Trusted Design

Large Malvertising Campaign Goes (Almost) Undetected

概要

The malvertising campaign we are exposing leveraged several top ad networks, as well as many more smaller ones. Despite its large scope and impact, it ran mostly uninterrupted for almost three weeks, according to telemetry data we were able to mine once we uncovered the scheme. The threat actors responsible for this attack devised a cunning plan to pose as legitimate advertisers and employed stealthy and advanced techniques to hide malicious traffic redirections so well that they evaded most detection systems. The ultimate goal of this plan was to compromise the computers of millions of users browsing popular websites by covertly redirecting their browsers to the Angler Exploit Kit, the most advanced tool used in drive-by download attacks

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Mustang Panda

Score: 42.77
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1526 - Cloud Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

Kimsuky

Score: 86.01
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1602.002 - Network Device Configuration Dump
  • T1152 - Launchctl
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1526 - Cloud Service Discovery
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Sea Turtle

Score: 20.77
Matched TTPs:
  • T1037 - Boot or Logon Initialization Scripts
  • T1033 - System Owner/User Discovery
  • T1218 - System Binary Proxy Execution
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
MITREへのリンク →

Ember Bear

Score: 25.82
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Indrik Spider

Score: 11.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 3.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Contagious Interview

Score: 35.90
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sandworm Team

Score: 61.08
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
MITREへのリンク →

Star Blizzard

Score: 15.22
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

Volt Typhoon

Score: 52.06
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1099 - Timestomp
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1491 - Defacement
  • T1045 - Software Packing
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

LAPSUS$

Score: 33.49
Matched TTPs:
  • T1216.001 - PubPrn
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1137.004 - Outlook Home Page
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Andariel

Score: 13.41
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 40.42
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 31.25
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

HEXANE

Score: 15.21
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

APT29

Score: 23.51
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1608.006 - SEO Poisoning
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 34.82
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1612 - Build Image on Host
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1547.002 - Authentication Package
MITREへのリンク →

TA2541

Score: 11.49
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Lotus Blossom

Score: 6.52
Matched TTPs:
  • T1099 - Timestomp
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 22.19
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1053.006 - Systemd Timers
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 33.17
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.004 - Unix Shell
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 13.46
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT28

Score: 50.40
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

ZIRCONIUM

Score: 19.51
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Leviathan

Score: 29.08
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1562.004 - Disable or Modify System Firewall
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Mustard Tempest

Score: 17.30
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
MITREへのリンク →

Silent Librarian

Score: 6.59
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
MITREへのリンク →

EXOTIC LILY

Score: 21.63
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

Moonstone Sleet

Score: 19.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 40.35
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1105 - Ingress Tool Transfer
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

OilRig

Score: 23.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

UNC3886

Score: 20.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1218 - System Binary Proxy Execution
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 14.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 12.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 5.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 8.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 6.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1199 - Trusted Relationship
MITREへのリンク →

TeamTNT

Score: 13.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1562.004 - Disable or Modify System Firewall
  • T1612 - Build Image on Host
  • T1519 - Emond
MITREへのリンク →

FIN7

Score: 32.05
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 6.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

MuddyWater

Score: 8.20
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 4.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 9.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 4.71
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 10.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 22.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT3

Score: 6.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 4.75
Matched TTPs:
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 9.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
MITREへのリンク →

Windshift

Score: 5.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Earth Lusca

Score: 21.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Storm-1811

Score: 9.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 8.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Patchwork

Score: 14.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 6.73
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

LazyScripter

Score: 10.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 6.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
MITREへのリンク →

APT39

Score: 7.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 25.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1491 - Defacement
  • T1019 - System Firmware
  • T1045 - Software Packing
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
MITREへのリンク →

CURIUM

Score: 13.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 26.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1654 - Log Enumeration
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

Threat Group-3390

Score: 16.40
Matched TTPs:
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Velvet Ant

Score: 5.96
Matched TTPs:
  • T1583.005 - Botnet
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

SideCopy

Score: 5.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

BlackByte

Score: 5.82
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1606.001 - Web Cookies
MITREへのリンク →

BITTER

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

Medusa Group

Score: 22.21
Matched TTPs:
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1598 - Phishing for Information
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Volatile Cedar

Score: 6.72
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

APT41

Score: 18.83
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 12.52
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Aquatic Panda

Score: 5.90
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Fox Kitten

Score: 8.15
Matched TTPs:
  • T1491 - Defacement
  • T1045 - Software Packing
  • T1612 - Build Image on Host
MITREへのリンク →

APT38

Score: 9.52
Matched TTPs:
  • T1491 - Defacement
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Chimera

Score: 7.57
Matched TTPs:
  • T1491 - Defacement
  • T1199 - Trusted Relationship
  • T1592.003 - Firmware
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Blue Mockingbird

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Cinnamon Tempest

Score: 5.71
Matched TTPs:
  • T1045 - Software Packing
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 4.11
Matched TTPs:
  • T1045 - Software Packing
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

POLONIUM

Score: 7.60
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

BackdoorDiplomacy

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Rocke

Score: 12.61
Matched TTPs:
  • T1114.003 - Email Forwarding Rule
  • T1612 - Build Image on Host
  • T1105 - Ingress Tool Transfer
  • T1008 - Fallback Channels
MITREへのリンク →

Gorgon Group

Score: 4.98
Matched TTPs:
  • T1114.003 - Email Forwarding Rule
  • T1199 - Trusted Relationship
MITREへのリンク →

Axiom

Score: 14.70
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Inception

Score: 4.87
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 8.64
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
  • T1556 - Modify Authentication Process
MITREへのリンク →

INC Ransom

Score: 6.66
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Darkhotel

Score: 7.39
Matched TTPs:
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 7.39
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

GALLIUM

Score: 4.00
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Deep Panda

Score: 3.15
Matched TTPs:
  • T1059.004 - Unix Shell
MITREへのリンク →

Tropic Trooper

Score: 7.78
Matched TTPs:
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 9.28
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1216 - System Script Proxy Execution
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Higaisa

Score: 8.27
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1569.002 - Service Execution
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.78
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1654 - Log Enumeration
  • T1683.001 - Written Content
  • T1003.003 - NTDS
  • T1152 - Launchctl
  • T1037 - Boot or Logon Initialization Scripts
  • T1526 - Cloud Service Discovery
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1008 - Fallback Channels
  • T1197 - BITS Jobs
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1057 - Process Discovery
  • T1602.002 - Network Device Configuration Dump
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1091 - Replication Through Removable Media
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1566.002 - Spearphishing Link
  • T1690 - Prevent Command History Logging
  • T1583.005 - Botnet
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

Sandworm Team

Score: 0.61
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1484.002 - Trust Modification
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1546.016 - Installer Packages
  • T1045 - Software Packing
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1193 - Spearphishing Attachment
  • T1543.003 - Windows Service
  • T1075 - Pass the Hash
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1049 - System Network Connections Discovery
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1102.003 - One-Way Communication
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る