Trusted Design

China-based Cyber Threat Group Targets Hong Kong Media Outlets

概要

FireEye Threat Intelligence analysts identified a spear phishing campaign carried out in August 2015 targeting Hong Kong-based media organizations. A China-based cyber threat group, which FireEye tracks as an uncategorized advanced persistent threat (APT) group and other researchers refer to as “admin@338,” may have conduced the activity.[1] The email messages contained malicious documents with a malware payload called LOWBALL. LOWBALL abuses the Dropbox cloud storage service for command and control (CnC). We collaborated with Dropbox to investigate the threat, and our cooperation revealed what may be a second, similar operation. The attack is part of a trend where threat groups hide malicious activity by communicating with legitimate web services such as social networking and cloud storage sites to foil detection efforts.[2][3]

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Contagious Interview

Score: 38.85
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1056 - Input Capture
  • T1030 - Data Transfer Size Limits
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 9.82
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1487 - Disk Structure Wipe
  • T1218.010 - Regsvr32
  • T1056 - Input Capture
MITREへのリンク →

Sandworm Team

Score: 32.93
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Volt Typhoon

Score: 19.56
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1057 - Process Discovery
  • T1212 - Exploitation for Credential Access
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT28

Score: 41.03
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
  • T1021.001 - Remote Desktop Protocol
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 19.98
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1056 - Input Capture
  • T1197 - BITS Jobs
  • T1578.001 - Create Snapshot
MITREへのリンク →

Leviathan

Score: 21.31
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1565 - Data Manipulation
  • T1218.010 - Regsvr32
  • T1056 - Input Capture
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Kimsuky

Score: 54.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1654 - Log Enumeration
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1056 - Input Capture
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1008 - Fallback Channels
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN13

Score: 4.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
MITREへのリンク →

Moonstone Sleet

Score: 21.39
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 4.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1056 - Input Capture
MITREへのリンク →

Lazarus Group

Score: 30.80
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 15.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1091 - Replication Through Removable Media
  • T1212 - Exploitation for Credential Access
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 10.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 7.53
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1056 - Input Capture
MITREへのリンク →

APT29

Score: 23.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Play

Score: 7.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 9.35
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Cleaver

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1565 - Data Manipulation
MITREへのリンク →

Turla

Score: 23.76
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1212 - Exploitation for Credential Access
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1056 - Input Capture
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Ke3chang

Score: 9.61
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1487 - Disk Structure Wipe
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Mustang Panda

Score: 27.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1056 - Input Capture
  • T1567.002 - Exfiltration to Cloud Storage
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 4.07
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
MITREへのリンク →

FIN7

Score: 27.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1547.002 - Authentication Package
  • T1056 - Input Capture
  • T1065 - Uncommonly Used Port
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackTech

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 8.22
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 13.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1056 - Input Capture
  • T1200 - Hardware Additions
MITREへのリンク →

Sidewinder

Score: 14.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Elderwood

Score: 5.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 4.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustard Tempest

Score: 9.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
MITREへのリンク →

Transparent Tribe

Score: 5.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT32

Score: 19.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT1

Score: 4.51
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
MITREへのリンク →

APT33

Score: 10.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.001 - Exfiltration to Code Repository
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

EXOTIC LILY

Score: 14.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Magic Hound

Score: 23.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 6.61
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

TA2541

Score: 6.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

Earth Lusca

Score: 12.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1056 - Input Capture
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Storm-1811

Score: 16.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 10.86
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1567.001 - Exfiltration to Code Repository
  • T1056 - Input Capture
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 13.51
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

TA505

Score: 4.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

LazyScripter

Score: 6.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 6.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT39

Score: 7.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Scattered Spider

Score: 26.71
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
  • T1056 - Input Capture
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

Star Blizzard

Score: 14.55
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
MITREへのリンク →

CURIUM

Score: 16.18
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.001 - Compiled HTML File
  • T1565 - Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 21.34
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1654 - Log Enumeration
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1200 - Hardware Additions
MITREへのリンク →

Saint Bear

Score: 9.39
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

Tropic Trooper

Score: 10.37
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN6

Score: 7.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 5.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1212 - Exploitation for Credential Access
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 10.01
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
  • T1008 - Fallback Channels
MITREへのリンク →

menuPass

Score: 5.81
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Threat Group-3390

Score: 13.05
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1091 - Replication Through Removable Media
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1056 - Input Capture
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 20.35
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1200 - Hardware Additions
MITREへのリンク →

Darkhotel

Score: 6.73
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1578.001 - Create Snapshot
MITREへのリンク →

BITTER

Score: 4.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 5.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

