Trusted Design

Ratcheting Down on JSocket: A PC and Android Threat

概要

This report is a comprehensive description of the JSocket Remote Access Tool (RAT), and its significant capability to control PCs, Linux machines, Macs and Android devices. The PC version has the ability to achieve complete remote control over the victim machine, including monitoring webcams and microphones. The Android version of the malware has the ability to use the GPS embedded in the phone to track the user and use the camera and microphone to spy on the user. The combination of these capabilities makes JSocket a unique and serious threat to the electronic and physical security of victims. The tool has been used in global phishing attacks and its use has been implicated in a number of notable attacks. The malware was even found on the phone of Argentinian prosecutor Alberto Nisman, who was murdered in a high-profile case earlier this year. The goal of this paper is to provide some updates to our previous FTA on AlienSpy, the predecessor of JSocket, and to discuss its Android capabilities in detail.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 25.16
Matched TTPs:
  • T1021.005 - VNC
  • T1156 - Malicious Shell Modification
  • T1552.005 - Cloud Instance Metadata API
  • T1040 - Network Sniffing
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1061 - Graphical User Interface
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 29.50
Matched TTPs:
  • T1021.005 - VNC
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1011.001 - Exfiltration Over Bluetooth
  • T1098.004 - SSH Authorized Keys
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

GCMAN

Score: 3.62
Matched TTPs:
  • T1021.005 - VNC
MITREへのリンク →

Fox Kitten

Score: 6.74
Matched TTPs:
  • T1021.005 - VNC
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

Dragonfly

Score: 8.66
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
MITREへのリンク →

BRONZE BUTLER

Score: 8.07
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

OilRig

Score: 21.16
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

APT28

Score: 45.20
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1552.005 - Cloud Instance Metadata API
  • T1040 - Network Sniffing
  • T1058 - Service Registry Permissions Weakness
  • T1140 - Deobfuscate/Decode Files or Information
  • T1139 - Bash History
  • T1131 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MoustachedBouncer

Score: 4.34
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.35
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
MITREへのリンク →

APT42

Score: 4.26
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Magic Hound

Score: 20.31
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
MITREへのリンク →

MuddyWater

Score: 7.84
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
MITREへのリンク →

Winter Vivern

Score: 13.68
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1548 - Abuse Elevation Control Mechanism
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 10.18
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1098.004 - SSH Authorized Keys
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volt Typhoon

Score: 19.68
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1164 - Re-opened Applications
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
MITREへのリンク →

APT39

Score: 9.86
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1140 - Deobfuscate/Decode Files or Information
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Kimsuky

Score: 27.55
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1126 - Network Share Connection Removal
MITREへのリンク →

Dark Caracal

Score: 6.11
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT37

Score: 10.73
Matched TTPs:
  • T1485.001 - Lifecycle-Triggered Deletion
  • T1040 - Network Sniffing
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 8.28
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Turla

Score: 22.08
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1131 - Authentication Package
  • T1218.001 - Compiled HTML File
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN13

Score: 9.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Moonstone Sleet

Score: 13.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1197 - BITS Jobs
  • T1126 - Network Share Connection Removal
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Indrik Spider

Score: 6.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 11.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 14.13
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1565.002 - Transmitted Data Manipulation
  • T1126 - Network Share Connection Removal
MITREへのリンク →

UNC3886

Score: 11.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.015 - Login Items
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

LuminousMoth

Score: 7.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sandworm Team

Score: 15.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 15.27
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Play

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Aoqin Dragon

Score: 10.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Ke3chang

Score: 12.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 15.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1058 - Service Registry Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1565.002 - Transmitted Data Manipulation
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 17.60
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1040 - Network Sniffing
  • T1036.009 - Break Process Trees
  • T1091 - Replication Through Removable Media
  • T1586.002 - Email Accounts
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

HAFNIUM

Score: 13.99
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059 - Command and Scripting Interpreter
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT5

Score: 6.96
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

Aquatic Panda

Score: 4.17
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

Chimera

Score: 8.80
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Earth Lusca

Score: 11.35
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 4.17
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1622 - Debugger Evasion
MITREへのリンク →

