Pulse Detail-

Rovnix Downloader Updated with SinkHole and Time Checks

概要

McAfee Labs has found that the latest Rovnix downloader now comes with the capability to check for the sinkholing of its control servers. This relatively new technique makes it difficult to detect the malware—especially on behavior-based malware detection systems. The malware checks for sinkholing of its control servers before each network communication session and does not initiate its malicious activities—such as downloading and running the malicious payload(s)—if it thinks the Domain Name Service (DNS) records have been sinkholed. The downloader also uses an uncommon technique to perform a timing check to decide whether it should perform its malicious activities.

Created: 2026-02-23

Indicators

類似Pulses

A .NET malware abusing legitimate ffmpeg - Malwarebytes Labs | Malwarebytes Labs (score: 0.60)
Zscaler's Spymel - signed malware (score: 0.59)
Graftor malware on Metadefender.com (score: 0.58)
malware-traffic-analysis.net BIZCN GATE NUCLEAR EK indicators (score: 0.58)
Razy malware on Metadefender.com (score: 0.57)

このPulseに関連する脅威アクター (事実ベース)

Magic Hound

Score: 19.17

Matched TTPs:

T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1588.001 - Malware
T1199 - Trusted Relationship
T1187 - Forced Authentication
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1053.002 - At

MITREへのリンク →

HEXANE

Score: 6.35

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT29

Score: 12.48

Matched TTPs:

T1099 - Timestomp
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1546.018 - Python Startup Hooks
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Gamaredon Group

Score: 13.22

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media
T1045 - Software Packing
T1199 - Trusted Relationship
T1061 - Graphical User Interface
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA2541

Score: 8.80

Matched TTPs:

T1099 - Timestomp
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lotus Blossom

Score: 8.29

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1209 - Time Providers
T1569.002 - Service Execution

MITREへのリンク →

FIN13

Score: 16.91

Matched TTPs:

T1099 - Timestomp
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1569.002 - Service Execution

MITREへのリンク →

HAFNIUM

Score: 4.99

Matched TTPs:

T1099 - Timestomp
T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Turla

Score: 22.14

Matched TTPs:

T1099 - Timestomp
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1045 - Software Packing
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Volt Typhoon

Score: 20.82

Matched TTPs:

T1099 - Timestomp
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship
T1546.016 - Installer Packages
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

FIN8

Score: 4.37

Matched TTPs:

T1099 - Timestomp
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Kimsuky

Score: 21.10

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels
T1053.002 - At

MITREへのリンク →

Moonstone Sleet

Score: 7.24

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Indrik Spider

Score: 8.23

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Lazarus Group

Score: 27.13

Matched TTPs:

T1606.002 - SAML Tokens
T1588.001 - Malware
T1199 - Trusted Relationship
T1546.016 - Installer Packages
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage
T1055.015 - ListPlanting
T1578.001 - Create Snapshot
T1569.002 - Service Execution
T1216 - System Script Proxy Execution

MITREへのリンク →

Contagious Interview

Score: 9.45

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

OilRig

Score: 19.45

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1055.015 - ListPlanting

MITREへのリンク →

UNC3886

Score: 14.15

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1588.001 - Malware
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

LuminousMoth

Score: 8.15

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Sandworm Team

Score: 22.21

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1045 - Software Packing
T1199 - Trusted Relationship
T1187 - Forced Authentication
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Salt Typhoon

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Play

Score: 5.19

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Aoqin Dragon

Score: 5.13

Matched TTPs:

T1606.002 - SAML Tokens
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship

MITREへのリンク →

RedCurl

Score: 3.86

Matched TTPs:

T1606.002 - SAML Tokens
T1209 - Time Providers

MITREへのリンク →

Moses Staff

Score: 5.19

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Ke3chang

Score: 10.11

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Mustang Panda

Score: 20.67

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1169 - Sudo
T1199 - Trusted Relationship
T1209 - Time Providers
T1071.001 - Web Protocols
T1547.013 - XDG Autostart Entries
T1055.005 - Thread Local Storage

MITREへのリンク →

TeamTNT

Score: 11.32

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1209 - Time Providers
T1547.013 - XDG Autostart Entries

MITREへのリンク →

FIN7

Score: 21.82

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1564.002 - Hidden Users
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1055.015 - ListPlanting
T1578.001 - Create Snapshot

MITREへのリンク →

BRONZE BUTLER

Score: 12.21

Matched TTPs:

T1003.007 - Proc Filesystem
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot
T1008 - Fallback Channels

