Trusted Design

When ELF.BillGates met Windows

概要

The “Elf.BillGates” version targets Linux operating system. We have followed the activities of this botnet for several months and during our investigations we found some versions of a Windows fork of the malware. This article attempts to detail this variant. The primary infection vector is the exploit of the vulnerability CVE-2014-6332[3], which drops the binary file hosted on an HTTPd File Server (HFS)[4]. This vulnerability allows an attacker to escape the Internet Explorer sandbox with a VBScript script and execute an arbitrary binary file downloaded from the Internet.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 49.73
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1106 - Native API
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218 - System Binary Proxy Execution
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 13.87
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Mustang Panda

Score: 34.81
Matched TTPs:
  • T1129 - Shared Modules
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winnti Group

Score: 4.06
Matched TTPs:
  • T1014 - Rootkit
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT41

Score: 21.20
Matched TTPs:
  • T1014 - Rootkit
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Rocke

Score: 13.90
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 19.44
Matched TTPs:
  • T1014 - Rootkit
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1611 - Escape to Host
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT28

Score: 17.71
Matched TTPs:
  • T1014 - Rootkit
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

UNC3886

Score: 9.43
Matched TTPs:
  • T1014 - Rootkit
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Cobalt Group

Score: 21.94
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1218.003 - CMSTP
  • T1218.008 - Odbcconf
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN7

Score: 23.95
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1674 - Input Injection
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

MuddyWater

Score: 25.88
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.003 - CMSTP
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sidewinder

Score: 11.28
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT37

Score: 13.12
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Gallmaker

Score: 3.53
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
MITREへのリンク →

Leviathan

Score: 16.14
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 7.78
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA505

Score: 20.47
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Patchwork

Score: 10.32
Matched TTPs:
  • T1559.002 - Dynamic Data Exchange
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Malteiro

Score: 3.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.005 - Visual Basic
MITREへのリンク →

Kimsuky

Score: 28.17
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

Machete

Score: 5.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.005 - Visual Basic
MITREへのリンク →

Elderwood

Score: 3.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Transparent Tribe

Score: 3.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

Dragonfly

Score: 5.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

WIRTE

Score: 7.28
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 22.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Aoqin Dragon

Score: 4.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

CURIUM

Score: 3.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 11.96
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dark Caracal

Score: 6.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.001 - Compiled HTML File
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

RedCurl

Score: 7.70
Matched TTPs:
  • T1204.002 - Malicious File
  • T1202 - Indirect Command Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
MITREへのリンク →

PLATINUM

Score: 8.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
  • T1056.004 - Credential API Hooking
MITREへのリンク →

menuPass

Score: 15.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA551

Score: 8.84
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 4.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Threat Group-3390

Score: 16.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

LazyScripter

Score: 11.48
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT39

Score: 18.86
Matched TTPs:
  • T1204.002 - Malicious File
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1546.010 - AppInit DLLs
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Higaisa

Score: 12.42
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1027.015 - Compression
MITREへのリンク →

Rancor

Score: 6.25
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Wizard Spider

Score: 9.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

OilRig

Score: 27.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Sandworm Team

Score: 26.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.006 - Vulnerabilities
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Magic Hound

Score: 12.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-1811

Score: 9.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Inception

Score: 8.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.005 - Mshta
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

EXOTIC LILY

Score: 6.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ajax Security Team

Score: 4.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Saint Bear

Score: 11.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

FIN6

Score: 8.89
Matched TTPs:
  • T1204.002 - Malicious File
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Whitefly

Score: 3.30
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TA459

Score: 3.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
MITREへのリンク →

Nomadic Octopus

Score: 3.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Gorgon Group

Score: 8.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT19

Score: 8.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 14.24
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 15.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1059.005 - Visual Basic
MITREへのリンク →

SideCopy

Score: 15.44
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1614 - System Location Discovery
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 4.79
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Andariel

Score: 3.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BRONZE BUTLER

Score: 13.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT38

Score: 34.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1218.007 - Msiexec
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1036.003 - Rename Legitimate Utilities
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Molerats

Score: 10.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Gamaredon Group

Score: 26.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1218.005 - Mshta
  • T1027.012 - LNK Icon Smuggling
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1027.015 - Compression
MITREへのリンク →

Darkhotel

Score: 8.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497 - Virtualization/Sandbox Evasion
  • T1203 - Exploitation for Client Execution
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT32

