Trusted Design

PoisonIvy adapts to communicate through Authentication Proxies

概要

PoisonIvy, a Remote Access Tool/Trojan (RAT) often used in targeted attacks, had been widely seen until around 2013. Since then, the number of cases using PoisonIvy in such attacks decreased, and there was no special variant with expanded features seen in the wild. However, recently, we have observed cases where PoisonIvy with expanded features in its communication function were used for attacks. Alienvault has added additional and related infrastructure found when we analyzed the PoisonIvy sample.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 28.21
Matched TTPs:
  • T1021.005 - VNC
  • T1099 - Timestomp
  • T1547.012 - Print Processors
  • T1045 - Software Packing
  • T1055.014 - VDSO Hijacking
  • T1056.002 - GUI Input Capture
  • T1542.004 - ROMMONkit
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN7

Score: 27.28
Matched TTPs:
  • T1021.005 - VNC
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1059.001 - PowerShell
  • T1562.001 - Disable or Modify Tools
  • T1622 - Debugger Evasion
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
MITREへのリンク →

GCMAN

Score: 5.86
Matched TTPs:
  • T1021.005 - VNC
  • T1165 - Startup Items
MITREへのリンク →

Fox Kitten

Score: 26.18
Matched TTPs:
  • T1021.005 - VNC
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

Kimsuky

Score: 30.35
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1123 - Audio Capture
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1055.014 - VDSO Hijacking
  • T1001 - Data Obfuscation
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 10.89
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ember Bear

Score: 33.22
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1597.002 - Purchase Technical Data
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1589 - Gather Victim Identity Information
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
MITREへのリンク →

Indrik Spider

Score: 11.29
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1165 - Startup Items
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 14.44
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1566.004 - Spearphishing Voice
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 21.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1131 - Authentication Package
  • T1045 - Software Packing
  • T1562.001 - Disable or Modify Tools
  • T1565.002 - Transmitted Data Manipulation
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 37.26
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1123 - Audio Capture
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
MITREへのリンク →

Star Blizzard

Score: 7.57
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1168 - Local Job Scheduling
MITREへのリンク →

APT39

Score: 23.90
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1599 - Network Boundary Bridging
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 23.25
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1555.003 - Credentials from Web Browsers
  • T1136.001 - Local Account
  • T1562.006 - Indicator Blocking
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1565.002 - Transmitted Data Manipulation
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

Tonto Team

Score: 11.34
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 22.28
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1032 - Standard Cryptographic Protocol
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1592.004 - Client Configurations
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

BlackByte

Score: 20.12
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1001 - Data Obfuscation
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

APT28

Score: 57.93
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1123 - Audio Capture
  • T1685.001 - Disable or Modify Windows Event Log
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1032 - Standard Cryptographic Protocol
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1056.002 - GUI Input Capture
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1146 - Clear Command History
  • T1556.005 - Reversible Encryption
  • T1564.004 - NTFS File Attributes
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-0501

Score: 14.56
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1155 - AppleScript
  • T1090.004 - Domain Fronting
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

Axiom

Score: 15.36
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

Leviathan

Score: 29.40
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1123 - Audio Capture
  • T1685.001 - Disable or Modify Windows Event Log
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1055.014 - VDSO Hijacking
  • T1056.002 - GUI Input Capture
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1622 - Debugger Evasion
MITREへのリンク →

TeamTNT

Score: 11.39
Matched TTPs:
  • T1123 - Audio Capture
  • T1165 - Startup Items
  • T1036.009 - Break Process Trees
  • T1586.002 - Email Accounts
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN13

Score: 25.83
Matched TTPs:
  • T1123 - Audio Capture
  • T1099 - Timestomp
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
  • T1569.002 - Service Execution
MITREへのリンク →

APT18

Score: 3.12
Matched TTPs:
  • T1123 - Audio Capture
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Volt Typhoon

Score: 42.41
Matched TTPs:
  • T1123 - Audio Capture
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1555.003 - Credentials from Web Browsers
  • T1164 - Re-opened Applications
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1056.002 - GUI Input Capture
  • T1566.004 - Spearphishing Voice
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Velvet Ant

