Trusted Design

Adwind: another payload for botnet-based malspam

概要

Since mid-July 2015, I've noticed an increase in malicious spam (malspam) caught by my employer's spam filters with java archive (.jar file) attachments. These .jar files are most often identified as Adwind. Adwind is a Java-based remote access tool (RAT) used by malware authors to infect computers with backdoor access. There's no vulnerability involved. To infect a Windows computer, the user has to execute the malware by double-clicking on the .jar file. Of course, you have to have the Java Runtime Environment installed, which many people do. I previously associated Adwind with targeted phishing attempts in limited amounts. I had found very few examples of non-targeted malspam using this RAT.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 25.40
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA577

Score: 5.29
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
MITREへのリンク →

Moonstone Sleet

Score: 21.96
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 14.70
Matched TTPs:
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.002 - Domain Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustard Tempest

Score: 7.96
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Kimsuky

Score: 23.42
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1197 - BITS Jobs
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN13

Score: 5.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1622 - Debugger Evasion
MITREへのリンク →

Indrik Spider

Score: 6.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 9.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1562.001 - Disable or Modify Tools
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 16.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 8.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 7.97
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

Sandworm Team

Score: 28.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1686.003 - Windows Host Firewall
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1049 - System Network Connections Discovery
  • T1562.001 - Disable or Modify Tools
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
MITREへのリンク →

APT29

Score: 25.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1592.004 - Client Configurations
  • T1138 - Application Shimming
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1555.004 - Windows Credential Manager
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 4.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1166 - Setuid and Setgid
MITREへのリンク →

Aoqin Dragon

Score: 4.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 9.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Ke3chang

Score: 6.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 20.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 5.64
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
MITREへのリンク →

FIN7

Score: 26.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1564.002 - Hidden Users
  • T1562.001 - Disable or Modify Tools
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

Malteiro

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 3.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Elderwood

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Dragonfly

Score: 10.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

WIRTE

Score: 5.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

APT-C-36

Score: 4.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

CURIUM

Score: 9.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Tropic Trooper

Score: 8.35
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 3.31
Matched TTPs:
  • T1087.002 - Domain Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

PLATINUM

Score: 6.20
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

menuPass

Score: 4.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1622 - Debugger Evasion
MITREへのリンク →

HEXANE

Score: 4.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN8

Score: 4.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 13.98
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 8.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

LazyScripter

Score: 7.54
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

TA505

Score: 15.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1166 - Setuid and Setgid
MITREへのリンク →

APT39

Score: 13.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Star Blizzard

Score: 9.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Higaisa

Score: 10.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

Wizard Spider

Score: 9.44
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Magic Hound

Score: 21.02
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN4

Score: 7.24
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Cobalt Group

Score: 6.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-1811

Score: 10.86
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1486 - Data Encrypted for Impact
  • T1547.008 - LSASS Driver
MITREへのリンク →

Inception

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 9.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ajax Security Team

Score: 4.19
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Saint Bear

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 8.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 8.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

APT28

Score: 23.42
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Gorgon Group

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT19

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

TA2541

Score: 10.69
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 8.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

SideCopy

Score: 11.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
MITREへのリンク →

Mofang

Score: 6.26
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Leviathan

Score: 10.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Andariel

Score: 9.46
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 11.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT38

Score: 14.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1138 - Application Shimming
  • T1059.005 - Visual Basic
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MuddyWater

Score: 9.79
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Naikon

Score: 3.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1166 - Setuid and Setgid
MITREへのリンク →

Molerats

Score: 7.83
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 18.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 11.45
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT32

Score: 17.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

The White Company

Score: 5.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT33

Score: 7.00
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

Silence

Score: 8.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sidewinder

Score: 13.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Confucius

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 4.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Windshift

Score: 5.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volt Typhoon

Score: 19.69
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1059.010 - AutoHotKey & AutoIT
  • T1049 - System Network Connections Discovery
  • T1166 - Setuid and Setgid
  • T1584.002 - DNS Server
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
MITREへのリンク →

