Trusted Design

Operation Arid Viper Slithers Back into View

概要

Earlier this year, researchers published analyses of targeted attack known as Operation Arid Viper (aka Desert Falcons, aka DHS) directed primarily at organizations in the Middle East. Delivering a backdoor and spyware, this campaign was designed to steal information from infected systems using a malware client capable of filtering out “uninteresting” files, and spread primarily via a targeted phishing email usually promising a pornographic video.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 42.31
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1059.010 - AutoHotKey & AutoIT
  • T1164 - Re-opened Applications
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

LAPSUS$

Score: 14.75
Matched TTPs:
  • T1216.001 - PubPrn
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Ember Bear

Score: 18.38
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1098.004 - SSH Authorized Keys
  • T1218.010 - Regsvr32
  • T1519 - Emond
MITREへのリンク →

Sandworm Team

Score: 36.67
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

Andariel

Score: 9.18
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 22.98
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 24.45
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.008 - Stripped Payloads
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

APT41

Score: 16.48
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1562.004 - Disable or Modify System Firewall
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

TA551

Score: 6.32
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Silent Librarian

Score: 3.29
Matched TTPs:
  • T1114 - Email Collection
MITREへのリンク →

Kimsuky

Score: 39.13
Matched TTPs:
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1152 - Launchctl
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1197 - BITS Jobs
  • T1526 - Cloud Service Discovery
MITREへのリンク →

EXOTIC LILY

Score: 17.66
Matched TTPs:
  • T1114 - Email Collection
  • T1091 - Replication Through Removable Media
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

FIN13

Score: 12.22
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
MITREへのリンク →

Moonstone Sleet

Score: 14.88
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 5.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
MITREへのリンク →

Lazarus Group

Score: 20.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 28.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 17.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1526 - Cloud Service Discovery
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 7.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Salt Typhoon

Score: 5.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
MITREへのリンク →

APT29

Score: 20.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1562.004 - Disable or Modify System Firewall
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
MITREへのリンク →

Aoqin Dragon

Score: 5.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 7.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1122 - Component Object Model Hijacking
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Turla

Score: 5.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
MITREへのリンク →

Ke3chang

Score: 7.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Mustang Panda

Score: 22.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 14.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1519 - Emond
MITREへのリンク →

FIN7

Score: 18.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1098.004 - SSH Authorized Keys
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1065 - Uncommonly Used Port
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

BRONZE BUTLER

Score: 11.84
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Agrius

Score: 3.75
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

APT38

Score: 5.19
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Molerats

Score: 4.72
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 3.06
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

Earth Lusca

Score: 8.14
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
MITREへのリンク →

Storm-1811

Score: 6.28
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.008 - LSASS Driver
MITREへのリンク →

ZIRCONIUM

Score: 9.21
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
MITREへのリンク →

MuddyWater

Score: 7.82
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Gamaredon Group

Score: 12.55
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
  • T1608.005 - Link Target
  • T1546.017 - Udev Rules
MITREへのリンク →

TA505

Score: 3.54
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Threat Group-3390

Score: 14.08
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

APT28

Score: 27.59
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 6.35
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
MITREへのリンク →

menuPass

Score: 6.50
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

BlackByte

Score: 7.39
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1562.010 - Downgrade Attack
MITREへのリンク →

Leviathan

Score: 8.80
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.004 - Disable or Modify System Firewall
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Cinnamon Tempest

Score: 4.09
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
MITREへのリンク →

Tropic Trooper

Score: 12.18
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1159 - Launch Agent
MITREへのリンク →

Malteiro

Score: 4.09
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
MITREへのリンク →

Higaisa

Score: 6.21
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

TA2541

Score: 9.88
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1128 - Netsh Helper DLL
  • T1546.017 - Udev Rules
MITREへのリンク →

Mustard Tempest

Score: 6.51
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
MITREへのリンク →

LazyScripter

Score: 6.17
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
MITREへのリンク →

Star Blizzard

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1102.003 - One-Way Communication
MITREへのリンク →

SideCopy

Score: 4.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1159 - Launch Agent
MITREへのリンク →

BITTER

Score: 7.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 11.51
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 8.34
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1065 - Uncommonly Used Port
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

APT42

Score: 4.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Windshift

Score: 7.46
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1159 - Launch Agent
  • T1547.008 - LSASS Driver
MITREへのリンク →

PLATINUM

Score: 6.72
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Volatile Cedar

Score: 6.72
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

Dragonfly

Score: 7.93
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1218.010 - Regsvr32
MITREへのリンク →

Silence

Score: 3.84
Matched TTPs:
  • T1098.004 - SSH Authorized Keys
MITREへのリンク →

Axiom

Score: 5.12
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Scattered Spider

Score: 5.96
Matched TTPs:
  • T1552.003 - Shell History
  • T1197 - BITS Jobs
MITREへのリンク →

Medusa Group

Score: 15.44
Matched TTPs:
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1128 - Netsh Helper DLL
  • T1216 - System Script Proxy Execution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Confucius

Score: 3.51
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

POLONIUM

Score: 4.76
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Sea Turtle

Score: 4.24
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 4.24
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

BlackTech

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Cobalt Group

Score: 4.24
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT37

Score: 5.12
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Inception

Score: 4.24
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Velvet Ant

Score: 6.88
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN6

Score: 5.27
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN8

Score: 5.90
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Wizard Spider

Score: 3.15
Matched TTPs:
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Volt Typhoon

Score: 0.82
Matched TTPs:
  • T1574.002 - DLL Side-Loading
  • T1553.002 - Code Signing
  • T1102.003 - One-Way Communication
  • T1049 - System Network Connections Discovery
  • T1552.008 - Chat Messages
  • T1148 - HISTCONTROL
  • T1065 - Uncommonly Used Port
  • T1114 - Email Collection
  • T1059.010 - AutoHotKey & AutoIT
  • T1057 - Process Discovery
  • T1159 - Launch Agent
  • T1164 - Re-opened Applications
MITREへのリンク →

Kimsuky

Score: 0.75
Matched TTPs:
  • T1152 - Launchctl
  • T1683.001 - Written Content
  • T1606.002 - SAML Tokens
  • T1102.003 - One-Way Communication
  • T1091 - Replication Through Removable Media
  • T1526 - Cloud Service Discovery
  • T1690 - Prevent Command History Logging
  • T1552.003 - Shell History
  • T1114 - Email Collection
  • T1059.010 - AutoHotKey & AutoIT
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1608.005 - Link Target
MITREへのリンク →

Sandworm Team

Score: 0.74
Matched TTPs:
  • T1187 - Forced Authentication
  • T1193 - Spearphishing Attachment
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1091 - Replication Through Removable Media
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1049 - System Network Connections Discovery
  • T1114 - Email Collection
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.004 - Disable or Modify System Firewall
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

APT28

Score: 0.58
Matched TTPs:
  • T1152 - Launchctl
  • T1122 - Component Object Model Hijacking
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1566.003 - Spearphishing via Service
  • T1562.004 - Disable or Modify System Firewall
  • T1059.010 - AutoHotKey & AutoIT
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1608.005 - Link Target
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る