Score: 17.91
Matched TTPs:
  • T1123 - Audio Capture
  • T1583.005 - Botnet
  • T1036.009 - Break Process Trees
  • T1032 - Standard Cryptographic Protocol
  • T1562.001 - Disable or Modify Tools
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 24.74
Matched TTPs:
  • T1123 - Audio Capture
  • T1165 - Startup Items
  • T1045 - Software Packing
  • T1619 - Cloud Storage Object Discovery
  • T1090.004 - Domain Fronting
  • T1565.002 - Transmitted Data Manipulation
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

APT41

Score: 22.51
Matched TTPs:
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1045 - Software Packing
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1055.015 - ListPlanting
  • T1008 - Fallback Channels
MITREへのリンク →

LAPSUS$

Score: 20.23
Matched TTPs:
  • T1123 - Audio Capture
  • T1045 - Software Packing
  • T1619 - Cloud Storage Object Discovery
  • T1596.004 - CDNs
  • T1592.003 - Firmware
  • T1588.005 - Exploits
MITREへのリンク →

OilRig

Score: 23.36
Matched TTPs:
  • T1123 - Audio Capture
  • T1165 - Startup Items
  • T1586.002 - Email Accounts
  • T1555.003 - Credentials from Web Browsers
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1055.015 - ListPlanting
  • T1547.008 - LSASS Driver
MITREへのリンク →

GALLIUM

Score: 11.69
Matched TTPs:
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1566.004 - Spearphishing Voice
  • T1134 - Access Token Manipulation
MITREへのリンク →

Ke3chang

Score: 8.07
Matched TTPs:
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

Wizard Spider

Score: 20.51
Matched TTPs:
  • T1123 - Audio Capture
  • T1032 - Standard Cryptographic Protocol
  • T1589 - Gather Victim Identity Information
  • T1155 - AppleScript
  • T1059.001 - PowerShell
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

APT29

Score: 27.64
Matched TTPs:
  • T1123 - Audio Capture
  • T1099 - Timestomp
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1592.004 - Client Configurations
  • T1056.002 - GUI Input Capture
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN5

Score: 6.22
Matched TTPs:
  • T1123 - Audio Capture
  • T1547.011 - Plist Modification
  • T1134 - Access Token Manipulation
MITREへのリンク →

Threat Group-3390

Score: 22.86
Matched TTPs:
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1155 - AppleScript
  • T1059.001 - PowerShell
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.00
Matched TTPs:
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
MITREへのリンク →

Chimera

Score: 25.73
Matched TTPs:
  • T1123 - Audio Capture
  • T1032 - Standard Cryptographic Protocol
  • T1155 - AppleScript
  • T1027.016 - Junk Code Insertion
  • T1542.004 - ROMMONkit
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
MITREへのリンク →

Dragonfly

Score: 15.43
Matched TTPs:
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Akira

Score: 7.72
Matched TTPs:
  • T1123 - Audio Capture
  • T1586.002 - Email Accounts
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Play

Score: 6.88
Matched TTPs:
  • T1123 - Audio Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1134 - Access Token Manipulation
MITREへのリンク →

Magic Hound

Score: 34.20
Matched TTPs:
  • T1099 - Timestomp
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1045 - Software Packing
  • T1562.001 - Disable or Modify Tools
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

HEXANE

Score: 16.15
Matched TTPs:
  • T1099 - Timestomp
  • T1070.006 - Timestomp
  • T1027.016 - Junk Code Insertion
  • T1055.014 - VDSO Hijacking
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

TA2541

Score: 5.90
Matched TTPs:
  • T1099 - Timestomp
  • T1001 - Data Obfuscation
MITREへのリンク →

Lotus Blossom

Score: 9.96
Matched TTPs:
  • T1099 - Timestomp
  • T1056.002 - GUI Input Capture
  • T1134 - Access Token Manipulation
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 22.28
Matched TTPs:
  • T1099 - Timestomp
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1027.016 - Junk Code Insertion
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1203 - Exploitation for Client Execution
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
MITREへのリンク →

