Trusted Design

New Spear Phishing Campaign Pretends to be EFF

概要

Google's security team recently identified a new domain masquerading as an official EFF site as part of a targeted malware campaign. That domain, electronicfrontierfoundation.org, is designed to trick users into a false sense of trust and it appears to have been used in a spear phishing attack, though it is unclear who the intended targets were. The domain was registered on August 4, 2015, under a presumably false name, and we suspect that the attack started on the same day. At the time of this writing the domain is still serving malware. Electronicfrontierfoundation.org was not the only domain involved in this attack. It seems to be part of a larger campaign, known as “Pawn Storm”. The current phase of the Pawn Storm attack campaign started a little over a month ago, and the overall campaign was first identified in an October 2014 report from Trend Micro (PDF). The group behind the attacks is possibly associated with the Russian government and has been active since at least 2007.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 6.32
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Sandworm Team

Score: 41.23
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1546.008 - Accessibility Features
  • T1102.003 - One-Way Communication
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Volt Typhoon

Score: 26.16
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT28

Score: 48.36
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1592.003 - Firmware
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 21.37
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1578.001 - Create Snapshot
MITREへのリンク →

Leviathan

Score: 25.37
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1592.003 - Firmware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 16.04
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1053.002 - At
MITREへのリンク →

Silent Librarian

Score: 17.24
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
MITREへのリンク →

Kimsuky

Score: 61.89
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1683.001 - Written Content
  • T1546.008 - Accessibility Features
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1053.002 - At
MITREへのリンク →

EXOTIC LILY

Score: 17.75
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

MuddyWater

Score: 4.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
MITREへのリンク →

LuminousMoth

Score: 12.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Confucius

Score: 4.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
MITREへのリンク →

Sidewinder

Score: 10.99
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1578.001 - Create Snapshot
MITREへのリンク →

Elderwood

Score: 4.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 4.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN7

Score: 28.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1065 - Uncommonly Used Port
  • T1105 - Ingress Tool Transfer
  • T1578.001 - Create Snapshot
MITREへのリンク →

Transparent Tribe

Score: 14.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

Mustang Panda

Score: 27.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN8

Score: 5.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT32

Score: 25.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT3

Score: 5.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

APT1

Score: 9.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1053.002 - At
MITREへのリンク →

Lazarus Group

Score: 27.20
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT33

Score: 6.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.001 - Exfiltration to Code Repository
MITREへのリンク →

Magic Hound

Score: 37.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1592.003 - Firmware
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

OilRig

Score: 15.93
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 8.80
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 5.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT29

Score: 9.52
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA2541

Score: 10.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Earth Lusca

Score: 12.34
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RedCurl

Score: 11.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1016.002 - Wi-Fi Discovery
  • T1128 - Netsh Helper DLL
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-1811

Score: 23.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 14.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

Wizard Spider

Score: 13.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1588.001 - Malware
  • T1567.001 - Exfiltration to Code Repository
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

Patchwork

Score: 6.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA505

Score: 9.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1016.002 - Wi-Fi Discovery
MITREへのリンク →

LazyScripter

Score: 10.01
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 13.00
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1128 - Netsh Helper DLL
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Scattered Spider

Score: 23.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1019 - System Firmware
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Star Blizzard

Score: 18.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
MITREへのリンク →

Moonstone Sleet

Score: 18.36
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 20.67
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 23.08
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Saint Bear

Score: 7.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Tropic Trooper

Score: 6.29
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1128 - Netsh Helper DLL
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN6

Score: 10.58
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1128 - Netsh Helper DLL
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 7.42
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

menuPass

Score: 6.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Threat Group-3390

Score: 9.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 13.84
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

Darkhotel

Score: 5.23
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

BITTER

Score: 6.46
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1588.001 - Malware
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

APT41

Score: 12.48
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1030 - Data Transfer Size Limits
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Winter Vivern

Score: 12.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Higaisa

Score: 5.56
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1578.001 - Create Snapshot
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 9.75
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1053.002 - At
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

IndigoZebra

Score: 7.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

APT38

Score: 4.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

The White Company

Score: 3.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
MITREへのリンク →

PLATINUM

Score: 9.36
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 15.69
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1065 - Uncommonly Used Port
MITREへのリンク →

LAPSUS$

Score: 31.34
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1619 - Cloud Storage Object Discovery
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TeamTNT

Score: 5.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

BlackByte

Score: 5.82
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
MITREへのリンク →

Contagious Interview

Score: 36.45
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

RedEcho

Score: 4.26
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Sea Turtle

Score: 8.94
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1137.004 - Outlook Home Page
MITREへのリンク →

FIN13

Score: 11.81
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

UNC3886

Score: 8.82
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1588.001 - Malware
  • T1578.001 - Create Snapshot
MITREへのリンク →

Medusa Group

Score: 11.91
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1128 - Netsh Helper DLL
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Fox Kitten

Score: 4.44
Matched TTPs:
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
MITREへのリンク →

PROMETHIUM

Score: 3.86
Matched TTPs:
  • T1588.001 - Malware
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Storm-0501

Score: 4.62
Matched TTPs:
  • T1588.001 - Malware
  • T1552.003 - Shell History
MITREへのリンク →

INC Ransom

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

HAFNIUM

Score: 11.15
Matched TTPs:
  • T1608.005 - Link Target
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Axiom

Score: 14.13
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1114.002 - Remote Email Collection
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Chimera

Score: 8.37
Matched TTPs:
  • T1592.003 - Firmware
  • T1548.006 - TCC Manipulation
  • T1578.001 - Create Snapshot
MITREへのリンク →

Velvet Ant

Score: 6.88
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1030 - Data Transfer Size Limits
  • T1588.001 - Malware
  • T1683.001 - Written Content
  • T1546.008 - Accessibility Features
  • T1608.005 - Link Target
  • T1131 - Authentication Package
  • T1197 - BITS Jobs
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1057 - Process Discovery
  • T1114 - Email Collection
  • T1690 - Prevent Command History Logging
  • T1102.003 - One-Way Communication
  • T1053.002 - At
  • T1598.003 - Spearphishing Link
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1183 - Image File Execution Options Injection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1552.003 - Shell History
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

APT28

Score: 0.71
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1566.003 - Spearphishing via Service
  • T1024 - Custom Cryptographic Protocol
  • T1548.006 - TCC Manipulation
  • T1146 - Clear Command History
  • T1055.008 - Ptrace System Calls
  • T1057 - Process Discovery
  • T1592.003 - Firmware
  • T1608.005 - Link Target
  • T1131 - Authentication Package
  • T1598.003 - Spearphishing Link
  • T1197 - BITS Jobs
MITREへのリンク →

Sandworm Team

Score: 0.62
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1543.003 - Windows Service
  • T1484.002 - Trust Modification
  • T1564.008 - Email Hiding Rules
  • T1102.003 - One-Way Communication
  • T1193 - Spearphishing Attachment
  • T1548.006 - TCC Manipulation
  • T1016.002 - Wi-Fi Discovery
  • T1546.008 - Accessibility Features
  • T1114 - Email Collection
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Magic Hound

Score: 0.56
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1098.002 - Additional Email Delegate Permissions
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1578.002 - Create Cloud Instance
  • T1588.001 - Malware
  • T1016.002 - Wi-Fi Discovery
  • T1053.002 - At
  • T1592.003 - Firmware
  • T1608.005 - Link Target
  • T1547.008 - LSASS Driver
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る