Pulse Detail-

Zscaler's Spymel - signed malware

概要

From the Zscaler website: IOC from the Malwr evaluation Several other VT claim to be linked. IOCs from them not included =/ Sophos also has a small write up Introduction ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate. The infection cycle typically starts with a malicious JavaScript file that arrives in a ZIP archive via e-mail attachment. Once the user opens the JavaScript file, it will download and install the malware executable on the victim machine. The malicious JavaScript file, surprisingly, in this case is not obfuscated and easy to read as seen in screenshot below. The Trojan Spymel executable gets downloaded from a remote location hardcoded in the JavaScript.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

New Infostealer Trojan uses Fiddler Proxy (score: 0.68)
Zusy malware on Metadefender.com (score: 0.66)
Zusy malware on Metadefender.com (score: 0.66)
Zusy malware on Metadefender.com (score: 0.66)
Zusy malware on Metadefender.com (score: 0.66)

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 12.28

Matched TTPs:

T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

BRONZE BUTLER

Score: 11.75

Matched TTPs:

T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1592.004 - Client Configurations
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Gamaredon Group

Score: 24.92

Matched TTPs:

T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1205 - Traffic Signaling
T1059.011 - Lua
T1547.002 - Authentication Package
T1059.013 - Container CLI/API
T1601.001 - Patch System Image
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

OilRig

Score: 26.34

Matched TTPs:

T1156 - Malicious Shell Modification
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1218.010 - Regsvr32
T1592.002 - Software
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

APT28

Score: 18.86

Matched TTPs:

T1156 - Malicious Shell Modification
T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode
T1055.008 - Ptrace System Calls

MITREへのリンク →

MoustachedBouncer

Score: 6.31

Matched TTPs:

T1156 - Malicious Shell Modification
T1546.013 - PowerShell Profile
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.62

Matched TTPs:

T1156 - Malicious Shell Modification
T1140 - Deobfuscate/Decode Files or Information
T1601.001 - Patch System Image

MITREへのリンク →

APT42

Score: 4.26

Matched TTPs:

T1156 - Malicious Shell Modification
T1091 - Replication Through Removable Media

MITREへのリンク →

Magic Hound

Score: 15.17

Matched TTPs:

T1156 - Malicious Shell Modification
T1491.002 - External Defacement
T1087.002 - Domain Account
T1140 - Deobfuscate/Decode Files or Information
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

MuddyWater

Score: 18.82

Matched TTPs:

T1156 - Malicious Shell Modification
T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.013 - Container CLI/API
T1601.001 - Patch System Image
T1027.018 - Invisible Unicode

MITREへのリンク →

Winter Vivern

Score: 10.42

Matched TTPs:

T1156 - Malicious Shell Modification
T1546.013 - PowerShell Profile
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Silence

Score: 8.56

Matched TTPs:

T1156 - Malicious Shell Modification
T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1601.001 - Patch System Image
T1622 - Debugger Evasion

MITREへのリンク →

Volt Typhoon

Score: 15.99

Matched TTPs:

T1156 - Malicious Shell Modification
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1584.002 - DNS Server
T1537 - Transfer Data to Cloud Account
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Group5

Score: 3.88

Matched TTPs:

T1156 - Malicious Shell Modification
T1491.002 - External Defacement

MITREへのリンク →

APT39

Score: 15.16

Matched TTPs:

T1156 - Malicious Shell Modification
T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1547.002 - Authentication Package
T1537 - Transfer Data to Cloud Account
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Kimsuky

Score: 33.28

Matched TTPs:

T1156 - Malicious Shell Modification
T1546.013 - PowerShell Profile
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1205 - Traffic Signaling
T1059.011 - Lua
T1027.014 - Polymorphic Code
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1537 - Transfer Data to Cloud Account
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Dark Caracal

Score: 8.49

Matched TTPs:

T1156 - Malicious Shell Modification
T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

FIN7

Score: 23.05

Matched TTPs:

T1156 - Malicious Shell Modification
T1546.013 - PowerShell Profile
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1205 - Traffic Signaling
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Lazarus Group

Score: 31.63

Matched TTPs:

T1132.001 - Standard Encoding
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1205 - Traffic Signaling
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1055.005 - Thread Local Storage
T1622 - Debugger Evasion

MITREへのリンク →

TA577

Score: 7.18

Matched TTPs:

T1132.001 - Standard Encoding
T1546.013 - PowerShell Profile
T1027.018 - Invisible Unicode

MITREへのリンク →

Moonstone Sleet

Score: 14.15

Matched TTPs:

T1132.001 - Standard Encoding
T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.011 - Lua

MITREへのリンク →

Inception

Score: 6.62

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32

MITREへのリンク →

Elderwood

Score: 9.05

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Darkhotel

Score: 7.21

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Transparent Tribe

Score: 7.00

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Leviathan

Score: 20.42

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

Sidewinder

Score: 9.07

Matched TTPs:

