Pulse Detail-

BBSRAT Attacks Targeting Russian Organizations

概要

In late 2014, ESET presented an attack campaign that had been observed over a period of time targeting Russia and other Russian speaking nations, dubbed “Roaming Tiger”. The attack was found to heavily rely on RTF exploits and at the time, thought to make use of the PlugX malware family. ESET did not attribute the attacks to a particular attack group, but noted that the objective of the campaign was espionage and general information stealing. The adversaries behind these attacks continued to target Russia and other Russian speaking nations using similar exploits and attack vectors. However, while the malware used in these new attacks uses similar infection mechanisms to PlugX, it is a completely new tool with its own specific behavior patterns and architecture. We have named this tool “BBSRAT.”

Created: 2026-02-23

Indicators

類似Pulses

BBSRAT Attacks Targeting Russian Orgs Linked to Roaming Tiger (score: 0.97)
Targeted Attack Distributes PlugX in Russia (score: 0.71)
A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.65)
BlackEnergy by the SSHBearDoor (score: 0.64)
Defending the White Elephant (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 27.30

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware
T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1526 - Cloud Service Discovery
T1003.003 - NTDS

MITREへのリンク →

Sea Turtle

Score: 9.59

Matched TTPs:

T1033 - System Owner/User Discovery
T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

Ember Bear

Score: 22.75

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1218.010 - Regsvr32
T1003.003 - NTDS

MITREへのリンク →

Indrik Spider

Score: 7.65

Matched TTPs:

T1033 - System Owner/User Discovery
T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem

MITREへのリンク →

Agrius

Score: 8.26

Matched TTPs:

T1033 - System Owner/User Discovery
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Contagious Interview

Score: 30.22

Matched TTPs:

T1033 - System Owner/User Discovery
T1044 - File System Permissions Weakness
T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1021.006 - Windows Remote Management
T1045 - Software Packing
T1608.005 - Link Target
T1199 - Trusted Relationship
T1221 - Template Injection
T1547.008 - LSASS Driver

MITREへのリンク →

Sandworm Team

Score: 36.90

Matched TTPs:

T1033 - System Owner/User Discovery
T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1045 - Software Packing
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1187 - Forced Authentication
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Star Blizzard

Score: 5.86

Matched TTPs:

T1033 - System Owner/User Discovery
T1091 - Replication Through Removable Media
T1199 - Trusted Relationship

MITREへのリンク →

APT41

Score: 19.44

Matched TTPs:

T1539 - Steal Web Session Cookie
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1588.001 - Malware
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1574.002 - DLL Side-Loading

MITREへのリンク →

TA551

Score: 6.32

Matched TTPs:

T1539 - Steal Web Session Cookie
T1558 - Steal or Forge Kerberos Tickets

MITREへのリンク →

Volt Typhoon

Score: 24.77

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship
T1159 - Launch Agent
T1574.002 - DLL Side-Loading
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

APT28

Score: 34.30

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1547.011 - Plist Modification
T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1548.004 - Elevated Execution with Prompt
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1146 - Clear Command History
T1566.003 - Spearphishing via Service

MITREへのリンク →

ZIRCONIUM

Score: 16.47

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware
T1608.005 - Link Target
T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

Leviathan

Score: 12.29

Matched TTPs:

T1685.001 - Disable or Modify Windows Event Log
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1554 - Compromise Host Software Binary
T1218.010 - Regsvr32

MITREへのリンク →

FIN13

Score: 13.19

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware
T1199 - Trusted Relationship
T1569.002 - Service Execution

MITREへのリンク →

Moonstone Sleet

Score: 11.09

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1573 - Encrypted Channel
T1547.008 - LSASS Driver

MITREへのリンク →

Lazarus Group

Score: 30.72

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1547.011 - Plist Modification
T1588.001 - Malware
T1608.005 - Link Target
T1199 - Trusted Relationship
T1174 - Password Filter DLL
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1578.001 - Create Snapshot
T1547.008 - LSASS Driver
T1569.002 - Service Execution

MITREへのリンク →

OilRig

Score: 22.21

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery
T1547.008 - LSASS Driver

MITREへのリンク →

UNC3886

Score: 16.34

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1021.006 - Windows Remote Management
T1136.002 - Domain Account
T1588.001 - Malware
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

LuminousMoth

Score: 7.38

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Salt Typhoon

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

APT29

Score: 23.40

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1592.004 - Client Configurations
T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1683 - Generate Content
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

