Group

Score: 26.06

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1070.006 - Timestomp
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1057 - Process Discovery
T1588.002 - Tool
T1571 - Non-Standard Port
T1027.007 - Dynamic API Resolution
T1124 - System Time Discovery
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Saint Bear

Score: 5.62

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1608.001 - Upload Malware
T1027.002 - Software Packing

MITREへのリンク →

APT33

Score: 7.59

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1588.002 - Tool
T1571 - Non-Standard Port
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

BITTER

Score: 6.51

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1608.001 - Upload Malware
T1036.004 - Masquerade Task or Service
T1588.002 - Tool

MITREへのリンク →

TA505

Score: 11.32

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1069 - Permission Groups Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1588.002 - Tool
T1027.002 - Software Packing

MITREへのリンク →

Higaisa

Score: 12.52

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1036.004 - Masquerade Task or Service
T1057 - Process Discovery
T1124 - System Time Discovery
T1027.015 - Compression

MITREへのリンク →

APT19

Score: 4.01

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool

MITREへのリンク →

Fox Kitten

Score: 8.27

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1217 - Browser Information Discovery
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Threat Group-3390

Score: 13.37

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1588.002 - Tool
T1027.002 - Software Packing
T1027.015 - Compression

MITREへのリンク →

TA2541

Score: 14.27

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1608.001 - Upload Malware
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1518.001 - Security Software Discovery
T1027.002 - Software Packing
T1027.015 - Compression

MITREへのリンク →

Malteiro

Score: 5.06

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1518.001 - Security Software Discovery

MITREへのリンク →

Magic Hound

Score: 19.74

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1057 - Process Discovery
T1588.002 - Tool
T1571 - Non-Standard Port
T1592.002 - Software
T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

Storm-1811

Score: 10.15

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1036.010 - Masquerade Account Name
T1566.003 - Spearphishing via Service

MITREへのリンク →

Tropic Trooper

Score: 12.81

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1573.002 - Asymmetric Cryptography
T1518.001 - Security Software Discovery

MITREへのリンク →

Mofang

Score: 4.75

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1027.015 - Compression

MITREへのリンク →

Contagious Interview

Score: 22.05

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1608.001 - Upload Malware
T1681 - Search Threat Vendor Data
T1083 - File and Directory Discovery
T1588.002 - Tool
T1571 - Non-Standard Port
T1543.001 - Launch Agent
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

menuPass

Score: 7.50

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1588.002 - Tool

MITREへのリンク →

TeamTNT

Score: 14.43

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

OilRig

Score: 23.67

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1497.001 - System Checks
T1119 - Automated Collection
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1057 - Process Discovery
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT32

Score: 18.45

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1608.001 - Upload Malware
T1070.006 - Timestomp
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1588.002 - Tool
T1571 - Non-Standard Port
T1550.002 - Pass the Hash
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Moonstone Sleet

Score: 10.94

Matched TTPs:

T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1217 - Browser Information Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT41

Score: 12.33

Matched TTPs:

T1069 - Permission Groups Discovery
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1588.002 - Tool
T1027.002 - Software Packing
T1550.002 - Pass the Hash

MITREへのリンク →

Scattered Spider

Score: 8.72

Matched TTPs:

T1069 - Permission Groups Discovery
T1217 - Browser Information Discovery
T1083 - File and Directory Discovery
T1588.002 - Tool

MITREへのリンク →

Volt Typhoon

Score: 22.41

Matched TTPs:

T1069 - Permission Groups Discovery
T1497.001 - System Checks
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1217 - Browser Information Discovery
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

APT3

Score: 11.78

Matched TTPs:

T1069 - Permission Groups Discovery
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1036.010 - Masquerade Account Name
T1027.002 - Software Packing

MITREへのリンク →

FIN13

Score: 11.84

Matched TTPs:

T1069 - Permission Groups Discovery
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1588.002 - Tool
T1550.002 - Pass the Hash

MITREへのリンク →

Evilnum

Score: 3.44

Matched TTPs:

T1497.001 - System Checks

MITREへのリンク →

Gamaredon Group

Score: 27.75

Matched TTPs:

T1497.001 - System Checks
T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1083 - File and Directory Discovery
T1027.012 - LNK Icon Smuggling
T1057 - Process Discovery
T1588.002 - Tool
T1571 - Non-Standard Port
T1027.004 - Compile After Delivery
T1518.001 - Security Software Discovery
T1027.015 - Compression