Storm-0501

Score: 3.84
Matched TTPs:
  • T1686.003 - Windows Host Firewall
MITREへのリンク →

APT3

Score: 6.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

APT1

Score: 6.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1622 - Debugger Evasion
MITREへのリンク →

ZIRCONIUM

Score: 11.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT42

Score: 3.42
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Scattered Spider

Score: 14.14
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1197 - BITS Jobs
  • T1622 - Debugger Evasion
MITREへのリンク →

APT41

Score: 6.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Agrius

Score: 5.50
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

BlackByte

Score: 9.87
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cinnamon Tempest

Score: 3.85
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1166 - Setuid and Setgid
MITREへのリンク →

Rocke

Score: 7.59
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1562.001 - Disable or Modify Tools
  • T1059.013 - Container CLI/API
MITREへのリンク →

Medusa Group

Score: 12.72
Matched TTPs:
  • T1218.003 - CMSTP
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Ember Bear

Score: 6.35
Matched TTPs:
  • T1136.002 - Domain Account
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

LAPSUS$

Score: 6.59
Matched TTPs:
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
MITREへのリンク →

Aquatic Panda

Score: 6.39
Matched TTPs:
  • T1136.002 - Domain Account
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

HAFNIUM

Score: 7.75
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Axiom

Score: 14.59
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

INC Ransom

Score: 7.33
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sea Turtle

Score: 8.40
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

AppleJeus

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Velvet Ant

Score: 8.93
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ToddyCat

Score: 4.81
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1547.008 - LSASS Driver
MITREへのリンク →

Chimera

Score: 8.92
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT5

Score: 3.93
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

Blue Mockingbird

Score: 8.58
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1001.001 - Junk Data
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.81
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1686.003 - Windows Host Firewall
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1606.002 - SAML Tokens
  • T1166 - Setuid and Setgid
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1562.001 - Disable or Modify Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN7

Score: 0.77
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1564.002 - Hidden Users
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1011.001 - Exfiltration Over Bluetooth
  • T1606.002 - SAML Tokens
  • T1027.007 - Dynamic API Resolution
  • T1622 - Debugger Evasion
  • T1598.003 - Spearphishing Link
  • T1562.001 - Disable or Modify Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
MITREへのリンク →

APT29

Score: 0.70
Matched TTPs:
  • T1138 - Application Shimming
  • T1683 - Generate Content
  • T1592.004 - Client Configurations
  • T1543.003 - Windows Service
  • T1606.002 - SAML Tokens
  • T1555.004 - Windows Credential Manager
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Lazarus Group

Score: 0.68
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1543.003 - Windows Service
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1132.001 - Standard Encoding
  • T1622 - Debugger Evasion
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
  • T1562.001 - Disable or Modify Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

APT28

Score: 0.66
Matched TTPs:
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
  • T1546.007 - Netsh Helper DLL
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1197 - BITS Jobs
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Moonstone Sleet

Score: 0.65
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1132.001 - Standard Encoding
  • T1027.007 - Dynamic API Resolution
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1547.008 - LSASS Driver
  • T1197 - BITS Jobs
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1606.002 - SAML Tokens
  • T1622 - Debugger Evasion
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1197 - BITS Jobs
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
MITREへのリンク →

Magic Hound

Score: 0.61
Matched TTPs:
  • T1683 - Generate Content
  • T1543.003 - Windows Service
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1566.002 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1547.008 - LSASS Driver
  • T1562.001 - Disable or Modify Tools
  • T1087.002 - Domain Account
MITREへのリンク →

Mustang Panda

Score: 0.59
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1598.003 - Spearphishing Link
  • T1566.002 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Volt Typhoon

Score: 0.55
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1686.003 - Windows Host Firewall
  • T1578.001 - Create Snapshot
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1584.002 - DNS Server
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る