Trusted Design

PoisonIvy adapts to communicate through Authentication Proxies

概要

PoisonIvy, a Remote Access Tool/Trojan (RAT) often used in targeted attacks, had been widely seen until around 2013. Since then, the number of cases using PoisonIvy in such attacks decreased, and there was no special variant with expanded features seen in the wild. However, recently, we have observed cases where PoisonIvy with expanded features in its communication function were used for attacks. Alienvault has added additional and related infrastructure found when we analyzed the PoisonIvy sample.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 28.21
Matched TTPs:
  • T1021.005 - VNC
  • T1016.001 - Internet Connection Discovery
  • T1559.001 - Component Object Model
  • T1090 - Proxy
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1039 - Data from Network Shared Drive
  • T1571 - Non-Standard Port
  • T1095 - Non-Application Layer Protocol
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN7

Score: 27.28
Matched TTPs:
  • T1021.005 - VNC
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1210 - Exploitation of Remote Services
  • T1571 - Non-Standard Port
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

GCMAN

Score: 5.86
Matched TTPs:
  • T1021.005 - VNC
  • T1021.004 - SSH
MITREへのリンク →

Fox Kitten

Score: 26.18
Matched TTPs:
  • T1021.005 - VNC
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

Kimsuky

Score: 30.35
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1133 - External Remote Services
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1534 - Internal Spearphishing
  • T1055.012 - Process Hollowing
  • T1219.002 - Remote Desktop Software
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 10.89
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 33.22
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1003 - OS Credential Dumping
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1021 - Remote Services
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
MITREへのリンク →

Indrik Spider

Score: 11.29
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1021.004 - SSH
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 14.44
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Contagious Interview

Score: 21.05
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1071.003 - Mail Protocols
  • T1090 - Proxy
  • T1571 - Non-Standard Port
  • T1219.002 - Remote Desktop Software
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 37.26
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1133 - External Remote Services
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1571 - Non-Standard Port
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Star Blizzard

Score: 7.57
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1550.004 - Web Session Cookie
MITREへのリンク →

APT39

Score: 23.90
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1056 - Input Capture
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
MITREへのリンク →

Mustang Panda

Score: 23.25
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1505.003 - Web Shell
  • T1176.002 - IDE Extensions
  • T1219.001 - IDE Tunneling
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
  • T1219.002 - Remote Desktop Software
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
MITREへのリンク →

Tonto Team

Score: 11.34
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 22.28
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1550.003 - Pass the Ticket
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
MITREへのリンク →

BlackByte

Score: 20.12
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1055.012 - Process Hollowing
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT28

Score: 57.93
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1133 - External Remote Services
  • T1584.008 - Network Devices
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1557.004 - Evil Twin
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.003 - Mail Protocols
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1498 - Network Denial of Service
  • T1071.001 - Web Protocols
  • T1001.001 - Junk Data
  • T1669 - Wi-Fi Networks
MITREへのリンク →

Sowbug

Score: 5.63
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Storm-0501

Score: 14.56
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1021.006 - Windows Remote Management
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
MITREへのリンク →

Axiom

Score: 15.36
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

Leviathan

Score: 29.40
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1133 - External Remote Services
  • T1584.008 - Network Devices
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1534 - Internal Spearphishing
  • T1090.003 - Multi-hop Proxy
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TeamTNT

Score: 11.39
Matched TTPs:
  • T1133 - External Remote Services
  • T1021.004 - SSH
  • T1071 - Application Layer Protocol
  • T1219 - Remote Access Tools
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN13

Score: 25.83
Matched TTPs:
  • T1133 - External Remote Services
  • T1016.001 - Internet Connection Discovery
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1556 - Modify Authentication Process
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT18

Score: 3.12
Matched TTPs:
  • T1133 - External Remote Services
  • T1071.001 - Web Protocols
MITREへのリンク →

Volt Typhoon

Score: 42.41
Matched TTPs:
  • T1133 - External Remote Services
  • T1016.001 - Internet Connection Discovery
  • T1584.008 - Network Devices
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1505.003 - Web Shell
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1090.003 - Multi-hop Proxy
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Velvet Ant

