Trusted Design

Darkhotel’s attacks in 2015

概要

Darkhotel APT attacks dated 2014 and earlier are characterized by the misuse of stolen certificates, the deployment of .hta files with multiple techniques, and the use of unusual methods like the infiltration of hotel Wi-Fi to place backdoors in targets’ systems. In 2015, many of these techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team. Kaspersky Labs' Global Research & Analysis Team

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 29.97
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 56.20
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1552.005 - Cloud Instance Metadata API
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1139 - Bash History
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 15.23
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

Leviathan

Score: 13.90
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Mustard Tempest

Score: 11.05
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
MITREへのリンク →

OilRig

Score: 20.15
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 18.10
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1546.017 - Udev Rules
MITREへのリンク →

Turla

Score: 23.85
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
MITREへのリンク →

Kimsuky

Score: 32.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1008 - Fallback Channels
MITREへのリンク →

FIN13

Score: 11.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Moonstone Sleet

Score: 17.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 5.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
MITREへのリンク →

Lazarus Group

Score: 26.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 31.98
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1016 - System Network Configuration Discovery
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 14.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

LuminousMoth

Score: 4.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 39.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Salt Typhoon

Score: 7.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 21.20
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1546.018 - Python Startup Hooks
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 8.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

RedCurl

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1612 - Build Image on Host
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Ke3chang

Score: 9.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 31.24
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

TeamTNT

Score: 17.48
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1071.003 - Mail Protocols
  • T1612 - Build Image on Host
MITREへのリンク →

FIN7

Score: 21.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
MITREへのリンク →

Velvet Ant

Score: 12.33
Matched TTPs:
  • T1583.005 - Botnet
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT33

Score: 5.38
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

DarkVishnya

Score: 8.42
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

BRONZE BUTLER

Score: 15.57
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

APT39

Score: 9.21
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1569.002 - Service Execution
MITREへのリンク →

Agrius

Score: 7.46
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

APT38

Score: 6.04
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Molerats

Score: 4.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 3.06
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

Earth Lusca

Score: 16.83
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Storm-1811

Score: 13.90
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 15.28
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 4.39
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Threat Group-3390

Score: 20.31
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Winter Vivern

Score: 15.98
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
MITREへのリンク →

menuPass

Score: 8.82
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackByte

Score: 7.25
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Cinnamon Tempest

Score: 3.89
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Rocke

Score: 8.85
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1008 - Fallback Channels
MITREへのリンク →

Tropic Trooper

Score: 9.43
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Higaisa

Score: 9.14
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 7.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1546.017 - Udev Rules
MITREへのリンク →

LazyScripter

Score: 8.69
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
MITREへのリンク →

Star Blizzard

Score: 9.73
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

SideCopy

Score: 8.34
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

BITTER

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 13.27
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

HEXANE

Score: 7.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 8.51
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 8.97
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
MITREへのリンク →

Ember Bear

Score: 16.57
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

BlackTech

Score: 7.25
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 30.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.008 - Direct Cloud VM Connections
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

Medusa Group

Score: 18.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Fox Kitten

Score: 6.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1612 - Build Image on Host
  • T1059.001 - PowerShell
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

GALLIUM

Score: 4.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Volatile Cedar

Score: 8.19
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

INC Ransom

Score: 4.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Dragonfly

Score: 19.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

APT41

Score: 26.96
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.004 - Disable or Modify System Firewall
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1566.004 - Spearphishing Voice
  • T1564.003 - Hidden Window
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

HAFNIUM

Score: 15.71
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
MITREへのリンク →

APT5

Score: 5.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

Windshift

Score: 7.46
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Aquatic Panda

Score: 3.44
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1199 - Trusted Relationship
MITREへのリンク →

LAPSUS$

Score: 12.38
Matched TTPs:
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1199 - Trusted Relationship
  • T1564.003 - Hidden Window
MITREへのリンク →

Ferocious Kitten

Score: 4.29
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
  • T1199 - Trusted Relationship
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

Inception

Score: 7.61
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 5.90
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 3.37
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
MITREへのリンク →

Confucius

Score: 3.51
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Sidewinder

Score: 7.86
Matched TTPs:
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Wizard Spider

Score: 5.83
Matched TTPs:
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Scattered Spider

Score: 8.13
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
MITREへのリンク →

Patchwork

Score: 5.63
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1008 - Fallback Channels
MITREへのリンク →

Cobalt Group

Score: 5.27
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

Lotus Blossom

Score: 3.78
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

FIN10

Score: 3.08
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Chimera

Score: 3.08
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

CURIUM

Score: 6.14
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Andariel

Score: 5.34
Matched TTPs:
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 7.51
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

RTM

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.86
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.001 - PowerShell
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.005 - Botnet
  • T1197 - BITS Jobs
  • T1057 - Process Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.004 - Disable or Modify System Firewall
  • T1547.002 - Authentication Package
  • T1552.005 - Cloud Instance Metadata API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1146 - Clear Command History
  • T1608.005 - Link Target
  • T1566.003 - Spearphishing via Service
  • T1546.007 - Netsh Helper DLL
  • T1152 - Launchctl
  • T1199 - Trusted Relationship
  • T1139 - Bash History
MITREへのリンク →

Sandworm Team

Score: 0.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1187 - Forced Authentication
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1573 - Encrypted Channel
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1005 - Data from Local System
  • T1547.002 - Authentication Package
  • T1566.004 - Spearphishing Voice
  • T1102.003 - One-Way Communication
  • T1193 - Spearphishing Attachment
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る