Trusted Design

Darkhotel’s attacks in 2015

概要

Darkhotel APT attacks dated 2014 and earlier are characterized by the misuse of stolen certificates, the deployment of .hta files with multiple techniques, and the use of unusual methods like the infiltration of hotel Wi-Fi to place backdoors in targets’ systems. In 2015, many of these techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team. The Darkhotel APT continues to spearphish targets around the world, with a wider geographic reach than its previous botnet buildout and hotel Wi-Fi attacks. Some of the targets are diplomatic or have strategic commercial interests.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 33.46
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Kimsuky

Score: 68.25
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1594 - Search Victim-Owned Websites
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1596 - Search Open Technical Databases
  • T1583.004 - Server
  • T1589.003 - Employee Names
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1534 - Internal Spearphishing
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1593.001 - Social Media
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1588.005 - Exploits
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Sea Turtle

Score: 16.34
Matched TTPs:
  • T1557 - Adversary-in-the-Middle
  • T1583 - Acquire Infrastructure
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1584.002 - DNS Server
MITREへのリンク →

Ember Bear

Score: 34.46
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1595.001 - Scanning IP Blocks
  • T1588.005 - Exploits
MITREへのリンク →

Indrik Spider

Score: 14.48
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1590 - Gather Victim Network Information
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 10.82
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1074.001 - Local Data Staging
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 38.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1593.001 - Social Media
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 76.39
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1491.002 - External Defacement
  • T1594 - Search Victim-Owned Websites
  • T1587.001 - Malware
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1583.004 - Server
  • T1591.002 - Business Relationships
  • T1090 - Proxy
  • T1589.003 - Employee Names
  • T1584.005 - Botnet
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1584.004 - Server
  • T1590.001 - Domain Properties
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Star Blizzard

Score: 16.74
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1598.002 - Spearphishing Attachment
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 59.70
Matched TTPs:
  • T1592 - Gather Victim Host Information
  • T1584.008 - Network Devices
  • T1594 - Search Victim-Owned Websites
  • T1074.001 - Local Data Staging
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1590.006 - Network Security Appliances
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1591 - Gather Victim Org Information
  • T1590 - Gather Victim Network Information
  • T1593 - Search Open Websites/Domains
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1591.004 - Identify Roles
  • T1584.004 - Server
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1090.001 - Internal Proxy
MITREへのリンク →

LAPSUS$

Score: 44.18
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1213.002 - Sharepoint
  • T1591.002 - Business Relationships
  • T1593.003 - Code Repositories
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1589.001 - Credentials
  • T1584.002 - DNS Server
  • T1591.004 - Identify Roles
  • T1213.003 - Code Repositories
  • T1213.005 - Messaging Applications
MITREへのリンク →

Akira

Score: 3.29
Matched TTPs:
  • T1213.002 - Sharepoint
MITREへのリンク →

HAFNIUM

Score: 31.08
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1590.005 - IP Addresses
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1593.003 - Code Repositories
  • T1592.004 - Client Configurations
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1590 - Gather Victim Network Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Chimera

Score: 15.52
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1074.001 - Local Data Staging
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 71.42
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1074.001 - Local Data Staging
  • T1598.003 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1557.004 - Evil Twin
  • T1595.002 - Vulnerability Scanning
  • T1596 - Search Open Technical Databases
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1189 - Drive-by Compromise
  • T1498 - Network Denial of Service
  • T1105 - Ingress Tool Transfer
  • T1669 - Wi-Fi Networks
MITREへのリンク →

Ke3chang

Score: 15.76
Matched TTPs:
  • T1213.002 - Sharepoint
  • T1587.001 - Malware
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 14.18
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1588.001 - Malware
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 51.83
Matched TTPs:
  • T1590.005 - IP Addresses
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1016.002 - Wi-Fi Discovery
  • T1595.002 - Vulnerability Scanning
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1589.001 - Credentials
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1591.001 - Determine Physical Locations
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 23.99
Matched TTPs:
  • T1584.008 - Network Devices
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
MITREへのリンク →

