Trusted Design

Adwind: another payload for botnet-based malspam

概要

Since mid-July 2015, I've noticed an increase in malicious spam (malspam) caught by my employer's spam filters with java archive (.jar file) attachments. These .jar files are most often identified as Adwind. Adwind is a Java-based remote access tool (RAT) used by malware authors to infect computers with backdoor access. There's no vulnerability involved. To infect a Windows computer, the user has to execute the malware by double-clicking on the .jar file. [...] more on https://isc.sans.edu/forums/diary/Adwind+another+payload+for+botnetbased+malspam/20041/ by Brad Duncan Security Researcher at Rackspace

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 26.98
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 16.61
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Turla

Score: 16.58
Matched TTPs:
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mustard Tempest

Score: 13.59
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Volt Typhoon

Score: 24.39
Matched TTPs:
  • T1013 - Port Monitors
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.008 - Clear Mailbox Data
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

BlackByte

Score: 12.21
Matched TTPs:
  • T1013 - Port Monitors
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 27.54
Matched TTPs:
  • T1013 - Port Monitors
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Kimsuky

Score: 21.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN13

Score: 8.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Indrik Spider

Score: 5.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 8.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1601.001 - Patch System Image
MITREへのリンク →

OilRig

Score: 22.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

UNC3886

Score: 7.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 7.30
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sandworm Team

Score: 31.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1686.003 - Windows Host Firewall
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1059.011 - Lua
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT29

Score: 29.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1223 - Compiled HTML File
  • T1555.004 - Windows Credential Manager
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Play

Score: 6.25
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aoqin Dragon

Score: 6.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 10.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1059.011 - Lua
MITREへのリンク →

Ke3chang

Score: 10.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TeamTNT

Score: 10.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

FIN7

Score: 26.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Malteiro

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 5.70
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Transparent Tribe

Score: 4.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Dragonfly

Score: 10.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

WIRTE

Score: 4.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

RTM

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 4.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

CURIUM

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

Tropic Trooper

Score: 13.67
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

PLATINUM

Score: 10.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

menuPass

Score: 7.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

TA551

Score: 11.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1562.011 - Spoof Security Alerting
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

HEXANE

Score: 8.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN8

Score: 10.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1027.017 - SVG Smuggling
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 16.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 9.53
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT37

Score: 12.54
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

LazyScripter

Score: 13.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

TA505

Score: 14.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT39

Score: 12.59
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Star Blizzard

Score: 7.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Higaisa

Score: 9.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Wizard Spider

Score: 8.35
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Magic Hound

Score: 15.83
Matched TTPs:
  • T1087.002 - Domain Account
  • T1583.006 - Web Services
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN4

Score: 5.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Cobalt Group

Score: 11.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-1811

Score: 5.32
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Inception

Score: 7.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 7.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 9.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 4.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT28

Score: 23.77
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gorgon Group

Score: 4.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT19

Score: 6.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 12.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 17.73
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

SideCopy

Score: 10.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Leviathan

Score: 15.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 3.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Andariel

Score: 16.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BRONZE BUTLER

Score: 12.49
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT38

Score: 20.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1138 - Application Shimming
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1059.012 - Hypervisor CLI
  • T1059.005 - Visual Basic
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MuddyWater

Score: 22.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1218.012 - Verclsid
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Molerats

Score: 8.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 32.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.012 - Verclsid
  • T1608 - Stage Capabilities
  • T1583.006 - Web Services
  • T1061 - Graphical User Interface
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 16.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1562.009 - Safe Mode Boot
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT32

Score: 16.46
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

The White Company

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 3.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Silence

Score: 8.35
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sidewinder

Score: 13.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1657 - Financial Theft
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Confucius

Score: 6.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.012 - Verclsid
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

BlackTech

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 10.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Evilnum

Score: 4.22
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Storm-0501

Score: 5.36
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1583.006 - Web Services
MITREへのリンク →

APT41

Score: 9.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winter Vivern

Score: 7.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

APT1

Score: 6.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1622 - Debugger Evasion
MITREへのリンク →

Agrius

Score: 5.40
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1622 - Debugger Evasion
MITREへのリンク →

ZIRCONIUM

Score: 4.53
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Rocke

Score: 9.77
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Ember Bear

Score: 9.98
Matched TTPs:
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Medusa Group

