Trusted Design

Sakula Reloaded

概要

Sakula is a well known malware variant linked to several significant targeted intrusion campaigns over the past 2-3 years. This remote access toolkit has been publicly examined multiple times by the threat intelligence community. CrowdStrike has released two blog posts detailing Sakula campaigns and continues to investigate its usage. In the past two years, two campaigns of Sakula activity stand out as being particularly significant – the “French Aerospace” Campaign and the “Ironman” Campaign. In recent months, CrowdStrike has observed limited use of what appears to be a third Sakula variant.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 16.88
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT41

Score: 8.66
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Scattered Spider

Score: 12.09
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

TA505

Score: 7.95
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Volt Typhoon

Score: 9.75
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT3

Score: 9.17
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 7.88
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

Kimsuky

Score: 10.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 3.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 19.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 18.63
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 16.90
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1567.004 - Exfiltration Over Webhook
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 6.76
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sandworm Team

Score: 7.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 12.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 4.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 7.58
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 9.36
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustang Panda

Score: 14.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 3.48
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
MITREへのリンク →

FIN7

Score: 8.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT28

Score: 16.50
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT5

Score: 5.77
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

APT38

Score: 6.34
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 7.83
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Chimera

Score: 9.22
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1578.001 - Create Snapshot
MITREへのリンク →

Rocke

Score: 4.13
Matched TTPs:
  • T1567.004 - Exfiltration Over Webhook
  • T1070.009 - Clear Persistence
MITREへのリンク →

Medusa Group

Score: 10.76
Matched TTPs:
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 7.86
Matched TTPs:
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

TA2541

Score: 7.41
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 5.33
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

LAPSUS$

Score: 7.15
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1588.005 - Exploits
MITREへのリンク →

Metador

Score: 4.69
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
MITREへのリンク →

APT1

Score: 4.96
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1622 - Debugger Evasion
MITREへのリンク →

Aquatic Panda

Score: 6.34
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

LazyScripter

Score: 3.82
Matched TTPs:
  • T1136.002 - Domain Account
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 3.95
Matched TTPs:
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Earth Lusca

Score: 4.67
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BackdoorDiplomacy

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Magic Hound

Score: 7.76
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

BlackTech

Score: 3.70
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 3.70
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Wizard Spider

Score: 5.24
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 3.37
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 6.32
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

menuPass

Score: 3.88
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN8

Score: 7.98
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 5.24
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 9.15
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Patchwork

Score: 6.73
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 9.48
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN10

Score: 3.88
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

INC Ransom

Score: 3.88
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Dragonfly

Score: 5.37
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

APT33

Score: 3.70
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 3.88
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Gamaredon Group

Score: 3.59
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Sidewinder

Score: 5.45
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

The White Company

Score: 5.47
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1578.001 - Create Snapshot
MITREへのリンク →

EXOTIC LILY

Score: 5.38
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Axiom

Score: 3.14
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

Higaisa

Score: 4.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Leviathan

Score: 4.50
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 5.62
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
MITREへのリンク →

Darkhotel

Score: 4.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Velvet Ant

Score: 6.88
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BlackByte

Score: 3.03
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1622 - Debugger Evasion
MITREへのリンク →

Fox Kitten

Score: 5.49
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

Windshift

Score: 3.88
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

ZIRCONIUM

Score: 3.95
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

CURIUM

Score: 5.12
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.84
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
  • T1622 - Debugger Evasion
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1567.004 - Exfiltration Over Webhook
MITREへのリンク →

OilRig

Score: 0.77
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1592.002 - Software
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1128 - Netsh Helper DLL
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
  • T1622 - Debugger Evasion
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT28

Score: 0.74
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1566.003 - Spearphishing via Service
  • T1027.018 - Invisible Unicode
  • T1546.007 - Netsh Helper DLL
  • T1567.004 - Exfiltration Over Webhook
MITREへのリンク →

UNC3886

Score: 0.72
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1578.001 - Create Snapshot
  • T1567.004 - Exfiltration Over Webhook
MITREへのリンク →

Contagious Interview

Score: 0.69
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1070.009 - Clear Persistence
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
  • T1021.006 - Windows Remote Management
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustang Panda

Score: 0.63
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
  • T1567.004 - Exfiltration Over Webhook
MITREへのリンク →

APT29

Score: 0.58
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1606.002 - SAML Tokens
  • T1547.008 - LSASS Driver
  • T1027.018 - Invisible Unicode
  • T1567.004 - Exfiltration Over Webhook
MITREへのリンク →

Scattered Spider

Score: 0.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1588.005 - Exploits
  • T1622 - Debugger Evasion
  • T1136.002 - Domain Account
  • T1560.003 - Archive via Custom Method
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る