Leviathan

Score: 37.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1074.001 - Local Data Staging
  • T1586.001 - Social Media Accounts
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1589.001 - Credentials
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Mustard Tempest

Score: 16.82
Matched TTPs:
  • T1583.008 - Malvertising
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.004 - Server
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silent Librarian

Score: 11.96
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1589.003 - Employee Names
  • T1588.002 - Tool
MITREへのリンク →

EXOTIC LILY

Score: 23.14
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1597 - Search Closed Sources
  • T1593.001 - Social Media
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1594 - Search Victim-Owned Websites
  • T1583.006 - Web Services
MITREへのリンク →

OilRig

Score: 22.33
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gamaredon Group

Score: 31.95
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1102.003 - One-Way Communication
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Turla

Score: 33.91
Matched TTPs:
  • T1025 - Data from Removable Media
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

Storm-1811

Score: 26.13
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1566.004 - Spearphishing Voice
  • T1667 - Email Bombing
  • T1570 - Lateral Tool Transfer
  • T1036.010 - Masquerade Account Name
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Threat Group-3390

Score: 24.81
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Sidewinder

Score: 14.44
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1598.002 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN5

Score: 5.49
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1090.002 - External Proxy
  • T1588.002 - Tool
MITREへのリンク →

Patchwork

Score: 13.97
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

UNC3886

Score: 18.82
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT5

Score: 7.21
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1583.005 - Botnet
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Lotus Blossom

Score: 5.68
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1588.002 - Tool
  • T1090.001 - Internal Proxy
MITREへのリンク →

TeamTNT

Score: 28.37
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1610 - Deploy Container
  • T1102 - Web Service
  • T1048 - Exfiltration Over Alternative Protocol
  • T1595.001 - Scanning IP Blocks
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Lazarus Group

Score: 34.19
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
  • T1090.001 - Internal Proxy
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

MuddyWater

Score: 20.58
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT3

Score: 11.98
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1566.002 - Spearphishing Link
  • T1090.002 - External Proxy
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 14.49
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1566.002 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT39

Score: 14.51
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

GALLIUM

Score: 13.26
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1190 - Exploit Public-Facing Application
  • T1583.004 - Server
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

menuPass

Score: 17.23
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BackdoorDiplomacy

Score: 7.45
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 34.52
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1591.002 - Business Relationships
  • T1598.002 - Spearphishing Attachment
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1036.010 - Masquerade Account Name
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 16.05
Matched TTPs:
  • T1074.001 - Local Data Staging
  • T1587.001 - Malware
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

Moonstone Sleet

Score: 18.07
Matched TTPs:
  • T1587.001 - Malware
  • T1598.003 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1591 - Gather Victim Org Information
  • T1598 - Phishing for Information
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

LuminousMoth

Score: 12.63
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1587.001 - Malware
  • T1040 - Network Sniffing
  • T1590.004 - Network Topology
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 34.84
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1586.003 - Cloud Accounts
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090.002 - External Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1562.008 - Disable or Modify Cloud Logs
  • T1105 - Ingress Tool Transfer
  • T1665 - Hide Infrastructure
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Play

Score: 9.32
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1048 - Exfiltration Over Alternative Protocol
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Aoqin Dragon

Score: 8.86
Matched TTPs:
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

RedCurl

Score: 9.10
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Moses Staff

Score: 5.19
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 27.23
Matched TTPs:
  • T1587.001 - Malware
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1591 - Gather Victim Org Information
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 8.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 5.73
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 4.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1027.015 - Compression
MITREへのリンク →

Elderwood

Score: 5.48
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 9.26
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

FIN8

Score: 5.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 24.27
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT1

Score: 6.27
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

APT33

Score: 7.60
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1040 - Network Sniffing
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Molerats

Score: 5.38
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Windshift

Score: 11.44
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Cobalt Group

Score: 4.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA2541

Score: 14.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 30.91
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1595.002 - Vulnerability Scanning
  • T1583.004 - Server
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

TA505

Score: 9.02
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LazyScripter

Score: 14.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1102 - Web Service
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT42