Turla

Score: 23.63
Matched TTPs:
  • T1099 - Timestomp
  • T1032 - Standard Cryptographic Protocol
  • T1131 - Authentication Package
  • T1045 - Software Packing
  • T1566.004 - Spearphishing Voice
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 9.06
Matched TTPs:
  • T1099 - Timestomp
  • T1032 - Standard Cryptographic Protocol
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

ZIRCONIUM

Score: 8.96
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1056.002 - GUI Input Capture
  • T1578.001 - Create Snapshot
MITREへのリンク →

Lazarus Group

Score: 39.09
Matched TTPs:
  • T1165 - Startup Items
  • T1070.006 - Timestomp
  • T1032 - Standard Cryptographic Protocol
  • T1027.016 - Junk Code Insertion
  • T1547.011 - Plist Modification
  • T1069.001 - Local Groups
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
  • T1622 - Debugger Evasion
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

BlackTech

Score: 5.20
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Aquatic Panda

Score: 9.66
Matched TTPs:
  • T1165 - Startup Items
  • T1032 - Standard Cryptographic Protocol
  • T1589 - Gather Victim Identity Information
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-1811

Score: 20.24
Matched TTPs:
  • T1165 - Startup Items
  • T1032 - Standard Cryptographic Protocol
  • T1599 - Network Boundary Bridging
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1565.002 - Transmitted Data Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Salt Typhoon

Score: 6.74
Matched TTPs:
  • T1165 - Startup Items
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT5

Score: 11.25
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1622 - Debugger Evasion
MITREへのリンク →

UNC3886

Score: 31.97
Matched TTPs:
  • T1165 - Startup Items
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.015 - Login Items
  • T1546.003 - Windows Management Instrumentation Event Subscription
  • T1606 - Forge Web Credentials
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1203 - Exploitation for Client Execution
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
MITREへのリンク →

menuPass

Score: 18.57
Matched TTPs:
  • T1165 - Startup Items
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
  • T1001 - Data Obfuscation
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Rocke

Score: 15.56
Matched TTPs:
  • T1165 - Startup Items
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

MuddyWater

Score: 16.08
Matched TTPs:
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1547.011 - Plist Modification
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Medusa Group

Score: 27.70
Matched TTPs:
  • T1547.012 - Print Processors
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1555.003 - Credentials from Web Browsers
  • T1056.002 - GUI Input Capture
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

APT33

Score: 10.86
Matched TTPs:
  • T1583.005 - Botnet
  • T1027.016 - Junk Code Insertion
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

DarkVishnya

Score: 12.56
Matched TTPs:
  • T1583.005 - Botnet
  • T1586.002 - Email Accounts
  • T1562.001 - Disable or Modify Tools
  • T1213.003 - Code Repositories
MITREへのリンク →

INC Ransom

Score: 11.38
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
MITREへのリンク →

BackdoorDiplomacy

Score: 5.90
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Cinnamon Tempest

Score: 5.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1045 - Software Packing
MITREへのリンク →

ToddyCat

Score: 10.14
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 7.39
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1045 - Software Packing
  • T1622 - Debugger Evasion
MITREへのリンク →

Winter Vivern

Score: 7.20
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Earth Lusca

Score: 10.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1059.001 - PowerShell
  • T1546.016 - Installer Packages
  • T1134 - Access Token Manipulation
MITREへのリンク →

Volatile Cedar

Score: 3.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Moses Staff

Score: 5.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
MITREへのリンク →

Cobalt Group

Score: 6.92
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

APT3

Score: 12.03
Matched TTPs:
  • T1032 - Standard Cryptographic Protocol
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

Orangeworm

Score: 3.12
Matched TTPs:
  • T1032 - Standard Cryptographic Protocol
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Deep Panda

Score: 5.24
Matched TTPs:
  • T1032 - Standard Cryptographic Protocol
  • T1555.003 - Credentials from Web Browsers
  • T1134 - Access Token Manipulation
MITREへのリンク →

