Trusted Design

Payloads from MS15-093 (PlugX)

概要

The recent vulnerability of MS15-093 revealed that attackers were using it distribute the Korplug/Plugx RAT. After obtaining a sample from this attack and conducting further analysis, we found that the attackers have been using the same payload and just altering its configurations in attacks since March of this year.

Created: 2026-02-23

Indicators

類似Pulses

Korplug RAT used to attack Vietnamese institutions (score: 0.67)
BBSRAT Attacks Targeting Russian Organizations (score: 0.62)
20160203: BE2 extraordinary plugins, Siemens targeting (score: 0.61)
RATs, Hackers and Rihanna (score: 0.61)
Targeted Attack Distributes PlugX in Russia (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 10.65

Matched TTPs:

T1588.006 - Vulnerabilities
T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution

MITREへのリンク →

Volt Typhoon

Score: 5.31

Matched TTPs:

T1588.006 - Vulnerabilities
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Storm-0501

Score: 5.31

Matched TTPs:

T1588.006 - Vulnerabilities
T1190 - Exploit Public-Facing Application

MITREへのリンク →

OilRig

Score: 5.34

Matched TTPs:

T1195 - Supply Chain Compromise
T1203 - Exploitation for Client Execution

MITREへのリンク →

Ember Bear

Score: 6.81

Matched TTPs:

T1195 - Supply Chain Compromise
T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT28

Score: 7.50

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1498 - Network Denial of Service

MITREへのリンク →

APT29

Score: 6.81

Matched TTPs:

T1190 - Exploit Public-Facing Application
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1659 - Content Injection

MITREへのリンク →

APT32

Score: 5.34

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

BRONZE BUTLER

Score: 5.34

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution

MITREへのリンク →

Mustang Panda

Score: 6.03

Matched TTPs:

T1678 - Delay Execution
T1203 - Exploitation for Client Execution

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.84

Matched TTPs:

T1588.006 - Vulnerabilities
T1195 - Supply Chain Compromise
T1203 - Exploitation for Client Execution
T1190 - Exploit Public-Facing Application

MITREへのリンク →

APT28

Score: 0.61

Matched TTPs:

T1498 - Network Denial of Service
T1203 - Exploitation for Client Execution
T1190 - Exploit Public-Facing Application

MITREへのリンク →

APT29

Score: 0.56

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1190 - Exploit Public-Facing Application

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る