Trusted Design

Colombians major target of email campaigns delivering Xtreme RAT

概要

Throughout 2015, Symantec.cloud has been detecting a stream of emails that have the Xtreme remote access Trojan (RAT), which we detect as W32.Extrat, as an attachment. These emails are mainly sent to Colombians who may work in the accounting or finance departments of various-sized organizations. The people behind the attacks are likely attempting to gain access to computers where banking transactions are performed, in order to steal banking credentials.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Scattered Spider

Score: 36.42
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1583.001 - Domains
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1027.002 - Software Packing
  • T1622 - Debugger Evasion
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

FIN4

Score: 6.45
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Ember Bear

Score: 17.02
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1578 - Modify Cloud Compute Infrastructure
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 29.21
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1122 - Component Object Model Hijacking
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Silent Librarian

Score: 8.60
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
MITREへのリンク →

Magic Hound

Score: 27.32
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 24.20
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 15.52
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
MITREへのリンク →

APT28

Score: 38.59
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1122 - Component Object Model Hijacking
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1021.001 - Remote Desktop Protocol
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Turla

Score: 24.89
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1543.003 - Windows Service
  • T1131 - Authentication Package
  • T1136.002 - Domain Account
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackTech

Score: 8.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

MuddyWater

Score: 11.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

LuminousMoth

Score: 9.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1574.009 - Path Interception by Unquoted Path
MITREへのリンク →

Confucius

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 29.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1134.002 - Create Process with Token
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1547.002 - Authentication Package
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Sidewinder

Score: 9.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 5.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Machete

Score: 4.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

FIN7

Score: 17.01
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1547.002 - Authentication Package
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Mustard Tempest

Score: 5.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Transparent Tribe

Score: 5.58
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Mustang Panda

Score: 19.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1677 - Poisoned Pipeline Execution
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN8

Score: 7.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
MITREへのリンク →

APT32

Score: 18.49
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1134.002 - Create Process with Token
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 8.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1622 - Debugger Evasion
MITREへのリンク →

APT1

Score: 6.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 22.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
  • T1677 - Poisoned Pipeline Execution
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Leviathan

Score: 8.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
MITREへのリンク →

APT33

Score: 6.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ZIRCONIUM

Score: 6.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1547.002 - Authentication Package
MITREへのリンク →

EXOTIC LILY

Score: 10.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 6.61
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 5.46
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

APT29

Score: 20.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1202 - Indirect Command Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1547.008 - LSASS Driver
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA2541

Score: 6.75
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

Earth Lusca

Score: 12.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

RedCurl

Score: 8.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
  • T1542.004 - ROMMONkit
MITREへのリンク →

Storm-1811

Score: 12.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 10.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1556.009 - Conditional Access Policies
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
MITREへのリンク →

Patchwork

Score: 9.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
MITREへのリンク →

TA505

Score: 6.75
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

LazyScripter

Score: 6.75
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

APT42

Score: 11.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1583.001 - Domains
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

APT39

Score: 7.84
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1622 - Debugger Evasion
MITREへのリンク →

Star Blizzard

Score: 8.93
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Moonstone Sleet

Score: 10.35
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 11.24
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 16.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
MITREへのリンク →

Saint Bear

Score: 6.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1218.010 - Regsvr32
MITREへのリンク →

Tropic Trooper

Score: 5.03
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN6

Score: 5.05
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 7.17
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

menuPass

Score: 9.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1542.004 - ROMMONkit
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 16.91
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1059.012 - Hypervisor CLI
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Darkhotel

Score: 4.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BITTER

Score: 4.34
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1134.002 - Create Process with Token
MITREへのリンク →

APT41

Score: 8.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1574.009 - Path Interception by Unquoted Path
  • T1622 - Debugger Evasion
MITREへのリンク →

Winter Vivern

Score: 7.73
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 10.60
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1584.002 - DNS Server
MITREへのリンク →

Andariel

Score: 10.44
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT37

Score: 6.53
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BlackByte

Score: 5.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

HEXANE

Score: 8.54
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1547.002 - Authentication Package
  • T1622 - Debugger Evasion
MITREへのリンク →

Contagious Interview

Score: 14.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1547.008 - LSASS Driver
MITREへのリンク →