Play

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Aoqin Dragon

Score: 6.62

Matched TTPs:

T1606.002 - SAML Tokens
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

RedCurl

Score: 7.36

Matched TTPs:

T1606.002 - SAML Tokens
T1612 - Build Image on Host
T1122 - Component Object Model Hijacking

MITREへのリンク →

Moses Staff

Score: 4.41

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Turla

Score: 24.29

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1045 - Software Packing
T1136.002 - Domain Account
T1612 - Build Image on Host
T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

Ke3chang

Score: 12.35

Matched TTPs:

T1606.002 - SAML Tokens
T1027.008 - Stripped Payloads
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship

MITREへのリンク →

Mustang Panda

Score: 31.62

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1136.001 - Local Account
T1612 - Build Image on Host
T1569.001 - Launchctl
T1608.005 - Link Target
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1159 - Launch Agent
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage

MITREへのリンク →

TeamTNT

Score: 12.87

Matched TTPs:

T1606.002 - SAML Tokens
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1612 - Build Image on Host

MITREへのリンク →

FIN7

Score: 24.52

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1011.001 - Exfiltration Over Bluetooth
T1588.001 - Malware
T1608.005 - Link Target
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1547.002 - Authentication Package
T1578.001 - Create Snapshot

MITREへのリンク →

HAFNIUM

Score: 14.61

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information
T1059 - Command and Scripting Interpreter
T1608.005 - Link Target
T1122 - Component Object Model Hijacking

MITREへのリンク →

APT5

Score: 5.31

Matched TTPs:

T1027.008 - Stripped Payloads
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

BRONZE BUTLER

Score: 17.80

Matched TTPs:

T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1592.004 - Client Configurations
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1159 - Launch Agent
T1578.001 - Create Snapshot

MITREへのリンク →

Aquatic Panda

Score: 7.93

Matched TTPs:

T1003.007 - Proc Filesystem
T1136.002 - Domain Account
T1588.001 - Malware
T1199 - Trusted Relationship

MITREへのリンク →

Chimera

Score: 5.96

Matched TTPs:

T1003.007 - Proc Filesystem
T1199 - Trusted Relationship
T1578.001 - Create Snapshot

MITREへのリンク →

Earth Lusca

Score: 15.19

Matched TTPs:

T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1136.002 - Domain Account
T1608.005 - Link Target
T1199 - Trusted Relationship

MITREへのリンク →

admin@338

Score: 4.02

Matched TTPs:

T1003.007 - Proc Filesystem
T1218.010 - Regsvr32

MITREへのリンク →

APT1

Score: 5.83

Matched TTPs:

T1003.007 - Proc Filesystem
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

APT39

Score: 11.96

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1569.002 - Service Execution

MITREへのリンク →

APT38

Score: 5.70

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1199 - Trusted Relationship
T1174 - Password Filter DLL

MITREへのリンク →

Darkhotel

Score: 5.65

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

Storm-1811

Score: 11.66

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1558 - Steal or Forge Kerberos Tickets
T1199 - Trusted Relationship
T1486 - Data Encrypted for Impact
T1547.008 - LSASS Driver

MITREへのリンク →

MuddyWater

Score: 15.28

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1608.005 - Link Target
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

Gamaredon Group

Score: 22.33

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1045 - Software Packing
T1612 - Build Image on Host
T1608.005 - Link Target
T1554 - Compromise Host Software Binary
T1199 - Trusted Relationship
T1061 - Graphical User Interface
T1547.002 - Authentication Package

MITREへのリンク →

TA505

Score: 6.85

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Threat Group-3390

Score: 20.31

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery

MITREへのリンク →

Winter Vivern

Score: 7.32

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1588.001 - Malware

MITREへのリンク →

menuPass

Score: 14.85

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1558 - Steal or Forge Kerberos Tickets
T1547.011 - Plist Modification
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1174 - Password Filter DLL

MITREへのリンク →

BlackByte

Score: 5.01

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Cinnamon Tempest

Score: 6.23

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

Rocke

Score: 5.56

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1612 - Build Image on Host

MITREへのリンク →

Tropic Trooper

Score: 9.43

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1683 - Generate Content
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

Higaisa

Score: 10.68

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1588.001 - Malware
T1218.010 - Regsvr32
T1578.001 - Create Snapshot
T1569.002 - Service Execution