Score: 8.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1102 - Web Service
  • T1588.002 - Tool
MITREへのリンク →

Scattered Spider

Score: 25.66
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1583.001 - Domains
  • T1090 - Proxy
  • T1588.001 - Malware
  • T1204 - User Execution
  • T1588.002 - Tool
  • T1598 - Phishing for Information
  • T1213.003 - Code Repositories
  • T1105 - Ingress Tool Transfer
  • T1213.005 - Messaging Applications
MITREへのリンク →

CURIUM

Score: 18.21
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1583.001 - Domains
  • T1583.004 - Server
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Velvet Ant

Score: 8.20
Matched TTPs:
  • T1040 - Network Sniffing
  • T1570 - Lateral Tool Transfer
  • T1090.001 - Internal Proxy
MITREへのリンク →

DarkVishnya

Score: 8.42
Matched TTPs:
  • T1040 - Network Sniffing
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

SideCopy

Score: 9.12
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1598.002 - Spearphishing Attachment
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackByte

Score: 6.46
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BITTER

Score: 10.23
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 17.50
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.001 - Domains
  • T1534 - Internal Spearphishing
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1591.004 - Identify Roles
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Rocke

Score: 8.05
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1102 - Web Service
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Medusa Group

Score: 24.17
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
  • T1218.014 - MMC
MITREへのリンク →

Fox Kitten

Score: 16.74
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1102 - Web Service
  • T1210 - Exploitation of Remote Services
  • T1039 - Data from Network Shared Drive
  • T1105 - Ingress Tool Transfer
  • T1213.005 - Messaging Applications
MITREへのリンク →

Cinnamon Tempest

Score: 5.44
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Winter Vivern

Score: 18.47
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1583.001 - Domains
  • T1036 - Masquerading
  • T1595.002 - Vulnerability Scanning
  • T1056.003 - Web Portal Capture
  • T1584.006 - Web Services
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volatile Cedar

Score: 8.97
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1595.003 - Wordlist Scanning
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 5.33
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Axiom

Score: 8.35
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT41

Score: 27.15
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1570 - Lateral Tool Transfer
  • T1213.003 - Code Repositories
  • T1105 - Ingress Tool Transfer
  • T1596.005 - Scan Databases
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

IndigoZebra

Score: 5.16
Matched TTPs:
  • T1583.001 - Domains
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 8.53
Matched TTPs:
  • T1583.001 - Domains
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Ferocious Kitten

Score: 5.81
Matched TTPs:
  • T1583.001 - Domains
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
MITREへのリンク →

BRONZE BUTLER

Score: 19.58
Matched TTPs:
  • T1036 - Masquerading
  • T1036.002 - Right-to-Left Override
  • T1588.002 - Tool
  • T1039 - Data from Network Shared Drive
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

PLATINUM

Score: 4.73
Matched TTPs:
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1659 - Content Injection
  • T1090 - Proxy
MITREへのリンク →

Aquatic Panda

Score: 6.68
Matched TTPs:
  • T1595.002 - Vulnerability Scanning
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Tonto Team

Score: 7.76
Matched TTPs:
  • T1090.002 - External Proxy
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 4.37
Matched TTPs:
  • T1090.002 - External Proxy
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1090 - Proxy
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 6.85
Matched TTPs:
  • T1090 - Proxy
  • T1189 - Drive-by Compromise
  • T1518 - Software Discovery
MITREへのリンク →

POLONIUM

Score: 7.60
Matched TTPs:
  • T1090 - Proxy
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

Metador

Score: 4.08
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Inception

Score: 7.61
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

FIN6

Score: 5.90
Matched TTPs:
  • T1102 - Web Service
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN10

Score: 3.08
Matched TTPs:
  • T1588.002 - Tool
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1039 - Data from Network Shared Drive
MITREへのリンク →

Tropic Trooper

Score: 8.64
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 10.06
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Higaisa