MITREへのリンク →

Ember Bear

Score: 7.33

Matched TTPs:

T1119 - Automated Collection
T1571 - Non-Standard Port
T1550.002 - Pass the Hash

MITREへのリンク →

RedCurl

Score: 6.23

Matched TTPs:

T1119 - Automated Collection
T1083 - File and Directory Discovery
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

APT1

Score: 9.82

Matched TTPs:

T1119 - Automated Collection
T1007 - System Service Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1550.002 - Pass the Hash

MITREへのリンク →

Ke3chang

Score: 9.94

Matched TTPs:

T1119 - Automated Collection
T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool

MITREへのリンク →

FIN5

Score: 3.04

Matched TTPs:

T1119 - Automated Collection
T1588.002 - Tool

MITREへのリンク →

HAFNIUM

Score: 5.00

Matched TTPs:

T1119 - Automated Collection
T1083 - File and Directory Discovery
T1057 - Process Discovery

MITREへのリンク →

Agrius

Score: 3.75

Matched TTPs:

T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Winter Vivern

Score: 7.15

Matched TTPs:

T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service

MITREへのリンク →

Confucius

Score: 3.49

Matched TTPs:

T1119 - Automated Collection
T1083 - File and Directory Discovery

MITREへのリンク →

FIN6

Score: 13.15

Matched TTPs:

T1119 - Automated Collection
T1036.004 - Masquerade Task or Service
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1566.003 - Spearphishing via Service
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Patchwork

Score: 8.29

Matched TTPs:

T1119 - Automated Collection
T1083 - File and Directory Discovery
T1588.002 - Tool
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

Chimera

Score: 19.75

Matched TTPs:

T1119 - Automated Collection
T1007 - System Service Discovery
T1070.006 - Timestomp
T1217 - Browser Information Discovery
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1550.002 - Pass the Hash
T1124 - System Time Discovery

MITREへのリンク →

Mustang Panda

Score: 22.86

Matched TTPs:

T1119 - Automated Collection
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1070.006 - Timestomp
T1083 - File and Directory Discovery
T1027.012 - LNK Icon Smuggling
T1057 - Process Discovery
T1588.002 - Tool
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

BRONZE BUTLER

Score: 8.83

Matched TTPs:

T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1588.002 - Tool
T1124 - System Time Discovery

MITREへのリンク →

Turla

Score: 12.25

Matched TTPs:

T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1518.001 - Security Software Discovery
T1124 - System Time Discovery

MITREへのリンク →

Aquatic Panda

Score: 10.11

Matched TTPs:

T1007 - System Service Discovery
T1036.004 - Masquerade Task or Service
T1588.002 - Tool
T1518.001 - Security Software Discovery
T1550.002 - Pass the Hash

MITREへのリンク →

Poseidon Group

Score: 4.04

Matched TTPs:

T1007 - System Service Discovery
T1057 - Process Discovery

MITREへのリンク →

Kimsuky

Score: 29.65

Matched TTPs:

T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1070.006 - Timestomp
T1593.002 - Search Engines
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1027.012 - LNK Icon Smuggling
T1057 - Process Discovery
T1588.002 - Tool
T1518.001 - Security Software Discovery
T1027.002 - Software Packing
T1550.002 - Pass the Hash

MITREへのリンク →

Earth Lusca

Score: 8.43

Matched TTPs:

T1007 - System Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1057 - Process Discovery
T1588.002 - Tool

MITREへのリンク →

admin@338

Score: 3.82

Matched TTPs:

T1007 - System Service Discovery
T1083 - File and Directory Discovery

MITREへのリンク →

WIRTE

Score: 4.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.002 - Tool
T1571 - Non-Standard Port

MITREへのリンク →

APT38

Score: 19.75

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1070.006 - Timestomp
T1217 - Browser Information Discovery
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1518.001 - Security Software Discovery
T1027.002 - Software Packing
T1036.006 - Space after Filename

MITREへのリンク →

Molerats

Score: 6.24

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1057 - Process Discovery
T1027.015 - Compression

MITREへのリンク →

ZIRCONIUM

Score: 8.31

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1036.004 - Masquerade Task or Service
T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