Score: 16.87
Matched TTPs:
  • T1218.003 - CMSTP
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Metador

Score: 3.24
Matched TTPs:
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Aquatic Panda

Score: 6.75
Matched TTPs:
  • T1136.002 - Domain Account
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

BackdoorDiplomacy

Score: 5.52
Matched TTPs:
  • T1136.002 - Domain Account
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Scattered Spider

Score: 4.88
Matched TTPs:
  • T1136.002 - Domain Account
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

HAFNIUM

Score: 10.05
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Axiom

Score: 13.07
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

Chimera

Score: 8.20
Matched TTPs:
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT5

Score: 3.17
Matched TTPs:
  • T1583.006 - Web Services
  • T1622 - Debugger Evasion
MITREへのリンク →

APT3

Score: 7.72
Matched TTPs:
  • T1583.006 - Web Services
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

GALLIUM

Score: 3.06
Matched TTPs:
  • T1059.011 - Lua
  • T1547.013 - XDG Autostart Entries
MITREへのリンク →

Sea Turtle

Score: 5.12
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Leafminer

Score: 3.63
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Fox Kitten

Score: 4.29
Matched TTPs:
  • T1601.001 - Patch System Image
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
MITREへのリンク →

INC Ransom

Score: 4.82
Matched TTPs:
  • T1547.013 - XDG Autostart Entries
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Blue Mockingbird

Score: 4.05
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 6.53
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Gamaredon Group

Score: 0.78
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1061 - Graphical User Interface
  • T1059.013 - Container CLI/API
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1546.017 - Udev Rules
  • T1583.006 - Web Services
  • T1608 - Stage Capabilities
  • T1601.001 - Patch System Image
  • T1562.009 - Safe Mode Boot
  • T1059.011 - Lua
MITREへのリンク →

Sandworm Team

Score: 0.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1686.003 - Windows Host Firewall
  • T1218.010 - Regsvr32
  • T1601.001 - Patch System Image
  • T1187 - Forced Authentication
  • T1547.013 - XDG Autostart Entries
  • T1005 - Data from Local System
  • T1049 - System Network Connections Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
MITREへのリンク →

APT29

Score: 0.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.012 - Verclsid
  • T1087.002 - Domain Account
  • T1138 - Application Shimming
  • T1598.003 - Spearphishing Link
  • T1223 - Compiled HTML File
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1547.013 - XDG Autostart Entries
  • T1683 - Generate Content
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

FIN7

Score: 0.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1622 - Debugger Evasion
  • T1011.001 - Exfiltration Over Bluetooth
  • T1027.007 - Dynamic API Resolution
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1564.002 - Hidden Users
  • T1601.001 - Patch System Image
MITREへのリンク →

Mustang Panda

Score: 0.67
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1013 - Port Monitors
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1608 - Stage Capabilities
  • T1055.005 - Thread Local Storage
  • T1059.011 - Lua
MITREへのリンク →

Lazarus Group

Score: 0.65
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1622 - Debugger Evasion
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1070.008 - Clear Mailbox Data
  • T1218.010 - Regsvr32
  • T1583.006 - Web Services
  • T1059.012 - Hypervisor CLI
  • T1547.013 - XDG Autostart Entries
  • T1055.005 - Thread Local Storage
  • T1132.001 - Standard Encoding
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1055.008 - Ptrace System Calls
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1566.003 - Spearphishing via Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Volt Typhoon

Score: 0.60
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1622 - Debugger Evasion
  • T1013 - Port Monitors
  • T1686.003 - Windows Host Firewall
  • T1070.008 - Clear Mailbox Data
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1547.013 - XDG Autostart Entries
  • T1562.009 - Safe Mode Boot
MITREへのリンク →

MuddyWater

Score: 0.57
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.012 - Verclsid
  • T1518.002 - Backup Software Discovery
  • T1059.013 - Container CLI/API
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1562.011 - Spoof Security Alerting
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1601.001 - Patch System Image
MITREへのリンク →

OilRig

Score: 0.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1622 - Debugger Evasion
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.013 - XDG Autostart Entries
  • T1583.006 - Web Services
  • T1005 - Data from Local System
  • T1562.009 - Safe Mode Boot
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る