Trusted Design

IRS Refund-themed Spam Campaign Delivers Kovter and CoreBOT

概要

IOCs derived from post on https://heimdalsecurity.com/blog/security-alert-fileless-kovter-teams-modular-corebot-malware-irs-spam-campaign/ IRS-refund themed spam campaign claiming to be a refund notification from the IRS. The spam email includes a .zip attachment. In that attachment, there is a .js file which will activate Windows PowerShell in order to download the primary payload as soon as the .zip file is opened. The primary payload appears to be Kovter, and the seconday one CoreBOT. Kovter is a Trojan whose primary use was performing click-fraud operations on the PCs it infected. But, earlier this year, Kovter was seen incorporating new cloaking tricks in order to evade detection. Its core assets: the ability to remain hidden and to persist for a longer period in the memory of the compromised machines. CoreBOT is a type of modular malware, which allows cyber criminals to build upon it and has evolved from data-stealing malware to financial malware almost overnight earlier this year.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 23.81
Matched TTPs:
  • T1027.011 - Fileless Storage
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Turla

Score: 25.16
Matched TTPs:
  • T1027.011 - Fileless Storage
  • T1564.012 - File/Path Exclusions
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Kimsuky

Score: 35.81
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1036.007 - Double File Extension
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Sea Turtle

Score: 9.00
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Ember Bear

Score: 13.02
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Indrik Spider

Score: 11.27
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1007 - System Service Discovery
  • T1584.004 - Server
MITREへのリンク →

Agrius

Score: 8.72
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
MITREへのリンク →

Contagious Interview

Score: 29.40
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1681 - Search Threat Vendor Data
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1543.001 - Launch Agent
  • T1204.004 - Malicious Copy and Paste
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Sandworm Team

Score: 29.85
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1584.004 - Server
MITREへのリンク →

Star Blizzard

Score: 7.52
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
MITREへのリンク →

Lazarus Group

Score: 33.61
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1027.009 - Embedded Payloads
MITREへのリンク →

Moonstone Sleet

Score: 15.83
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1569.002 - Service Execution
MITREへのリンク →

Scattered Spider

Score: 9.96
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1588.001 - Malware
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

FIN4

Score: 9.93
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1014 - Rootkit
MITREへのリンク →

APT41

Score: 15.18
Matched TTPs:
  • T1014 - Rootkit
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Rocke

Score: 19.61
Matched TTPs:
  • T1014 - Rootkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1027.002 - Software Packing
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

TeamTNT

Score: 17.62
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1027.002 - Software Packing
MITREへのリンク →

APT28

Score: 22.01
Matched TTPs:
  • T1014 - Rootkit
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

UNC3886

Score: 17.60
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1681 - Search Threat Vendor Data
  • T1588.001 - Malware
  • T1205.001 - Port Knocking
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mustang Panda

Score: 33.30
Matched TTPs:
  • T1036.007 - Double File Extension
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

FIN13

Score: 11.89
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

OilRig

Score: 26.03
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LuminousMoth

Score: 10.04
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Salt Typhoon

Score: 5.69
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT29

Score: 17.23
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
MITREへのリンク →

Play

Score: 5.47
Matched TTPs:
  • T1587.001 - Malware
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

RedCurl

Score: 16.28
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
  • T1027 - Obfuscated Files or Information
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Ke3chang

Score: 17.50
Matched TTPs:
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1569.002 - Service Execution
MITREへのリンク →

FIN7

Score: 29.84
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1674 - Input Injection
  • T1497.002 - User Activity Based Checks
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
MITREへのリンク →

Malteiro

Score: 5.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Elderwood

Score: 6.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Transparent Tribe

Score: 7.59
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Dragonfly

Score: 8.60
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

WIRTE

Score: 4.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
MITREへのリンク →

RTM

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT-C-36

Score: 4.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

CURIUM

Score: 3.43
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Tropic Trooper

Score: 12.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Dark Caracal

Score: 4.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

PLATINUM

Score: 5.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
MITREへのリンク →

menuPass

Score: 6.27
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
MITREへのリンク →

TA551

Score: 6.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027.003 - Steganography
MITREへのリンク →

HEXANE

Score: 6.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

FIN8

Score: 8.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Threat Group-3390

Score: 23.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 5.98
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 12.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

LazyScripter

Score: 8.28
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036 - Masquerading
  • T1588.001 - Malware
MITREへのリンク →

PROMETHIUM

Score: 8.62
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1205.001 - Port Knocking
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA505

Score: 10.56
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027.002 - Software Packing
MITREへのリンク →

APT39

Score: 15.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Higaisa

Score: 7.88
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Wizard Spider

Score: 12.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1588.003 - Code Signing Certificates
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Magic Hound

Score: 5.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cobalt Group

Score: 5.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-1811

Score: 9.93
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1667 - Email Bombing
MITREへのリンク →

Inception

Score: 4.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 7.18
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

FIN6

Score: 7.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Patchwork

Score: 7.82
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Nomadic Octopus

Score: 3.85
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
MITREへのリンク →

Gorgon Group

Score: 8.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
MITREへのリンク →

APT19

Score: 7.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

TA2541

Score: 12.15
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 22.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