MuddyWater

Score: 10.75

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1027.004 - Compile After Delivery
T1518.001 - Security Software Discovery

MITREへのリンク →

FIN7

Score: 12.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1036.004 - Masquerade Task or Service
T1057 - Process Discovery
T1588.002 - Tool
T1571 - Non-Standard Port
T1124 - System Time Discovery

MITREへのリンク →

BlackByte

Score: 5.44

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1518.001 - Security Software Discovery

MITREへのリンク →

Rocke

Score: 15.80

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1070.006 - Timestomp
T1057 - Process Discovery
T1571 - Non-Standard Port
T1027.004 - Compile After Delivery
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

Sandworm Team

Score: 11.93

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1083 - File and Directory Discovery
T1588.002 - Tool
T1571 - Non-Standard Port
T1592.002 - Software

MITREへのリンク →

LuminousMoth

Score: 4.12

Matched TTPs:

T1608.001 - Upload Malware
T1083 - File and Directory Discovery
T1588.002 - Tool

MITREへのリンク →

SideCopy

Score: 3.87

Matched TTPs:

T1608.001 - Upload Malware
T1518.001 - Security Software Discovery

MITREへのリンク →

HEXANE

Score: 4.34

Matched TTPs:

T1608.001 - Upload Malware
T1057 - Process Discovery
T1588.002 - Tool

MITREへのリンク →

EXOTIC LILY

Score: 4.50

Matched TTPs:

T1608.001 - Upload Malware
T1566.003 - Spearphishing via Service

MITREへのリンク →

APT42

Score: 7.47

Matched TTPs:

T1608.001 - Upload Malware
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1518.001 - Security Software Discovery

MITREへのリンク →

APT5

Score: 5.56

Matched TTPs:

T1070.006 - Timestomp
T1083 - File and Directory Discovery
T1057 - Process Discovery

MITREへのリンク →

UNC3886

Score: 14.38

Matched TTPs:

T1070.006 - Timestomp
T1681 - Search Threat Vendor Data
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1057 - Process Discovery
T1124 - System Time Discovery

MITREへのリンク →

APT29

Score: 12.71

Matched TTPs:

T1070.006 - Timestomp
T1588.002 - Tool
T1651 - Cloud Administration Command
T1027.002 - Software Packing
T1566.003 - Spearphishing via Service

MITREへのリンク →

Medusa Group

Score: 10.36

Matched TTPs:

T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

Dragonfly

Score: 5.77

Matched TTPs:

T1083 - File and Directory Discovery
T1588.002 - Tool
T1036.010 - Masquerade Account Name

MITREへのリンク →

Velvet Ant

Score: 6.44

Matched TTPs:

T1083 - File and Directory Discovery
T1571 - Non-Standard Port
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

Aoqin Dragon

Score: 4.20

Matched TTPs:

T1083 - File and Directory Discovery
T1588.002 - Tool
T1027.002 - Software Packing

MITREへのリンク →

ToddyCat

Score: 7.24

Matched TTPs:

T1083 - File and Directory Discovery
T1057 - Process Discovery
T1518.001 - Security Software Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Play

Score: 5.56

Matched TTPs:

T1083 - File and Directory Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1518.001 - Security Software Discovery

MITREへのリンク →

APT-C-36

Score: 5.34

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1588.002 - Tool
T1571 - Non-Standard Port

MITREへのリンク →

Wizard Spider

Score: 10.34

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1588.002 - Tool
T1518.001 - Security Software Discovery
T1550.002 - Pass the Hash
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Naikon

Score: 3.99

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1518.001 - Security Software Discovery

MITREへのリンク →

Storm-0501

Score: 7.57

Matched TTPs:

T1036.004 - Masquerade Task or Service
T1057 - Process Discovery
T1518.001 - Security Software Discovery
T1027.002 - Software Packing

MITREへのリンク →

Windshift

Score: 5.94

Matched TTPs:

T1057 - Process Discovery
T1518.001 - Security Software Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

Andariel

Score: 5.36

Matched TTPs:

T1057 - Process Discovery
T1592.002 - Software

MITREへのリンク →

DarkVishnya

Score: 3.25

Matched TTPs:

T1588.002 - Tool
T1571 - Non-Standard Port

MITREへのリンク →

FIN8

Score: 8.24

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1518.001 - Security Software Discovery
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