Score: 17.91
Matched TTPs:
  • T1133 - External Remote Services
  • T1040 - Network Sniffing
  • T1071 - Application Layer Protocol
  • T1021.002 - SMB/Windows Admin Shares
  • T1571 - Non-Standard Port
  • T1570 - Lateral Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

Scattered Spider

Score: 24.74
Matched TTPs:
  • T1133 - External Remote Services
  • T1021.004 - SSH
  • T1090 - Proxy
  • T1204 - User Execution
  • T1556.009 - Conditional Access Policies
  • T1219.002 - Remote Desktop Software
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1213.005 - Messaging Applications
MITREへのリンク →

APT41

Score: 22.51
Matched TTPs:
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1090 - Proxy
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

LAPSUS$

Score: 20.23
Matched TTPs:
  • T1133 - External Remote Services
  • T1090 - Proxy
  • T1204 - User Execution
  • T1552.008 - Chat Messages
  • T1589.001 - Credentials
  • T1213.005 - Messaging Applications
MITREへのリンク →

OilRig

Score: 23.36
Matched TTPs:
  • T1133 - External Remote Services
  • T1021.004 - SSH
  • T1219 - Remote Access Tools
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

GALLIUM

Score: 11.69
Matched TTPs:
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090.002 - External Proxy
  • T1570 - Lateral Tool Transfer
  • T1018 - Remote System Discovery
MITREへのリンク →

Ke3chang

Score: 8.07
Matched TTPs:
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
MITREへのリンク →

Wizard Spider

Score: 20.51
Matched TTPs:
  • T1133 - External Remote Services
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1021.006 - Windows Remote Management
  • T1210 - Exploitation of Remote Services
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT29

Score: 27.64
Matched TTPs:
  • T1133 - External Remote Services
  • T1016.001 - Internet Connection Discovery
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1550.003 - Pass the Ticket
  • T1090.003 - Multi-hop Proxy
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN5

Score: 6.22
Matched TTPs:
  • T1133 - External Remote Services
  • T1090.002 - External Proxy
  • T1018 - Remote System Discovery
MITREへのリンク →

Threat Group-3390

Score: 22.86
Matched TTPs:
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1021.006 - Windows Remote Management
  • T1210 - Exploitation of Remote Services
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.00
Matched TTPs:
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
MITREへのリンク →

Chimera

Score: 25.73
Matched TTPs:
  • T1133 - External Remote Services
  • T1021.002 - SMB/Windows Admin Shares
  • T1021.006 - Windows Remote Management
  • T1110.003 - Password Spraying
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1124 - System Time Discovery
MITREへのリンク →

Dragonfly

Score: 15.43
Matched TTPs:
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Akira

Score: 7.72
Matched TTPs:
  • T1133 - External Remote Services
  • T1219 - Remote Access Tools
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Play

Score: 6.88
Matched TTPs:
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1018 - Remote System Discovery
MITREへのリンク →

Magic Hound

Score: 34.20
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1090 - Proxy
  • T1571 - Non-Standard Port
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

HEXANE

Score: 16.15
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1010 - Application Window Discovery
  • T1110.003 - Password Spraying
  • T1534 - Internal Spearphishing
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA2541

Score: 5.90
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1055.012 - Process Hollowing
MITREへのリンク →

Lotus Blossom

Score: 9.96
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1090.003 - Multi-hop Proxy
  • T1018 - Remote System Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

HAFNIUM

Score: 22.28
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1110.003 - Password Spraying
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1095 - Non-Application Layer Protocol
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
MITREへのリンク →

Turla

Score: 23.63
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.003 - Mail Protocols
  • T1090 - Proxy
  • T1570 - Lateral Tool Transfer
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1018 - Remote System Discovery
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN8

Score: 9.06
Matched TTPs:
  • T1016.001 - Internet Connection Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ZIRCONIUM

Score: 8.96
Matched TTPs:
  • T1584.008 - Network Devices
  • T1090.003 - Multi-hop Proxy
  • T1124 - System Time Discovery
MITREへのリンク →

Lazarus Group

Score: 39.09
Matched TTPs:
  • T1021.004 - SSH
  • T1010 - Application Window Discovery
  • T1021.002 - SMB/Windows Admin Shares
  • T1110.003 - Password Spraying
  • T1090.002 - External Proxy
  • T1574.013 - KernelCallbackTable
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

