Trusted Design

BBSRAT Attacks Targeting Russian Orgs Linked to Roaming Tiger

概要

In late 2014, ESET presented an attack campaign that had been observed over a period of time targeting Russia and other Russian speaking nations, dubbed “Roaming Tiger”. The attack was found to heavily rely on RTF exploits and at the time, thought to make use of the PlugX malware family. The adversaries behind these attacks continued to target Russia and other Russian speaking nations using similar exploits and attack vectors. However, while the malware used in these new attacks uses similar infection mechanisms to PlugX, it is a completely new tool with its own specific behavior patterns and architecture. We have named this tool “BBSRAT.”

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 17.26
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 24.67
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT41

Score: 15.31
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

TA551

Score: 6.32
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Kimsuky

Score: 15.99
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
MITREへのリンク →

FIN13

Score: 11.63
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Moonstone Sleet

Score: 9.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1573 - Encrypted Channel
  • T1547.008 - LSASS Driver
MITREへのリンク →

Lazarus Group

Score: 26.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1547.011 - Plist Modification
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

Contagious Interview

Score: 15.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 16.33
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 9.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 6.28
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 18.39
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1592.004 - Client Configurations
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 3.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Turla

Score: 14.18
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Ke3chang

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 21.20
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 6.26
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

FIN7

Score: 17.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

TA2541

Score: 6.19
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 10.00
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 3.33
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 7.53
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Gamaredon Group

Score: 13.07
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Threat Group-3390

Score: 12.85
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 4.72
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1159 - Launch Agent
MITREへのリンク →

TA505

Score: 4.18
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 3.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

BITTER

Score: 6.41
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 19.10
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

HEXANE

Score: 5.57
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 6.84
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 7.35
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volt Typhoon

Score: 12.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 20.79
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 4.41
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

BlackTech

Score: 5.17
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Magic Hound

Score: 12.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Medusa Group

Score: 8.46
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Sea Turtle

Score: 3.81
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Storm-0501

Score: 3.57
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
MITREへのリンク →

Fox Kitten

Score: 5.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1588.001 - Malware
MITREへのリンク →

Cinnamon Tempest

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Agrius

Score: 3.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

menuPass

Score: 10.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 4.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

GALLIUM

Score: 8.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
MITREへのリンク →

Winter Vivern

Score: 7.11
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 4.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Dragonfly

Score: 6.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

Axiom

Score: 7.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

HAFNIUM

Score: 3.48
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
MITREへのリンク →

MuddyWater

Score: 12.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT39

Score: 9.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1569.002 - Service Execution
MITREへのリンク →

BRONZE BUTLER

Score: 13.71
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
MITREへのリンク →

ZIRCONIUM

Score: 10.25
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1588.001 - Malware
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

Windshift

Score: 8.82
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Storm-1811

Score: 5.56
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

MoustachedBouncer

Score: 6.88
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
  • T1045 - Software Packing
MITREへのリンク →

FIN5

Score: 3.60
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
MITREへのリンク →

APT3

Score: 5.60
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silence

Score: 3.60
Matched TTPs:
  • T1547.011 - Plist Modification
  • T1199 - Trusted Relationship
MITREへのリンク →

CopyKittens

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

LAPSUS$

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 5.09
Matched TTPs:
  • T1045 - Software Packing
  • T1159 - Launch Agent
MITREへのリンク →

POLONIUM

Score: 5.20
Matched TTPs:
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Scattered Spider

Score: 3.19
Matched TTPs:
  • T1045 - Software Packing
  • T1199 - Trusted Relationship
MITREへのリンク →

Wizard Spider

Score: 4.30
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN6

Score: 5.47
Matched TTPs:
  • T1588.001 - Malware
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

Higaisa

Score: 9.11
Matched TTPs:
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
MITREへのリンク →

Confucius

Score: 4.87
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

DarkVishnya

Score: 5.39
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1213.003 - Code Repositories
MITREへのリンク →

Inception

Score: 5.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Patchwork

Score: 3.70
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Cobalt Group

Score: 6.63
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Lotus Blossom

Score: 3.78
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

APT38

Score: 5.49
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT33

Score: 3.70
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Chimera

Score: 3.44
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1578.001 - Create Snapshot
MITREへのリンク →

Daggerfly

Score: 7.57
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 8.19
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
MITREへのリンク →

The White Company

Score: 4.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

Tropic Trooper

Score: 4.24
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

Darkhotel

Score: 4.09
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

CURIUM

Score: 5.12
Matched TTPs:
  • T1578.001 - Create Snapshot
  • T1547.008 - LSASS Driver
MITREへのリンク →

Velvet Ant

Score: 7.06
Matched TTPs:
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.83
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1578.001 - Create Snapshot
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1174 - Password Filter DLL
  • T1606.002 - SAML Tokens
MITREへのリンク →

Sandworm Team

Score: 0.80
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1564.008 - Email Hiding Rules
  • T1218.010 - Regsvr32
  • T1005 - Data from Local System
  • T1027.018 - Invisible Unicode
  • T1558 - Steal or Forge Kerberos Tickets
  • T1573 - Encrypted Channel
  • T1045 - Software Packing
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT28

Score: 0.70
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1566.003 - Spearphishing via Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
MITREへのリンク →

Mustang Panda

Score: 0.69
Matched TTPs:
  • T1159 - Launch Agent
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
  • T1136.001 - Local Account
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT29

Score: 0.63
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
  • T1027.018 - Invisible Unicode
  • T1592.004 - Client Configurations
  • T1547.011 - Plist Modification
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT32

Score: 0.62
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1588.001 - Malware
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1558 - Steal or Forge Kerberos Tickets
  • T1592.004 - Client Configurations
  • T1174 - Password Filter DLL
  • T1608.005 - Link Target
MITREへのリンク →

FIN7

Score: 0.62
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
  • T1573 - Encrypted Channel
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
MITREへのリンク →

Ember Bear

Score: 0.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.003 - NTDS
  • T1218.010 - Regsvr32
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Turla

Score: 0.57
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1578.001 - Create Snapshot
  • T1569.002 - Service Execution
  • T1045 - Software Packing
  • T1608.005 - Link Target
  • T1606.002 - SAML Tokens
MITREへのリンク →

APT41

Score: 0.56
Matched TTPs:
  • T1573 - Encrypted Channel
  • T1199 - Trusted Relationship
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1539 - Steal Web Session Cookie
  • T1045 - Software Packing
MITREへのリンク →

OilRig

Score: 0.56
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1005 - Data from Local System
  • T1547.008 - LSASS Driver
  • T1027.018 - Invisible Unicode
  • T1558 - Steal or Forge Kerberos Tickets
  • T1606.002 - SAML Tokens
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る