Score: 26.45
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

The White Company

Score: 3.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

IndigoZebra

Score: 3.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT33

Score: 4.46
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Silence

Score: 12.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1106 - Native API
  • T1218.001 - Compiled HTML File
  • T1070.004 - File Deletion
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Indrik Spider

Score: 3.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1562.001 - Disable or Modify Tools
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT29

Score: 33.53
Matched TTPs:
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1562.008 - Disable or Modify Cloud Logs
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Confucius

Score: 8.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.005 - Mshta
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BlackTech

Score: 7.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1574.001 - DLL
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Windshift

Score: 7.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 17.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Aquatic Panda

Score: 7.62
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Blue Mockingbird

Score: 8.55
Matched TTPs:
  • T1543.003 - Windows Service
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 13.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 8.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

APT3

Score: 10.61
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Agrius

Score: 8.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Cinnamon Tempest

Score: 7.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Volt Typhoon

Score: 20.93
Matched TTPs:
  • T1588.006 - Vulnerabilities
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218 - System Binary Proxy Execution
  • T1584.005 - Botnet
  • T1614 - System Location Discovery
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Storm-0501

Score: 8.06
Matched TTPs:
  • T1588.006 - Vulnerabilities
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
MITREへのリンク →

Chimera

Score: 8.58
Matched TTPs:
  • T1574.001 - DLL
  • T1106 - Native API
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Velvet Ant

Score: 5.93
Matched TTPs:
  • T1574.001 - DLL
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
MITREへのリンク →

GALLIUM

Score: 7.27
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Evilnum

Score: 3.89
Matched TTPs:
  • T1574.001 - DLL
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

LuminousMoth

Score: 4.48
Matched TTPs:
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN13

Score: 9.14
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Daggerfly

Score: 5.80
Matched TTPs:
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

BackdoorDiplomacy

Score: 3.98
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ZIRCONIUM

Score: 9.83
Matched TTPs:
  • T1218.007 - Msiexec
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Turla

Score: 9.84
Matched TTPs:
  • T1106 - Native API
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1059.005 - Visual Basic
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

ToddyCat

Score: 6.28
Matched TTPs:
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Winter Vivern

Score: 6.00
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT42

Score: 3.38
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1059.005 - Visual Basic
MITREへのリンク →

Ember Bear

Score: 16.31
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1036 - Masquerading
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1588.005 - Exploits
MITREへのリンク →

Sea Turtle

Score: 6.59
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Fox Kitten

Score: 5.53
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

INC Ransom

Score: 7.82
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1569.002 - Service Execution
MITREへのリンク →

Axiom

Score: 9.87
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Play

Score: 5.42
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HAFNIUM

Score: 7.88
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1584.005 - Botnet
  • T1583.006 - Web Services
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Deep Panda

Score: 6.03
Matched TTPs:
  • T1546.008 - Accessibility Features
  • T1218.010 - Regsvr32
MITREへのリンク →

Akira

Score: 5.93
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
MITREへのリンク →

LAPSUS$

Score: 4.13
Matched TTPs:
  • T1531 - Account Access Removal
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218 - System Binary Proxy Execution
  • T1027.009 - Embedded Payloads
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
  • T1574.013 - KernelCallbackTable
  • T1106 - Native API
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1529 - System Shutdown/Reboot
  • T1070.004 - File Deletion
  • T1566.003 - Spearphishing via Service
  • T1218.005 - Mshta
  • T1202 - Indirect Command Execution
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1036.003 - Rename Legitimate Utilities
  • T1059.005 - Visual Basic
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 0.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1651 - Cloud Administration Command
  • T1562.008 - Disable or Modify Cloud Logs
  • T1090.004 - Domain Fronting
  • T1566.003 - Spearphishing via Service
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.005 - Mshta
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1070.004 - File Deletion
  • T1105 - Ingress Tool Transfer
  • T1546.008 - Accessibility Features
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT38

Score: 0.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1569.002 - Service Execution
  • T1036.003 - Rename Legitimate Utilities
  • T1106 - Native API
  • T1553.005 - Mark-of-the-Web Bypass
  • T1059.005 - Visual Basic
  • T1218.007 - Msiexec
  • T1218.005 - Mshta
  • T1543.003 - Windows Service
  • T1218.001 - Compiled HTML File
  • T1562.001 - Disable or Modify Tools
  • T1070.004 - File Deletion
  • T1529 - System Shutdown/Reboot
  • T1140 - Deobfuscate/Decode Files or Information
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る