MITREへのリンク →

TA2541

Score: 7.29

Matched TTPs:

T1091 - Replication Through Removable Media
T1136.002 - Domain Account
T1608.005 - Link Target
T1199 - Trusted Relationship

MITREへのリンク →

LazyScripter

Score: 11.15

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1136.002 - Domain Account
T1612 - Build Image on Host
T1608.005 - Link Target

MITREへのリンク →

SideCopy

Score: 4.72

Matched TTPs:

T1091 - Replication Through Removable Media
T1159 - Launch Agent

MITREへのリンク →

BITTER

Score: 10.03

Matched TTPs:

T1091 - Replication Through Removable Media
T1588.001 - Malware
T1199 - Trusted Relationship
T1683 - Generate Content
T1218.010 - Regsvr32

MITREへのリンク →

APT32

Score: 20.26

Matched TTPs:

T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1592.004 - Client Configurations
T1588.001 - Malware
T1612 - Build Image on Host
T1608.005 - Link Target
T1199 - Trusted Relationship
T1174 - Password Filter DLL
T1218.010 - Regsvr32

MITREへのリンク →

HEXANE

Score: 7.97

Matched TTPs:

T1091 - Replication Through Removable Media
T1199 - Trusted Relationship
T1547.002 - Authentication Package
T1159 - Launch Agent

MITREへのリンク →

Saint Bear

Score: 5.48

Matched TTPs:

T1091 - Replication Through Removable Media
T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

EXOTIC LILY

Score: 8.51

Matched TTPs:

T1091 - Replication Through Removable Media
T1612 - Build Image on Host
T1218.010 - Regsvr32
T1547.008 - LSASS Driver

MITREへのリンク →

APT42

Score: 5.35

Matched TTPs:

T1091 - Replication Through Removable Media
T1612 - Build Image on Host
T1199 - Trusted Relationship

MITREへのリンク →

BackdoorDiplomacy

Score: 6.87

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1136.002 - Domain Account
T1588.001 - Malware
T1199 - Trusted Relationship

MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.14

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1122 - Component Object Model Hijacking
T1573 - Encrypted Channel

MITREへのリンク →

BlackTech

Score: 6.96

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery

MITREへのリンク →

Magic Hound

Score: 21.16

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1588.001 - Malware
T1608.005 - Link Target
T1199 - Trusted Relationship
T1683 - Generate Content
T1187 - Forced Authentication
T1547.002 - Authentication Package
T1547.008 - LSASS Driver

MITREへのリンク →

Medusa Group

Score: 13.00

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.003 - CMSTP
T1608.005 - Link Target
T1199 - Trusted Relationship
T1598 - Phishing for Information

MITREへのリンク →

Storm-0501

Score: 3.57

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1588.001 - Malware

MITREへのリンク →

Fox Kitten

Score: 12.27

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1588.001 - Malware
T1612 - Build Image on Host
T1588.005 - Exploits

MITREへのリンク →

ToddyCat

Score: 3.99

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.008 - LSASS Driver

MITREへのリンク →

Blue Mockingbird

Score: 4.66

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

GALLIUM

Score: 8.35

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1547.011 - Plist Modification
T1199 - Trusted Relationship
T1174 - Password Filter DLL

MITREへのリンク →

Dragonfly

Score: 6.74

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

Axiom

Score: 7.50

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1160 - Launch Daemon

MITREへのリンク →

Windshift

Score: 7.46

Matched TTPs:

T1558 - Steal or Forge Kerberos Tickets
T1159 - Launch Agent
T1547.008 - LSASS Driver

MITREへのリンク →

MoustachedBouncer

Score: 6.88

Matched TTPs:

T1055.003 - Thread Execution Hijacking
T1045 - Software Packing

MITREへのリンク →

FIN5

Score: 3.60

Matched TTPs:

T1547.011 - Plist Modification
T1199 - Trusted Relationship

MITREへのリンク →

Tonto Team

Score: 4.24

Matched TTPs:

T1547.011 - Plist Modification
T1218.010 - Regsvr32

MITREへのリンク →

APT3

Score: 4.24

Matched TTPs:

T1547.011 - Plist Modification
T1218.010 - Regsvr32

MITREへのリンク →

Silence

Score: 3.60

Matched TTPs:

T1547.011 - Plist Modification
T1199 - Trusted Relationship

MITREへのリンク →

CopyKittens

Score: 3.19

Matched TTPs:

T1045 - Software Packing
T1199 - Trusted Relationship

MITREへのリンク →

LAPSUS$

Score: 12.24

Matched TTPs:

T1045 - Software Packing
T1136.002 - Domain Account
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1588.005 - Exploits

MITREへのリンク →

Windigo

Score: 5.09

Matched TTPs:

T1045 - Software Packing
T1159 - Launch Agent

MITREへのリンク →

POLONIUM

Score: 10.35

Matched TTPs:

T1045 - Software Packing
T1608.005 - Link Target
T1122 - Component Object Model Hijacking
T1199 - Trusted Relationship
T1547.002 - Authentication Package

MITREへのリンク →

Scattered Spider

Score: 9.49

Matched TTPs:

T1045 - Software Packing
T1136.002 - Domain Account
T1199 - Trusted Relationship
T1588.005 - Exploits

MITREへのリンク →

Metador

Score: 3.31

Matched TTPs:

T1136.002 - Domain Account
T1199 - Trusted Relationship

MITREへのリンク →

Andariel

Score: 7.80

Matched TTPs:

T1136.002 - Domain Account
T1187 - Forced Authentication
T1218.010 - Regsvr32

MITREへのリンク →

Carbanak

Score: 5.34

Matched TTPs:

T1588.001 - Malware
T1199 - Trusted Relationship
T1547.002 - Authentication Package

MITREへのリンク →

Wizard Spider

Score: 10.23

Matched TTPs:

T1588.001 - Malware
T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

FIN6

Score: 7.99

Matched TTPs:

T1588.001 - Malware
T1612 - Build Image on Host
T1199 - Trusted Relationship
T1547.008 - LSASS Driver

MITREへのリンク →

Inception

Score: 7.61

Matched TTPs:

T1612 - Build Image on Host
T1199 - Trusted Relationship
T1218.010 - Regsvr32
T1159 - Launch Agent

MITREへのリンク →

FIN8

Score: 6.52

Matched TTPs:

T1612 - Build Image on Host
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery

MITREへのリンク →

Confucius

Score: 3.51

Matched TTPs:

T1608.005 - Link Target
T1218.010 - Regsvr32

MITREへのリンク →

APT33

Score: 6.48

Matched TTPs:

T1567.001 - Exfiltration to Code Repository
T1199 - Trusted Relationship
T1218.010 - Regsvr32

MITREへのリンク →

DarkVishnya

Score: 5.39

Matched TTPs:

T1199 - Trusted Relationship
T1213.003 - Code Repositories

MITREへのリンク →

Cobalt Group

Score: 5.27

Matched TTPs:

T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1218.010 - Regsvr32

MITREへのリンク →

Lotus Blossom

Score: 3.78

Matched TTPs:

T1199 - Trusted Relationship
T1569.002 - Service Execution

MITREへのリンク →

Daggerfly

Score: 6.21

Matched TTPs:

T1573 - Encrypted Channel
T1174 - Password Filter DLL

MITREへのリンク →

APT37

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Sidewinder

Score: 6.83

Matched TTPs:

T1218.010 - Regsvr32
T1159 - Launch Agent
T1578.001 - Create Snapshot

MITREへのリンク →

The White Company

Score: 4.09

Matched TTPs:

T1218.010 - Regsvr32
T1578.001 - Create Snapshot

MITREへのリンク →

CURIUM

Score: 5.12

Matched TTPs:

T1578.001 - Create Snapshot
T1547.008 - LSASS Driver

MITREへのリンク →

Velvet Ant

Score: 7.06

Matched TTPs:

T1569.002 - Service Execution
T1566.003 - Spearphishing via Service

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.85

Matched TTPs:

T1187 - Forced Authentication
T1547.002 - Authentication Package
T1564.008 - Email Hiding Rules
T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1140 - Deobfuscate/Decode Files or Information
T1045 - Software Packing
T1091 - Replication Through Removable Media
T1033 - System Owner/User Discovery
T1558 - Steal or Forge Kerberos Tickets
T1005 - Data from Local System
T1122 - Component Object Model Hijacking
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

APT28

Score: 0.81

Matched TTPs:

T1547.002 - Authentication Package
T1548.004 - Elevated Execution with Prompt
T1566.003 - Spearphishing via Service
T1059.010 - AutoHotKey & AutoIT
T1218.010 - Regsvr32
T1608.005 - Link Target
T1547.011 - Plist Modification
T1199 - Trusted Relationship
T1558 - Steal or Forge Kerberos Tickets
T1685.001 - Disable or Modify Windows Event Log
T1122 - Component Object Model Hijacking
T1140 - Deobfuscate/Decode Files or Information
T1146 - Clear Command History