BlackTech

Score: 5.20
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Aquatic Panda

Score: 9.66
Matched TTPs:
  • T1021.004 - SSH
  • T1021.002 - SMB/Windows Admin Shares
  • T1021 - Remote Services
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Storm-1811

Score: 20.24
Matched TTPs:
  • T1021.004 - SSH
  • T1021.002 - SMB/Windows Admin Shares
  • T1056 - Input Capture
  • T1566.004 - Spearphishing Voice
  • T1570 - Lateral Tool Transfer
  • T1219.002 - Remote Desktop Software
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Salt Typhoon

Score: 6.74
Matched TTPs:
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT5

Score: 11.25
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1554 - Compromise Host Software Binary
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

UNC3886

Score: 31.97
Matched TTPs:
  • T1021.004 - SSH
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1205.001 - Port Knocking
  • T1554 - Compromise Host Software Binary
  • T1212 - Exploitation for Credential Access
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1095 - Non-Application Layer Protocol
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

menuPass

Score: 18.57
Matched TTPs:
  • T1021.004 - SSH
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1055.012 - Process Hollowing
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Rocke

Score: 15.56
Matched TTPs:
  • T1021.004 - SSH
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

MuddyWater

Score: 16.08
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Medusa Group

Score: 27.70
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1505.003 - Web Shell
  • T1090.003 - Multi-hop Proxy
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT33

Score: 10.86
Matched TTPs:
  • T1040 - Network Sniffing
  • T1110.003 - Password Spraying
  • T1571 - Non-Standard Port
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

DarkVishnya

Score: 12.56
Matched TTPs:
  • T1040 - Network Sniffing
  • T1219 - Remote Access Tools
  • T1571 - Non-Standard Port
  • T1200 - Hardware Additions
MITREへのリンク →

INC Ransom

Score: 11.38
Matched TTPs:
  • T1071 - Application Layer Protocol
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BackdoorDiplomacy

Score: 5.90
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
  • T1095 - Non-Application Layer Protocol
MITREへのリンク →

Cinnamon Tempest

Score: 5.75
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1090 - Proxy
MITREへのリンク →

ToddyCat

Score: 10.14
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 7.39
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1090 - Proxy
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Winter Vivern

Score: 7.20
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1056.003 - Web Portal Capture
  • T1071.001 - Web Protocols
MITREへのリンク →

Earth Lusca

Score: 10.93
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1210 - Exploitation of Remote Services
  • T1584.004 - Server
  • T1018 - Remote System Discovery
MITREへのリンク →

Volatile Cedar

Score: 3.24
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1505.003 - Web Shell
MITREへのリンク →

Moses Staff

Score: 5.17
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
MITREへのリンク →

Cobalt Group

Score: 6.92
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

APT3

Score: 12.03
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Orangeworm

Score: 3.12
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1071.001 - Web Protocols
MITREへのリンク →

Deep Panda

Score: 5.24
Matched TTPs:
  • T1021.002 - SMB/Windows Admin Shares
  • T1505.003 - Web Shell
  • T1018 - Remote System Discovery
MITREへのリンク →

SilverTerrier

Score: 4.47
Matched TTPs:
  • T1071.003 - Mail Protocols
  • T1071.001 - Web Protocols
MITREへのリンク →

CURIUM

Score: 6.88
Matched TTPs:
  • T1505.003 - Web Shell
  • T1124 - System Time Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 8.07
Matched TTPs:
  • T1505.003 - Web Shell
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Leafminer

Score: 4.29
Matched TTPs:
  • T1110.003 - Password Spraying
  • T1018 - Remote System Discovery
MITREへのリンク →

Silence

Score: 8.33
Matched TTPs:
  • T1090.002 - External Proxy
  • T1571 - Non-Standard Port
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 16.98
Matched TTPs:
  • T1550.003 - Pass the Ticket
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1018 - Remote System Discovery
  • T1124 - System Time Discovery
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

PROMETHIUM

Score: 4.13
Matched TTPs:
  • T1205.001 - Port Knocking
MITREへのリンク →

Inception

Score: 5.43
Matched TTPs:
  • T1090.003 - Multi-hop Proxy
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN4

Score: 3.93
Matched TTPs:
  • T1090.003 - Multi-hop Proxy
  • T1071.001 - Web Protocols
MITREへのリンク →