T1491.002 - External Defacement
T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1027.018 - Invisible Unicode

MITREへのリンク →

Saint Bear

Score: 11.23

Matched TTPs:

T1491.002 - External Defacement
T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

APT33

Score: 5.24

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

BITTER

Score: 5.85

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32

MITREへのリンク →

TA505

Score: 17.02

Matched TTPs:

T1491.002 - External Defacement
T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1138 - Application Shimming
T1601.001 - Patch System Image
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Higaisa

Score: 14.41

Matched TTPs:

T1491.002 - External Defacement
T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1546.017 - Udev Rules

MITREへのリンク →

APT19

Score: 10.32

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1027.014 - Polymorphic Code
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

Fox Kitten

Score: 6.57

Matched TTPs:

T1491.002 - External Defacement
T1140 - Deobfuscate/Decode Files or Information
T1601.001 - Patch System Image
T1622 - Debugger Evasion

MITREへのリンク →

Threat Group-3390

Score: 19.01

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1526 - Cloud Service Discovery
T1546.017 - Udev Rules

MITREへのリンク →

TA2541

Score: 10.92

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

Malteiro

Score: 3.95

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

Storm-1811

Score: 3.95

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT

MITREへのリンク →

Blue Mockingbird

Score: 7.46

Matched TTPs:

T1491.002 - External Defacement
T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code
T1622 - Debugger Evasion

MITREへのリンク →

Tropic Trooper

Score: 5.44

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1218.010 - Regsvr32

MITREへのリンク →

Mofang

Score: 6.89

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

Contagious Interview

Score: 16.19

Matched TTPs:

T1491.002 - External Defacement
T1546.013 - PowerShell Profile
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1601.001 - Patch System Image
T1221 - Template Injection
T1027.018 - Invisible Unicode

MITREへのリンク →

menuPass

Score: 7.07

Matched TTPs:

T1491.002 - External Defacement
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Moses Staff

Score: 5.16

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

TeamTNT

Score: 9.28

Matched TTPs:

T1491.002 - External Defacement
T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

APT32

Score: 19.40

Matched TTPs:

T1491.002 - External Defacement
T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1592.004 - Client Configurations
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Turla

Score: 15.86

Matched TTPs:

T1546.013 - PowerShell Profile
T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

FIN6

Score: 6.27

Matched TTPs:

T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1601.001 - Patch System Image
T1622 - Debugger Evasion

MITREへのリンク →

Earth Lusca

Score: 16.02

Matched TTPs:

T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1059.011 - Lua
T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

LazyScripter

Score: 7.96

Matched TTPs:

T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1601.001 - Patch System Image
T1027.018 - Invisible Unicode

MITREへのリンク →

Cobalt Group

Score: 11.87

Matched TTPs:

T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1027.014 - Polymorphic Code
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Indrik Spider

Score: 9.34

Matched TTPs:

T1546.013 - PowerShell Profile
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1546.016 - Installer Packages
T1622 - Debugger Evasion

MITREへのリンク →

Molerats

Score: 8.84

Matched TTPs:

T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1027.018 - Invisible Unicode
T1546.017 - Udev Rules

MITREへのリンク →

Leafminer

Score: 5.60

Matched TTPs:

T1546.013 - PowerShell Profile
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI

MITREへのリンク →

Mustang Panda

Score: 24.67

Matched TTPs:

T1546.013 - PowerShell Profile
T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1059.011 - Lua
T1218.010 - Regsvr32
T1567.002 - Exfiltration to Cloud Storage
T1526 - Cloud Service Discovery
T1055.005 - Thread Local Storage
T1027.018 - Invisible Unicode

MITREへのリンク →

TA578

Score: 3.33

Matched TTPs:

T1546.013 - PowerShell Profile
T1027.018 - Invisible Unicode

MITREへのリンク →

Evilnum

Score: 3.33

Matched TTPs:

T1546.013 - PowerShell Profile
T1027.018 - Invisible Unicode

MITREへのリンク →

Star Blizzard

Score: 4.73

Matched TTPs:

T1546.013 - PowerShell Profile
T1087.002 - Domain Account
T1091 - Replication Through Removable Media

MITREへのリンク →

FIN13

Score: 6.78

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

UNC3886

Score: 9.19

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1547.015 - Login Items
T1218.010 - Regsvr32

MITREへのリンク →

LuminousMoth

Score: 5.43

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1027.018 - Invisible Unicode

MITREへのリンク →

Sandworm Team

Score: 23.97

Matched TTPs:

T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1059.011 - Lua
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Salt Typhoon

Score: 3.57

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

APT29

Score: 16.95

Matched TTPs:

T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1140 - Deobfuscate/Decode Files or Information
T1592.004 - Client Configurations
T1138 - Application Shimming
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