MITREへのリンク →

Mustang Panda

Score: 0.74

Matched TTPs:

T1055.005 - Thread Local Storage
T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1136.001 - Local Account
T1608.005 - Link Target
T1159 - Launch Agent
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1091 - Replication Through Removable Media
T1612 - Build Image on Host
T1569.001 - Launchctl
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

Lazarus Group

Score: 0.73

Matched TTPs:

T1174 - Password Filter DLL
T1547.002 - Authentication Package
T1578.001 - Create Snapshot
T1055.005 - Thread Local Storage
T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1218.010 - Regsvr32
T1608.005 - Link Target
T1547.011 - Plist Modification
T1199 - Trusted Relationship
T1569.002 - Service Execution
T1588.001 - Malware

MITREへのリンク →

Turla

Score: 0.66

Matched TTPs:

T1578.001 - Create Snapshot
T1547.002 - Authentication Package
T1003.007 - Proc Filesystem
T1606.002 - SAML Tokens
T1608.005 - Link Target
T1199 - Trusted Relationship
T1136.002 - Domain Account
T1045 - Software Packing
T1569.002 - Service Execution
T1612 - Build Image on Host
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

Contagious Interview

Score: 0.66

Matched TTPs:

T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1021.006 - Windows Remote Management
T1608.005 - Link Target
T1199 - Trusted Relationship
T1045 - Software Packing
T1221 - Template Injection
T1091 - Replication Through Removable Media
T1033 - System Owner/User Discovery
T1558 - Steal or Forge Kerberos Tickets
T1044 - File System Permissions Weakness

MITREへのリンク →

Kimsuky

Score: 0.65

Matched TTPs:

T1547.002 - Authentication Package
T1003.007 - Proc Filesystem
T1606.002 - SAML Tokens
T1588.001 - Malware
T1608.005 - Link Target
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1140 - Deobfuscate/Decode Files or Information
T1003.003 - NTDS
T1091 - Replication Through Removable Media
T1033 - System Owner/User Discovery
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

FIN7

Score: 0.63

Matched TTPs:

T1578.001 - Create Snapshot
T1547.002 - Authentication Package
T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1588.001 - Malware
T1608.005 - Link Target
T1199 - Trusted Relationship
T1573 - Encrypted Channel
T1011.001 - Exfiltration Over Bluetooth
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT29

Score: 0.60

Matched TTPs:

T1547.008 - LSASS Driver
T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1608.005 - Link Target
T1683 - Generate Content
T1547.011 - Plist Modification
T1199 - Trusted Relationship
T1592.004 - Client Configurations
T1122 - Component Object Model Hijacking
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Volt Typhoon

Score: 0.60

Matched TTPs:

T1578.001 - Create Snapshot
T1003.007 - Proc Filesystem
T1059.010 - AutoHotKey & AutoIT
T1159 - Launch Agent
T1199 - Trusted Relationship
T1045 - Software Packing
T1569.002 - Service Execution
T1574.002 - DLL Side-Loading
T1685.001 - Disable or Modify Windows Event Log
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Ember Bear

Score: 0.59

Matched TTPs:

T1564.008 - Email Hiding Rules
T1218.010 - Regsvr32
T1136.002 - Domain Account
T1003.003 - NTDS
T1033 - System Owner/User Discovery
T1558 - Steal or Forge Kerberos Tickets
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Gamaredon Group

Score: 0.58

Matched TTPs:

T1547.002 - Authentication Package
T1608.005 - Link Target
T1199 - Trusted Relationship
T1061 - Graphical User Interface
T1045 - Software Packing
T1554 - Compromise Host Software Binary
T1091 - Replication Through Removable Media
T1612 - Build Image on Host
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

OilRig

Score: 0.55

Matched TTPs:

T1547.008 - LSASS Driver
T1003.007 - Proc Filesystem
T1606.002 - SAML Tokens
T1218.010 - Regsvr32
T1199 - Trusted Relationship
T1526 - Cloud Service Discovery
T1091 - Replication Through Removable Media
T1558 - Steal or Forge Kerberos Tickets
T1005 - Data from Local System
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

BBSRAT Attacks Targeting Russian Organizations

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