Trusted Design

Payloads from MS15-093 (PlugX)

概要

The recent vulnerability of MS15-093 revealed that attackers were using it distribute the Korplug/Plugx RAT. After obtaining a sample from this attack and conducting further analysis, we found that the attackers have been using the same payload and just altering its configurations in attacks since March of this year.

Created: 2026-02-23

Indicators

類似Pulses

Korplug RAT used to attack Vietnamese institutions (score: 0.67)
BBSRAT Attacks Targeting Russian Organizations (score: 0.62)
20160203: BE2 extraordinary plugins, Siemens targeting (score: 0.61)
RATs, Hackers and Rihanna (score: 0.61)
Targeted Attack Distributes PlugX in Russia (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

Sandworm Team

Score: 10.65

Matched TTPs:

T1686.003 - Windows Host Firewall
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32

MITREへのリンク →

Volt Typhoon

Score: 5.31

Matched TTPs:

T1686.003 - Windows Host Firewall
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Storm-0501

Score: 5.31

Matched TTPs:

T1686.003 - Windows Host Firewall
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

OilRig

Score: 5.34

Matched TTPs:

T1005 - Data from Local System
T1218.010 - Regsvr32

MITREへのリンク →

Ember Bear

Score: 6.81

Matched TTPs:

T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32

MITREへのリンク →

APT28

Score: 7.50

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1146 - Clear Command History

MITREへのリンク →

APT29

Score: 6.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1592.004 - Client Configurations
T1218.010 - Regsvr32

MITREへのリンク →

MoustachedBouncer

Score: 4.54

Matched TTPs:

T1055.003 - Thread Execution Hijacking

MITREへのリンク →

APT32

Score: 5.34

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32

MITREへのリンク →

BRONZE BUTLER

Score: 5.34

Matched TTPs:

T1592.004 - Client Configurations
T1218.010 - Regsvr32

MITREへのリンク →

Mustang Panda

Score: 6.03

Matched TTPs:

T1169 - Sudo
T1218.010 - Regsvr32

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.84

Matched TTPs:

T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1686.003 - Windows Host Firewall

MITREへのリンク →

APT28

Score: 0.61

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1146 - Clear Command History

MITREへのリンク →

APT29

Score: 0.56

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1592.004 - Client Configurations

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る