Score: 7.57
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Darkhotel

Score: 4.04
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Daggerfly

Score: 5.38
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

Ajax Security Team

Score: 3.30
Matched TTPs:
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1592.002 - Software
  • T1594 - Search Victim-Owned Websites
  • T1586.001 - Social Media Accounts
  • T1583.004 - Server
  • T1583.001 - Domains
  • T1102.002 - Bidirectional Communication
  • T1589.003 - Employee Names
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1570 - Lateral Tool Transfer
  • T1195 - Supply Chain Compromise
  • T1566.002 - Spearphishing Link
  • T1491.002 - External Defacement
  • T1583 - Acquire Infrastructure
  • T1590.001 - Domain Properties
  • T1591.002 - Business Relationships
  • T1040 - Network Sniffing
  • T1036 - Masquerading
  • T1584.004 - Server
  • T1203 - Exploitation for Client Execution
  • T1090 - Proxy
  • T1608.001 - Upload Malware
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1587.001 - Malware
  • T1593 - Search Open Websites/Domains
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 0.81
Matched TTPs:
  • T1669 - Wi-Fi Networks
  • T1583.001 - Domains
  • T1213.002 - Sharepoint
  • T1557.004 - Evil Twin
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1583.006 - Web Services
  • T1598 - Phishing for Information
  • T1589.001 - Credentials
  • T1584.008 - Network Devices
  • T1025 - Data from Removable Media
  • T1039 - Data from Network Shared Drive
  • T1596 - Search Open Technical Databases
  • T1040 - Network Sniffing
  • T1591 - Gather Victim Org Information
  • T1036 - Masquerading
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
  • T1074.001 - Local Data Staging
  • T1498 - Network Denial of Service
  • T1588.002 - Tool
  • T1090.002 - External Proxy
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1588.005 - Exploits
  • T1594 - Search Victim-Owned Websites
  • T1583.004 - Server
  • T1583.001 - Domains
  • T1102.002 - Bidirectional Communication
  • T1589.003 - Employee Names
  • T1598.003 - Spearphishing Link
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1557 - Adversary-in-the-Middle
  • T1598 - Phishing for Information
  • T1593.001 - Social Media
  • T1566.002 - Spearphishing Link
  • T1583 - Acquire Infrastructure
  • T1534 - Internal Spearphishing
  • T1596 - Search Open Technical Databases
  • T1040 - Network Sniffing
  • T1591 - Gather Victim Org Information
  • T1102.001 - Dead Drop Resolver
  • T1608.001 - Upload Malware
  • T1074.001 - Local Data Staging
  • T1588.002 - Tool
  • T1587.001 - Malware
  • T1593 - Search Open Websites/Domains
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 0.68
Matched TTPs:
  • T1590 - Gather Victim Network Information
  • T1594 - Search Victim-Owned Websites
  • T1591.004 - Identify Roles
  • T1190 - Exploit Public-Facing Application
  • T1570 - Lateral Tool Transfer
  • T1584.008 - Network Devices
  • T1590.006 - Network Security Appliances
  • T1590.004 - Network Topology
  • T1518 - Software Discovery
  • T1596.005 - Scan Databases
  • T1591 - Gather Victim Org Information
  • T1584.004 - Server
  • T1090.001 - Internal Proxy
  • T1090 - Proxy
  • T1584.005 - Botnet
  • T1074.001 - Local Data Staging
  • T1592 - Gather Victim Host Information
  • T1588.002 - Tool
  • T1593 - Search Open Websites/Domains
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1036.010 - Masquerade Account Name
  • T1592.002 - Software
  • T1573 - Encrypted Channel
  • T1583.001 - Domains
  • T1590.005 - IP Addresses
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1598.003 - Spearphishing Link
  • T1591.001 - Determine Physical Locations
  • T1190 - Exploit Public-Facing Application
  • T1595.002 - Vulnerability Scanning
  • T1570 - Lateral Tool Transfer
  • T1583.006 - Web Services
  • T1589.001 - Credentials
  • T1566.002 - Spearphishing Link
  • T1090 - Proxy
  • T1588.002 - Tool
  • T1016.002 - Wi-Fi Discovery
  • T1566.003 - Spearphishing via Service
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る