SideCopy

Score: 3.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

Leviathan

Score: 15.51
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.015 - Compression
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Andariel

Score: 10.41
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

BRONZE BUTLER

Score: 18.52
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT38

Score: 16.77
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1036.006 - Space after Filename
  • T1569.002 - Service Execution
MITREへのリンク →

MuddyWater

Score: 14.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.003 - Steganography
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Molerats

Score: 6.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 5.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 24.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1027.015 - Compression
MITREへのリンク →

Darkhotel

Score: 14.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1080 - Taint Shared Content
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

The White Company

Score: 5.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

APT33

Score: 6.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Silence

Score: 4.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Sidewinder

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 7.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Windshift

Score: 7.90
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
MITREへのリンク →

Cinnamon Tempest

Score: 10.31
Matched TTPs:
  • T1080 - Taint Shared Content
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1588.002 - Tool
MITREへのリンク →

Medusa Group

Score: 13.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.002 - Upload Tool
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Aquatic Panda

Score: 7.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Blue Mockingbird

Score: 5.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 7.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1569.002 - Service Execution
MITREへのリンク →

Carbanak

Score: 5.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

APT3

Score: 7.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Winter Vivern

Score: 6.39
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT1

Score: 6.71
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

HAFNIUM

Score: 10.13
Matched TTPs:
  • T1583.005 - Botnet
  • T1584.005 - Botnet
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1583.005 - Botnet
MITREへのリンク →

Chimera

Score: 5.77
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Volt Typhoon

Score: 13.45
Matched TTPs:
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1584.005 - Botnet
  • T1588.002 - Tool
  • T1027.002 - Software Packing
  • T1584.004 - Server
MITREへのリンク →

ZIRCONIUM

Score: 8.21
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
MITREへのリンク →

LAPSUS$

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

BackdoorDiplomacy

Score: 5.59
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Axiom

Score: 6.88
Matched TTPs:
  • T1584.005 - Botnet
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

INC Ransom

Score: 5.77
Matched TTPs:
  • T1657 - Financial Theft
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-0501

Score: 4.58
Matched TTPs:
  • T1657 - Financial Theft
  • T1027.002 - Software Packing
MITREへのリンク →

GALLIUM

Score: 5.19
Matched TTPs:
  • T1588.002 - Tool
  • T1027 - Obfuscated Files or Information
  • T1027.002 - Software Packing
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Velvet Ant

Score: 6.53
Matched TTPs:
  • T1569.002 - Service Execution
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1007 - System Service Discovery
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1027.002 - Software Packing
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1543.003 - Windows Service
  • T1027 - Obfuscated Files or Information
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1036.007 - Double File Extension
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1543.003 - Windows Service
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustang Panda

Score: 0.75
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1587.001 - Malware
  • T1678 - Delay Execution
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1036.007 - Double File Extension
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

FIN7

Score: 0.72
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1497.002 - User Activity Based Checks
  • T1674 - Input Injection
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1543.003 - Windows Service
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1608.001 - Upload Malware
MITREへのリンク →

Sandworm Team

Score: 0.71
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1584.005 - Botnet
  • T1584.004 - Server
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1195 - Supply Chain Compromise
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1027 - Obfuscated Files or Information
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
MITREへのリンク →

Contagious Interview

Score: 0.66
Matched TTPs:
  • T1657 - Financial Theft
  • T1204.002 - Malicious File
  • T1543.001 - Launch Agent
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1583 - Acquire Infrastructure
  • T1587.001 - Malware
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1681 - Search Threat Vendor Data
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

Turla

Score: 0.64
Matched TTPs:
  • T1007 - System Service Discovery
  • T1588.001 - Malware
  • T1584.004 - Server
  • T1587.001 - Malware
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1564.012 - File/Path Exclusions
  • T1027.011 - Fileless Storage
MITREへのリンク →

OilRig

Score: 0.59
Matched TTPs:
  • T1007 - System Service Discovery
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1587.001 - Malware
  • T1195 - Supply Chain Compromise
  • T1140 - Deobfuscate/Decode Files or Information
  • T1543.003 - Windows Service
  • T1036 - Masquerading
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Gamaredon Group

Score: 0.57
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
  • T1027.004 - Compile After Delivery
  • T1102.002 - Bidirectional Communication
  • T1080 - Taint Shared Content
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1620 - Reflective Code Loading
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
MITREへのリンク →

Threat Group-3390

Score: 0.57
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1608.002 - Upload Tool
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1027.015 - Compression
  • T1140 - Deobfuscate/Decode Files or Information
  • T1543.003 - Windows Service
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1608.001 - Upload Malware
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

APT32

Score: 0.56
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1543.003 - Windows Service
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1608.001 - Upload Malware
  • T1027.011 - Fileless Storage
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1564.001 - Hidden Files and Directories
  • T1566.001 - Spearphishing Attachment
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1014 - Rootkit
  • T1102.002 - Bidirectional Communication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036 - Masquerading
  • T1189 - Drive-by Compromise
  • T1588.002 - Tool
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る