BackdoorDiplomacy

Score: 4.40
Matched TTPs:
  • T1040 - Network Sniffing
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Rocke

Score: 6.96
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

INC Ransom

Score: 13.78
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 12.21
Matched TTPs:
  • T1036.009 - Break Process Trees
  • T1566.004 - Spearphishing Voice
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Darkhotel

Score: 6.29
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tropic Trooper

Score: 8.15
Matched TTPs:
  • T1058 - Service Registry Permissions Weakness
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 7.18
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Threat Group-3390

Score: 16.04
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

TA505

Score: 4.03
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

BlackByte

Score: 12.32
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 7.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 13.15
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1059.012 - Hypervisor CLI
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 3.62
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1622 - Debugger Evasion
MITREへのリンク →

Saint Bear

Score: 5.52
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Ember Bear

Score: 9.04
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.004 - SSH Authorized Keys
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Medusa Group

Score: 21.07
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1586.002 - Email Accounts
  • T1218.003 - CMSTP
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-0501

Score: 6.45
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1565.002 - Transmitted Data Manipulation
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Agrius

Score: 5.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
MITREへのリンク →

menuPass

Score: 3.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

Blue Mockingbird

Score: 5.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

GALLIUM

Score: 5.76
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Leviathan

Score: 9.53
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

Axiom

Score: 10.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

APT41

Score: 11.30
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Akira

Score: 4.24
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1622 - Debugger Evasion
MITREへのリンク →

Cobalt Group

Score: 5.73
Matched TTPs:
  • T1586.002 - Email Accounts
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

SilverTerrier

Score: 3.29
Matched TTPs:
  • T1131 - Authentication Package
MITREへのリンク →

PROMETHIUM

Score: 5.90
Matched TTPs:
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Scattered Spider

Score: 12.15
Matched TTPs:
  • T1619 - Cloud Storage Object Discovery
  • T1197 - BITS Jobs
  • T1565.002 - Transmitted Data Manipulation
  • T1622 - Debugger Evasion
MITREへのリンク →

LAPSUS$

Score: 4.13
Matched TTPs:
  • T1619 - Cloud Storage Object Discovery
MITREへのリンク →

CURIUM

Score: 5.39
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Andariel

Score: 7.10
Matched TTPs:
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Storm-1811

Score: 9.70
Matched TTPs:
  • T1486 - Data Encrypted for Impact
  • T1566.004 - Spearphishing Voice
  • T1565.002 - Transmitted Data Manipulation
MITREへのリンク →

The White Company

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Patchwork

Score: 6.96
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
MITREへのリンク →

Higaisa

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

APT3

Score: 5.19
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
MITREへのリンク →

Transparent Tribe

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 5.31
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN10

Score: 3.88
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
MITREへのリンク →

Wizard Spider

Score: 6.28
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

ZIRCONIUM

Score: 5.49
Matched TTPs:
  • T1197 - BITS Jobs
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RTM

Score: 4.69
Matched TTPs:
  • T1565.002 - Transmitted Data Manipulation
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT38

Score: 6.22
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN6

Score: 4.05
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.80
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1055.008 - Ptrace System Calls
  • T1552.005 - Cloud Instance Metadata API
  • T1197 - BITS Jobs
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1040 - Network Sniffing
  • T1156 - Malicious Shell Modification
  • T1146 - Clear Command History
  • T1566.003 - Spearphishing via Service
  • T1058 - Service Registry Permissions Weakness
  • T1546.007 - Netsh Helper DLL
  • T1131 - Authentication Package
  • T1139 - Bash History
MITREへのリンク →

FIN7

Score: 0.58
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1021.005 - VNC
  • T1140 - Deobfuscate/Decode Files or Information
  • T1098.004 - SSH Authorized Keys
  • T1586.002 - Email Accounts
  • T1091 - Replication Through Removable Media
  • T1156 - Malicious Shell Modification
  • T1058 - Service Registry Permissions Weakness
  • T1011.001 - Exfiltration Over Bluetooth
  • T1606.002 - SAML Tokens
  • T1622 - Debugger Evasion
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る