Trusted Design

Chinese Actors attacks on US Government and EU Media

概要

On May 6 and May 11, 2015, Unit 42 observed two targeted attacks, the first against the U.S. government and the second on a European media company. Threat actors delivered the same document via spear-phishing emails to both organizations. The actors weaponized the delivery document to install a variant of the ‘9002’ Trojan called ‘3102’ that heavily relies on plugins to provide functionality needed by the actors to carry out on their objectives. The 3102 payload used in this attack also appears to be related to the Evilgrab payload delivered in the watering hole attack hosted on the President of Myanmar’s website in May 2015. Additionally, we uncovered ties between the C2 infrastructure and individuals in China active in online hacking forums that claim to work in Trojan development.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

LAPSUS$

Score: 17.09
Matched TTPs:
  • T1216.001 - PubPrn
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1065 - Uncommonly Used Port
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Contagious Interview

Score: 37.65
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 25.91
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
  • T1197 - BITS Jobs
  • T1090.004 - Domain Fronting
  • T1027.002 - Software Packing
  • T1548.006 - TCC Manipulation
MITREへのリンク →

FIN4

Score: 5.58
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
MITREへのリンク →

Ember Bear

Score: 7.10
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 41.99
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Volt Typhoon

Score: 31.72
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT28

Score: 39.26
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1548.004 - Elevated Execution with Prompt
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ZIRCONIUM

Score: 15.38
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

Leviathan

Score: 21.34
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.014 - VDSO Hijacking
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Silent Librarian

Score: 5.74
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Kimsuky

Score: 57.18
Matched TTPs:
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
  • T1008 - Fallback Channels
MITREへのリンク →

EXOTIC LILY

Score: 16.91
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 5.30
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
MITREへのリンク →

FIN13

Score: 12.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 21.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 4.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1546.016 - Installer Packages
MITREへのリンク →

Lazarus Group

Score: 26.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1069.001 - Local Groups
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 9.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 9.19
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 5.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Salt Typhoon

Score: 7.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 18.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 6.09
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 6.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Cleaver

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1565 - Data Manipulation
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Turla

Score: 16.17
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Ke3chang

Score: 5.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Mustang Panda

Score: 21.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
MITREへのリンク →

TeamTNT

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

FIN7

Score: 18.30
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

BlackTech

Score: 4.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 8.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 8.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Sidewinder

Score: 9.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 4.71
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 3.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 5.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 4.71
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT32

Score: 16.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 24.80
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 5.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 5.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 5.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

Earth Lusca

Score: 15.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Storm-1811

Score: 13.05
Matched TTPs:
  • T1543.003 - Windows Service
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 3.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Patchwork

Score: 10.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

LazyScripter

Score: 5.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT39

Score: 5.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
MITREへのリンク →

Star Blizzard

Score: 13.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
MITREへのリンク →

CURIUM

Score: 12.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.001 - Compiled HTML File
  • T1565 - Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 22.98
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1546.016 - Installer Packages
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Gamaredon Group

Score: 13.16
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1200 - Hardware Additions
MITREへのリンク →

Threat Group-3390

Score: 13.58
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

SideCopy

Score: 5.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

BlackByte

Score: 3.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

BITTER

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 13.95
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Saint Bear

Score: 5.48
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Rocke

Score: 4.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1008 - Fallback Channels
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 14.82
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Sea Turtle

Score: 8.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Storm-0501

Score: 10.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1090.004 - Domain Fronting
MITREへのリンク →

Fox Kitten

Score: 6.15
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565 - Data Manipulation
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

menuPass

Score: 6.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 4.22
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Winter Vivern

Score: 6.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

INC Ransom

Score: 7.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Axiom

Score: 12.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

APT41

Score: 12.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1574.002 - DLL Side-Loading
  • T1548.006 - TCC Manipulation
  • T1008 - Fallback Channels
MITREへのリンク →

HAFNIUM

Score: 8.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1548.006 - TCC Manipulation
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
MITREへのリンク →

POLONIUM

Score: 7.16
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Inception

Score: 7.39
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

APT19

Score: 4.51
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Andariel

Score: 7.10
Matched TTPs:
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 5.66
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 6.54
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Tropic Trooper

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

DarkHydrus

Score: 3.15
Matched TTPs:
  • T1200 - Hardware Additions
MITREへのリンク →

FIN6

Score: 4.86
Matched TTPs:
  • T1548.006 - TCC Manipulation
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84
Matched TTPs:
  • T1114 - Email Collection
  • T1565 - Data Manipulation
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1126 - Network Share Connection Removal
  • T1091 - Replication Through Removable Media
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1683.001 - Written Content
  • T1606.002 - SAML Tokens
  • T1608.005 - Link Target
  • T1543.003 - Windows Service
  • T1690 - Prevent Command History Logging
  • T1027.014 - Polymorphic Code
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1008 - Fallback Channels
  • T1102.003 - One-Way Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1055.014 - VDSO Hijacking
MITREへのリンク →

Sandworm Team

Score: 0.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1564.008 - Email Hiding Rules
  • T1102.003 - One-Way Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1114 - Email Collection
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1565 - Data Manipulation
  • T1606.002 - SAML Tokens
  • T1187 - Forced Authentication
  • T1193 - Spearphishing Attachment
  • T1548.006 - TCC Manipulation
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT28

Score: 0.63
Matched TTPs:
  • T1608.005 - Link Target
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
  • T1200 - Hardware Additions
  • T1059.012 - Hypervisor CLI
  • T1685.001 - Disable or Modify Windows Event Log
  • T1146 - Clear Command History
  • T1057 - Process Discovery
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Contagious Interview

Score: 0.56
Matched TTPs:
  • T1608.005 - Link Target
  • T1021.006 - Windows Remote Management
  • T1102.003 - One-Way Communication
  • T1690 - Prevent Command History Logging
  • T1565 - Data Manipulation
  • T1552.003 - Shell History
  • T1547.008 - LSASS Driver
  • T1606.002 - SAML Tokens
  • T1126 - Network Share Connection Removal
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1221 - Template Injection
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る