Rocke

Score: 5.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
MITREへのリンク →

Volt Typhoon

Score: 9.77
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1584.002 - DNS Server
  • T1622 - Debugger Evasion
MITREへのリンク →

BackdoorDiplomacy

Score: 3.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

FIN13

Score: 5.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 5.64
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1622 - Debugger Evasion
MITREへのリンク →

Sea Turtle

Score: 15.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Storm-0501

Score: 6.92
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Fox Kitten

Score: 10.00
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1542.004 - ROMMONkit
  • T1622 - Debugger Evasion
  • T1588.005 - Exploits
MITREへのリンク →

Cinnamon Tempest

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
MITREへのリンク →

Ke3chang

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Agrius

Score: 3.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 3.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

INC Ransom

Score: 8.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1622 - Debugger Evasion
MITREへのリンク →

UNC3886

Score: 9.55
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 9.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1622 - Debugger Evasion
MITREへのリンク →

Play

Score: 10.10
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1574.009 - Path Interception by Unquoted Path
  • T1490 - Inhibit System Recovery
MITREへのリンク →

HAFNIUM

Score: 16.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1059 - Command and Scripting Interpreter
  • T1122 - Component Object Model Hijacking
  • T1021.001 - Remote Desktop Protocol
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT5

Score: 9.67
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1677 - Poisoned Pipeline Execution
  • T1622 - Debugger Evasion
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

LAPSUS$

Score: 18.63
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1122 - Component Object Model Hijacking
  • T1021.001 - Remote Desktop Protocol
  • T1588.005 - Exploits
MITREへのリンク →

Aquatic Panda

Score: 4.11
Matched TTPs:
  • T1136.002 - Domain Account
  • T1622 - Debugger Evasion
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 4.17
Matched TTPs:
  • T1552.003 - Shell History
  • T1622 - Debugger Evasion
MITREへのリンク →

POLONIUM

Score: 5.14
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Chimera

Score: 4.68
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1622 - Debugger Evasion
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

PROMETHIUM

Score: 4.43
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN10

Score: 4.31
Matched TTPs:
  • T1622 - Debugger Evasion
  • T1490 - Inhibit System Recovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT28

Score: 0.83
Matched TTPs:
  • T1574.009 - Path Interception by Unquoted Path
  • T1598.003 - Spearphishing Link
  • T1131 - Authentication Package
  • T1546.007 - Netsh Helper DLL
  • T1552.005 - Cloud Instance Metadata API
  • T1146 - Clear Command History
  • T1547.002 - Authentication Package
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.012 - Hypervisor CLI
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Scattered Spider

Score: 0.79
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1027.002 - Software Packing
  • T1588.005 - Exploits
  • T1619 - Cloud Storage Object Discovery
  • T1622 - Debugger Evasion
  • T1666 - Modify Cloud Resource Hierarchy
  • T1136.002 - Domain Account
  • T1583.001 - Domains
  • T1021.001 - Remote Desktop Protocol
  • T1552.003 - Shell History
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Sandworm Team

Score: 0.66
Matched TTPs:
  • T1187 - Forced Authentication
  • T1598.003 - Spearphishing Link
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1091 - Replication Through Removable Media
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1122 - Component Object Model Hijacking
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
MITREへのリンク →

Kimsuky

Score: 0.64
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1490 - Inhibit System Recovery
  • T1131 - Authentication Package
  • T1091 - Replication Through Removable Media
  • T1622 - Debugger Evasion
  • T1543.003 - Windows Service
  • T1526 - Cloud Service Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.002 - Authentication Package
  • T1552.003 - Shell History
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
MITREへのリンク →

Magic Hound

Score: 0.62
Matched TTPs:
  • T1187 - Forced Authentication
  • T1578 - Modify Cloud Compute Infrastructure
  • T1578.002 - Create Cloud Instance
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.012 - Hypervisor CLI
  • T1566.002 - Spearphishing Link
  • T1134.002 - Create Process with Token
MITREへのリンク →

Turla

Score: 0.61
Matched TTPs:
  • T1490 - Inhibit System Recovery
  • T1131 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1136.002 - Domain Account
  • T1552.005 - Cloud Instance Metadata API
  • T1543.003 - Windows Service
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る