MITREへのリンク →

Aquatic Panda

Score: 8.70

Matched TTPs:

T1003.007 - Proc Filesystem
T1136.002 - Domain Account
T1588.001 - Malware
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Chimera

Score: 10.90

Matched TTPs:

T1003.007 - Proc Filesystem
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1578.001 - Create Snapshot

MITREへのリンク →

Earth Lusca

Score: 14.45

Matched TTPs:

T1003.007 - Proc Filesystem
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1546.016 - Installer Packages

MITREへのリンク →

APT1

Score: 9.12

Matched TTPs:

T1003.007 - Proc Filesystem
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1053.002 - At

MITREへのリンク →

Mustard Tempest

Score: 6.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1053.002 - At

MITREへのリンク →

LazyScripter

Score: 7.39

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Threat Group-3390

Score: 10.97

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries

MITREへのリンク →

SideCopy

Score: 6.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1053.002 - At

MITREへのリンク →

TA505

Score: 6.06

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BlackByte

Score: 8.38

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

BITTER

Score: 5.69

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT32

Score: 14.79

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Ember Bear

Score: 11.73

Matched TTPs:

T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1209 - Time Providers

MITREへのリンク →

Rocke

Score: 7.30

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

APT28

Score: 14.36

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1588.003 - Code Signing Certificates
T1546.007 - Netsh Helper DLL

MITREへのリンク →

BackdoorDiplomacy

Score: 9.42

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries

MITREへのリンク →

BlackTech

Score: 4.08

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1209 - Time Providers

MITREへのリンク →

Medusa Group

Score: 19.55

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Storm-0501

Score: 6.31

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1027.014 - Polymorphic Code

MITREへのリンク →

Fox Kitten

Score: 8.45

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1588.001 - Malware
T1209 - Time Providers
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cinnamon Tempest

Score: 5.44

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Agrius

Score: 5.42

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1209 - Time Providers

MITREへのリンク →

menuPass

Score: 7.05

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Blue Mockingbird

Score: 9.80

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1027.007 - Dynamic API Resolution

MITREへのリンク →

GALLIUM

Score: 3.10

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Winter Vivern

Score: 6.53

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Leviathan

Score: 7.83

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

INC Ransom

Score: 7.26

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Dragonfly

Score: 5.93

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Axiom

Score: 6.01

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1189 - Drive-by Compromise

MITREへのリンク →

APT41

Score: 18.42

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1055.015 - ListPlanting
T1008 - Fallback Channels

MITREへのリンク →

MuddyWater

Score: 3.10

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT39

Score: 10.19

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1209 - Time Providers
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

ZIRCONIUM

Score: 7.65

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Storm-1811

Score: 3.81

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

TA551

Score: 5.71

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

CopyKittens

Score: 3.19

Matched TTPs:

T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

LAPSUS$

Score: 5.65

Matched TTPs:

T1045 - Software Packing
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

POLONIUM

Score: 3.19

Matched TTPs:

T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

Scattered Spider

Score: 6.43

Matched TTPs:

T1045 - Software Packing
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Metador

Score: 4.08

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Andariel

Score: 7.08

Matched TTPs:

T1136.002 - Domain Account
T1187 - Forced Authentication
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT-C-36

Score: 3.72

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Wizard Spider

Score: 6.12

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

FIN6

Score: 7.11

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1209 - Time Providers
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Naikon

Score: 3.86

Matched TTPs:

T1588.001 - Malware
T1209 - Time Providers

MITREへのリンク →

Higaisa

Score: 7.62

Matched TTPs:

T1588.001 - Malware
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Darkhotel

Score: 7.50

Matched TTPs:

T1564.002 - Hidden Users
T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Inception

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code

MITREへのリンク →

Patchwork

Score: 4.91

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1008 - Fallback Channels

MITREへのリンク →

WIRTE

Score: 4.37

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1547.013 - XDG Autostart Entries

MITREへのリンク →

Cobalt Group

Score: 6.14

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code
T1209 - Time Providers
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT38

Score: 7.65

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution
T1216 - System Script Proxy Execution

MITREへのリンク →

Silence

Score: 4.02

Matched TTPs:

T1199 - Trusted Relationship
T1547.013 - XDG Autostart Entries
T1027.007 - Dynamic API Resolution

MITREへのリンク →

APT19

Score: 3.60

Matched TTPs:

T1199 - Trusted Relationship
T1027.014 - Polymorphic Code

MITREへのリンク →

Daggerfly

Score: 3.61

Matched TTPs:

T1546.016 - Installer Packages
T1547.013 - XDG Autostart Entries

MITREへのリンク →

APT37

Score: 4.40

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1216 - System Script Proxy Execution

MITREへのリンク →

Sidewinder

Score: 3.37

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1578.001 - Create Snapshot

MITREへのリンク →

Velvet Ant

Score: 5.33

Matched TTPs:

T1027.007 - Dynamic API Resolution
T1569.002 - Service Execution

MITREへのリンク →

RTM

Score: 3.29

Matched TTPs:

T1008 - Fallback Channels

MITREへのリンク →

Transparent Tribe

Score: 3.29

Matched TTPs:

T1053.002 - At

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.79

Matched TTPs:

T1055.015 - ListPlanting
T1547.013 - XDG Autostart Entries
T1209 - Time Providers
T1546.016 - Installer Packages
T1216 - System Script Proxy Execution
T1606.002 - SAML Tokens
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1588.001 - Malware
T1199 - Trusted Relationship
T1569.002 - Service Execution

MITREへのリンク →

Turla

Score: 0.70

Matched TTPs:

T1547.013 - XDG Autostart Entries
T1136.002 - Domain Account
T1546.016 - Installer Packages
T1003.007 - Proc Filesystem
T1606.002 - SAML Tokens
T1045 - Software Packing
T1578.001 - Create Snapshot
T1199 - Trusted Relationship
T1569.002 - Service Execution
T1099 - Timestomp

MITREへのリンク →

FIN7

Score: 0.69

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1055.015 - ListPlanting
T1547.013 - XDG Autostart Entries
T1606.002 - SAML Tokens
T1578.001 - Create Snapshot
T1027.007 - Dynamic API Resolution
T1588.001 - Malware
T1199 - Trusted Relationship
T1564.002 - Hidden Users

MITREへのリンク →

Sandworm Team

Score: 0.66

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1187 - Forced Authentication
T1005 - Data from Local System
T1547.013 - XDG Autostart Entries
T1546.016 - Installer Packages
T1558 - Steal or Forge Kerberos Tickets
T1606.002 - SAML Tokens
T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

Kimsuky

Score: 0.62

Matched TTPs:

T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1027.014 - Polymorphic Code
T1053.002 - At
T1003.007 - Proc Filesystem
T1606.002 - SAML Tokens
T1008 - Fallback Channels
T1588.001 - Malware
T1199 - Trusted Relationship

MITREへのリンク →

Volt Typhoon

Score: 0.61

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1546.016 - Installer Packages
T1209 - Time Providers
T1003.007 - Proc Filesystem
T1045 - Software Packing
T1578.001 - Create Snapshot
T1199 - Trusted Relationship
T1569.002 - Service Execution
T1099 - Timestomp

MITREへのリンク →

Medusa Group

Score: 0.60

Matched TTPs:

T1218.003 - CMSTP
T1140 - Deobfuscate/Decode Files or Information
T1547.013 - XDG Autostart Entries
T1209 - Time Providers
T1216 - System Script Proxy Execution
T1027.007 - Dynamic API Resolution
T1094 - Custom Command and Control Protocol
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 0.60

Matched TTPs:

T1091 - Replication Through Removable Media
T1547.013 - XDG Autostart Entries
T1209 - Time Providers
T1169 - Sudo
T1606.002 - SAML Tokens
T1071.001 - Web Protocols
T1055.005 - Thread Local Storage
T1199 - Trusted Relationship

MITREへのリンク →

APT41

Score: 0.57

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1055.015 - ListPlanting
T1547.013 - XDG Autostart Entries
T1209 - Time Providers
T1045 - Software Packing
T1027.007 - Dynamic API Resolution
T1008 - Fallback Channels
T1588.001 - Malware
T1199 - Trusted Relationship

MITREへのリンク →

OilRig

Score: 0.57

Matched TTPs:

T1091 - Replication Through Removable Media
T1055.015 - ListPlanting
T1005 - Data from Local System
T1547.013 - XDG Autostart Entries
T1209 - Time Providers
T1558 - Steal or Forge Kerberos Tickets
T1003.007 - Proc Filesystem
T1606.002 - SAML Tokens
T1199 - Trusted Relationship

MITREへのリンク →

Magic Hound

Score: 0.56

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1187 - Forced Authentication
T1547.013 - XDG Autostart Entries
T1209 - Time Providers
T1053.002 - At
T1045 - Software Packing
T1588.001 - Malware
T1199 - Trusted Relationship
T1099 - Timestomp

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Rovnix Downloader Updated with SinkHole and Time Checks

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