SilverTerrier

Score: 4.47
Matched TTPs:
  • T1131 - Authentication Package
  • T1556.005 - Reversible Encryption
MITREへのリンク →

CURIUM

Score: 6.88
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 8.07
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Leafminer

Score: 4.29
Matched TTPs:
  • T1027.016 - Junk Code Insertion
  • T1134 - Access Token Manipulation
MITREへのリンク →

Silence

Score: 8.33
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1562.001 - Disable or Modify Tools
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 16.98
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1134 - Access Token Manipulation
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

PROMETHIUM

Score: 4.13
Matched TTPs:
  • T1547.015 - Login Items
MITREへのリンク →

Inception

Score: 5.43
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN4

Score: 3.93
Matched TTPs:
  • T1056.002 - GUI Input Capture
  • T1556.005 - Reversible Encryption
MITREへのリンク →

RedCurl

Score: 4.22
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1556.005 - Reversible Encryption
MITREへのリンク →

WIRTE

Score: 3.59
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

RedEcho

Score: 3.59
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Gorgon Group

Score: 3.15
Matched TTPs:
  • T1001 - Data Obfuscation
MITREへのリンク →

Patchwork

Score: 9.58
Matched TTPs:
  • T1001 - Data Obfuscation
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1008 - Fallback Channels
MITREへのリンク →

BITTER

Score: 8.97
Matched TTPs:
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Andariel

Score: 5.34
Matched TTPs:
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 5.03
Matched TTPs:
  • T1599 - Network Boundary Bridging
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Sidewinder

Score: 5.27
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
MITREへのリンク →

The White Company

Score: 4.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Higaisa

Score: 8.20
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Aoqin Dragon

Score: 3.73
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Darkhotel

Score: 4.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

FIN10

Score: 3.88
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
MITREへのリンク →

Metador

Score: 3.85
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1556.005 - Reversible Encryption
MITREへのリンク →

PLATINUM

Score: 7.20
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

FIN6

Score: 8.38
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1134 - Access Token Manipulation
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 6.21
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

Moonstone Sleet

Score: 3.71
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 3.71
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 4.02
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1546.016 - Installer Packages
MITREへのリンク →

Windshift

Score: 3.71
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.80
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1032 - Standard Cryptographic Protocol
  • T1139 - Bash History
  • T1056.002 - GUI Input Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1556.005 - Reversible Encryption
  • T1583.005 - Botnet
  • T1027.016 - Junk Code Insertion
  • T1131 - Authentication Package
  • T1555.003 - Credentials from Web Browsers
  • T1547.011 - Plist Modification
  • T1597.002 - Purchase Technical Data
  • T1059.001 - PowerShell
  • T1123 - Audio Capture
  • T1542.004 - ROMMONkit
  • T1146 - Clear Command History
  • T1685.001 - Disable or Modify Windows Event Log
  • T1564.004 - NTFS File Attributes
  • T1546.007 - Netsh Helper DLL
  • T1592.003 - Firmware
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1134 - Access Token Manipulation
  • T1056.002 - GUI Input Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1164 - Re-opened Applications
  • T1070.006 - Timestomp
  • T1099 - Timestomp
  • T1566.004 - Spearphishing Voice
  • T1049 - System Network Connections Discovery
  • T1622 - Debugger Evasion
  • T1546.016 - Installer Packages
  • T1123 - Audio Capture
  • T1569.002 - Service Execution
  • T1578.001 - Create Snapshot
  • T1045 - Software Packing
  • T1685.001 - Disable or Modify Windows Event Log
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1555.003 - Credentials from Web Browsers
  • T1134 - Access Token Manipulation
  • T1187 - Forced Authentication
  • T1586.002 - Email Accounts
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1032 - Standard Cryptographic Protocol
  • T1583.005 - Botnet
  • T1049 - System Network Connections Discovery
  • T1566.004 - Spearphishing Voice
  • T1562.001 - Disable or Modify Tools
  • T1546.016 - Installer Packages
  • T1123 - Audio Capture
  • T1033 - System Owner/User Discovery
  • T1045 - Software Packing
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る