GALLIUM

Score: 5.65

Matched TTPs:

T1588.002 - Tool
T1027.002 - Software Packing
T1550.002 - Pass the Hash

MITREへのリンク →

Sea Turtle

Score: 4.47

Matched TTPs:

T1588.002 - Tool
T1027.004 - Compile After Delivery

MITREへのリンク →

Cobalt Group

Score: 5.49

Matched TTPs:

T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1518.001 - Security Software Discovery

MITREへのリンク →

Thrip

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Silence

Score: 3.25

Matched TTPs:

T1588.002 - Tool
T1571 - Non-Standard Port

MITREへのリンク →

Salt Typhoon

Score: 3.60

Matched TTPs:

T1588.002 - Tool
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

RedEcho

Score: 5.14

Matched TTPs:

T1571 - Non-Standard Port
T1573.002 - Asymmetric Cryptography

MITREへのリンク →

The White Company

Score: 6.54

Matched TTPs:

T1518.001 - Security Software Discovery
T1027.002 - Software Packing
T1124 - System Time Discovery

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1124 - System Time Discovery
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.77

Matched TTPs:

T1550.002 - Pass the Hash
T1057 - Process Discovery
T1593.002 - Search Engines
T1027.012 - LNK Icon Smuggling
T1027.002 - Software Packing
T1588.002 - Tool
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1518.001 - Security Software Discovery
T1070.006 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1007 - System Service Discovery

MITREへのリンク →

Gamaredon Group

Score: 0.72

Matched TTPs:

T1057 - Process Discovery
T1027.012 - LNK Icon Smuggling
T1588.002 - Tool
T1083 - File and Directory Discovery
T1119 - Automated Collection
T1027.004 - Compile After Delivery
T1497.001 - System Checks
T1518.001 - Security Software Discovery
T1571 - Non-Standard Port
T1027.015 - Compression
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware

MITREへのリンク →

Lazarus Group

Score: 0.72

Matched TTPs:

T1124 - System Time Discovery
T1057 - Process Discovery
T1588.002 - Tool
T1083 - File and Directory Discovery
T1036.004 - Masquerade Task or Service
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1571 - Non-Standard Port
T1566.003 - Spearphishing via Service
T1027.013 - Encrypted/Encoded File
T1070.006 - Timestomp
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

OilRig

Score: 0.64

Matched TTPs:

T1057 - Process Discovery
T1588.002 - Tool
T1573.002 - Asymmetric Cryptography
T1119 - Automated Collection
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1566.003 - Spearphishing via Service
T1497.001 - System Checks
T1027.013 - Encrypted/Encoded File
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware
T1007 - System Service Discovery

MITREへのリンク →

Mustang Panda

Score: 0.61

Matched TTPs:

T1057 - Process Discovery
T1027.012 - LNK Icon Smuggling
T1588.002 - Tool
T1083 - File and Directory Discovery
T1027.007 - Dynamic API Resolution
T1119 - Automated Collection
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1070.006 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1608.001 - Upload Malware

MITREへのリンク →

Contagious Interview

Score: 0.60

Matched TTPs:

T1588.002 - Tool
T1543.001 - Launch Agent
T1083 - File and Directory Discovery
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1571 - Non-Standard Port
T1681 - Search Threat Vendor Data
T1027.013 - Encrypted/Encoded File
T1566.003 - Spearphishing via Service
T1608.001 - Upload Malware

MITREへのリンク →

Volt Typhoon

Score: 0.59

Matched TTPs:

T1124 - System Time Discovery
T1057 - Process Discovery
T1027.002 - Software Packing
T1588.002 - Tool
T1083 - File and Directory Discovery
T1069 - Permission Groups Discovery
T1217 - Browser Information Discovery
T1497.001 - System Checks
T1140 - Deobfuscate/Decode Files or Information
T1007 - System Service Discovery

MITREへのリンク →

APT28

Score: 0.55

Matched TTPs:

T1550.002 - Pass the Hash
T1057 - Process Discovery
T1588.002 - Tool
T1083 - File and Directory Discovery
T1119 - Automated Collection
T1669 - Wi-Fi Networks
T1027.013 - Encrypted/Encoded File
T1070.006 - Timestomp
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Discovering Recent PlugX Campaigns Programmatically

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