RTM

Score: 5.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

APT41

Score: 11.08
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.007 - Dynamic API Resolution
  • T1008 - Fallback Channels
MITREへのリンク →

Winter Vivern

Score: 8.45
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1487 - Disk Structure Wipe
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Higaisa

Score: 8.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1567.002 - Exfiltration to Cloud Storage
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 6.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Andariel

Score: 7.98
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Tonto Team

Score: 5.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1212 - Exploitation for Credential Access
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 6.53
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT38

Score: 5.04
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

DarkHydrus

Score: 4.03
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1200 - Hardware Additions
MITREへのリンク →

The White Company

Score: 4.96
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

HAFNIUM

Score: 14.55
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1056 - Input Capture
  • T1021.001 - Remote Desktop Protocol
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 12.34
Matched TTPs:
  • T1487 - Disk Structure Wipe
  • T1212 - Exploitation for Credential Access
  • T1056 - Input Capture
  • T1027.007 - Dynamic API Resolution
  • T1578.001 - Create Snapshot
MITREへのリンク →

BlackByte

Score: 4.37
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 19.12
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1055.014 - VDSO Hijacking
  • T1212 - Exploitation for Credential Access
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1056 - Input Capture
  • T1065 - Uncommonly Used Port
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

LAPSUS$

Score: 24.15
Matched TTPs:
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1122 - Component Object Model Hijacking
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

INC Ransom

Score: 8.21
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cinnamon Tempest

Score: 4.54
Matched TTPs:
  • T1552.003 - Shell History
  • T1056 - Input Capture
MITREへのリンク →

Storm-0501

Score: 7.46
Matched TTPs:
  • T1552.003 - Shell History
  • T1056 - Input Capture
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 4.54
Matched TTPs:
  • T1552.003 - Shell History
  • T1056 - Input Capture
MITREへのリンク →

Medusa Group

Score: 15.82
Matched TTPs:
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1056 - Input Capture
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
MITREへのリンク →

POLONIUM

Score: 9.17
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
  • T1056 - Input Capture
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.03
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sea Turtle

Score: 10.19
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Axiom

Score: 11.08
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

Fox Kitten

Score: 6.19
Matched TTPs:
  • T1565 - Data Manipulation
  • T1588.005 - Exploits
MITREへのリンク →

ToddyCat

Score: 4.54
Matched TTPs:
  • T1056 - Input Capture
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Velvet Ant

Score: 9.20
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Rocke

Score: 3.29
Matched TTPs:
  • T1008 - Fallback Channels
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84
Matched TTPs:
  • T1197 - BITS Jobs
  • T1055.014 - VDSO Hijacking
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1056 - Input Capture
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1654 - Log Enumeration
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1690 - Prevent Command History Logging
  • T1008 - Fallback Channels
  • T1030 - Data Transfer Size Limits
  • T1102.003 - One-Way Communication
  • T1057 - Process Discovery
  • T1490 - Inhibit System Recovery
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
MITREへのリンク →

APT28

Score: 0.68
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1197 - BITS Jobs
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1487 - Disk Structure Wipe
  • T1021.001 - Remote Desktop Protocol
  • T1685.001 - Disable or Modify Windows Event Log
  • T1546.007 - Netsh Helper DLL
  • T1547.002 - Authentication Package
  • T1122 - Component Object Model Hijacking
  • T1608.005 - Link Target
  • T1200 - Hardware Additions
  • T1566.003 - Spearphishing via Service
  • T1598.003 - Spearphishing Link
  • T1057 - Process Discovery
MITREへのリンク →

Contagious Interview

Score: 0.62
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1565 - Data Manipulation
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
  • T1021.006 - Windows Remote Management
  • T1102.003 - One-Way Communication
  • T1608.005 - Link Target
  • T1056 - Input Capture
  • T1221 - Template Injection
  • T1690 - Prevent Command History Logging
  • T1552.003 - Shell History
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
MITREへのリンク →

Sandworm Team

Score: 0.57
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1543.003 - Windows Service
  • T1564.008 - Email Hiding Rules
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1102.003 - One-Way Communication
  • T1122 - Component Object Model Hijacking
  • T1187 - Forced Authentication
  • T1193 - Spearphishing Attachment
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
MITREへのリンク →

Lazarus Group

Score: 0.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1543.003 - Windows Service
  • T1567.002 - Exfiltration to Cloud Storage
  • T1565 - Data Manipulation
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
  • T1608.005 - Link Target
  • T1598.003 - Spearphishing Link
  • T1057 - Process Discovery
  • T1606.002 - SAML Tokens
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る