RedCurl

Score: 4.22
Matched TTPs:
  • T1039 - Data from Network Shared Drive
  • T1071.001 - Web Protocols
MITREへのリンク →

WIRTE

Score: 3.59
Matched TTPs:
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
MITREへのリンク →

RedEcho

Score: 3.59
Matched TTPs:
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
MITREへのリンク →

Gorgon Group

Score: 3.15
Matched TTPs:
  • T1055.012 - Process Hollowing
MITREへのリンク →

Patchwork

Score: 9.58
Matched TTPs:
  • T1055.012 - Process Hollowing
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

BITTER

Score: 8.97
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1095 - Non-Application Layer Protocol
  • T1071.001 - Web Protocols
MITREへのリンク →

Andariel

Score: 5.34
Matched TTPs:
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT42

Score: 5.03
Matched TTPs:
  • T1056 - Input Capture
  • T1071.001 - Web Protocols
MITREへのリンク →

Sidewinder

Score: 5.27
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
MITREへのリンク →

The White Company

Score: 4.09
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Higaisa

Score: 8.20
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
  • T1090.001 - Internal Proxy
MITREへのリンク →

Aoqin Dragon

Score: 3.73
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Darkhotel

Score: 4.09
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

FIN10

Score: 3.88
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Metador

Score: 3.85
Matched TTPs:
  • T1095 - Non-Application Layer Protocol
  • T1071.001 - Web Protocols
MITREへのリンク →

PLATINUM

Score: 7.20
Matched TTPs:
  • T1095 - Non-Application Layer Protocol
  • T1056.004 - Credential API Hooking
MITREへのリンク →

FIN6

Score: 8.38
Matched TTPs:
  • T1095 - Non-Application Layer Protocol
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

RTM

Score: 6.21
Matched TTPs:
  • T1219.002 - Remote Desktop Software
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Moonstone Sleet

Score: 3.71
Matched TTPs:
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dark Caracal

Score: 3.71
Matched TTPs:
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Daggerfly

Score: 4.02
Matched TTPs:
  • T1071.001 - Web Protocols
  • T1584.004 - Server
MITREへのリンク →

Windshift

Score: 3.71
Matched TTPs:
  • T1071.001 - Web Protocols
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.80
Matched TTPs:
  • T1505.003 - Web Shell
  • T1003 - OS Credential Dumping
  • T1203 - Exploitation for Client Execution
  • T1498 - Network Denial of Service
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1589.001 - Credentials
  • T1584.008 - Network Devices
  • T1110.003 - Password Spraying
  • T1557.004 - Evil Twin
  • T1071.001 - Web Protocols
  • T1669 - Wi-Fi Networks
  • T1210 - Exploitation of Remote Services
  • T1001.001 - Junk Data
  • T1071.003 - Mail Protocols
  • T1039 - Data from Network Shared Drive
  • T1021.002 - SMB/Windows Admin Shares
  • T1133 - External Remote Services
  • T1090.003 - Multi-hop Proxy
  • T1090.002 - External Proxy
MITREへのリンク →

Volt Typhoon

Score: 0.62
Matched TTPs:
  • T1505.003 - Web Shell
  • T1016.001 - Internet Connection Discovery
  • T1124 - System Time Discovery
  • T1590.006 - Network Security Appliances
  • T1018 - Remote System Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1090.001 - Internal Proxy
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1090.003 - Multi-hop Proxy
  • T1584.004 - Server
  • T1010 - Application Window Discovery
  • T1570 - Lateral Tool Transfer
  • T1584.008 - Network Devices
  • T1584.005 - Botnet
MITREへのリンク →

Sandworm Team

Score: 0.56
Matched TTPs:
  • T1505.003 - Web Shell
  • T1018 - Remote System Discovery
  • T1203 - Exploitation for Client Execution
  • T1040 - Network Sniffing
  • T1021.002 - SMB/Windows Admin Shares
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1571 - Non-Standard Port
  • T1071.001 - Web Protocols
  • T1592.002 - Software
  • T1219 - Remote Access Tools
  • T1584.004 - Server
  • T1570 - Lateral Tool Transfer
  • T1583 - Acquire Infrastructure
  • T1584.005 - Botnet
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る