Play

Score: 5.43

Matched TTPs:

T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1601.001 - Patch System Image

MITREへのリンク →

Aoqin Dragon

Score: 6.43

Matched TTPs:

T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

RedCurl

Score: 6.53

Matched TTPs:

T1606.002 - SAML Tokens
T1087.002 - Domain Account
T1059.011 - Lua
T1027.018 - Invisible Unicode

MITREへのリンク →

Ke3chang

Score: 7.42

Matched TTPs:

T1606.002 - SAML Tokens
T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1059.011 - Lua

MITREへのリンク →

APT12

Score: 4.68

Matched TTPs:

T1087.002 - Domain Account
T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Machete

Score: 3.91

Matched TTPs:

T1087.002 - Domain Account
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

WIRTE

Score: 5.10

Matched TTPs:

T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1027.014 - Polymorphic Code

MITREへのリンク →

APT-C-36

Score: 3.08

Matched TTPs:

T1087.002 - Domain Account
T1059.011 - Lua

MITREへのリンク →

Gallmaker

Score: 3.08

Matched TTPs:

T1087.002 - Domain Account
T1059.011 - Lua

MITREへのリンク →

TA551

Score: 5.40

Matched TTPs:

T1087.002 - Domain Account
T1027.014 - Polymorphic Code
T1601.001 - Patch System Image

MITREへのリンク →

HEXANE

Score: 8.67

Matched TTPs:

T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1547.002 - Authentication Package
T1601.001 - Patch System Image
T1622 - Debugger Evasion

MITREへのリンク →

FIN8

Score: 8.81

Matched TTPs:

T1087.002 - Domain Account
T1601.001 - Patch System Image
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

APT37

Score: 8.73

Matched TTPs:

T1087.002 - Domain Account
T1059.011 - Lua
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

PROMETHIUM

Score: 6.69

Matched TTPs:

T1087.002 - Domain Account
T1547.015 - Login Items
T1059.012 - Hypervisor CLI

MITREへのリンク →

Wizard Spider

Score: 8.81

Matched TTPs:

T1087.002 - Domain Account
T1601.001 - Patch System Image
T1526 - Cloud Service Discovery
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

EXOTIC LILY

Score: 5.61

Matched TTPs:

T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

Patchwork

Score: 10.97

Matched TTPs:

T1087.002 - Domain Account
T1218.010 - Regsvr32
T1601.001 - Patch System Image
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Gorgon Group

Score: 6.49

Matched TTPs:

T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1114.003 - Email Forwarding Rule

MITREへのリンク →

SideCopy

Score: 6.89

Matched TTPs:

T1087.002 - Domain Account
T1091 - Replication Through Removable Media
T1584.002 - DNS Server

MITREへのリンク →

Andariel

Score: 4.05

Matched TTPs:

T1087.002 - Domain Account
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT38

Score: 15.92

Matched TTPs:

T1087.002 - Domain Account
T1059.010 - AutoHotKey & AutoIT
T1138 - Application Shimming
T1059.012 - Hypervisor CLI
T1537 - Transfer Data to Cloud Account
T1059.005 - Visual Basic
T1027.018 - Invisible Unicode

MITREへのリンク →

The White Company

Score: 4.33

Matched TTPs:

T1087.002 - Domain Account
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Confucius

Score: 3.64

Matched TTPs:

T1087.002 - Domain Account
T1218.010 - Regsvr32
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackTech

Score: 8.26

Matched TTPs:

T1087.002 - Domain Account
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery
T1027.018 - Invisible Unicode

MITREへのリンク →

Windshift

Score: 6.20

Matched TTPs:

T1087.002 - Domain Account
T1059.011 - Lua
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Agrius

Score: 4.69

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

ZIRCONIUM

Score: 7.38

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1547.002 - Authentication Package
T1537 - Transfer Data to Cloud Account
T1027.018 - Invisible Unicode

MITREへのリンク →

BlackByte

Score: 6.66

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1091 - Replication Through Removable Media
T1140 - Deobfuscate/Decode Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Cinnamon Tempest

Score: 3.04

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information

MITREへのリンク →

Rocke

Score: 15.13

Matched TTPs:

T1059.010 - AutoHotKey & AutoIT
T1140 - Deobfuscate/Decode Files or Information
T1114.003 - Email Forwarding Rule
T1059.011 - Lua
T1059.013 - Container CLI/API
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

Mustard Tempest

Score: 5.10

Matched TTPs:

T1091 - Replication Through Removable Media
T1059.012 - Hypervisor CLI
T1027.018 - Invisible Unicode

MITREへのリンク →

Ember Bear

Score: 6.81

Matched TTPs:

T1005 - Data from Local System
T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32

MITREへのリンク →

BackdoorDiplomacy

Score: 3.76

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.011 - Lua

MITREへのリンク →

Medusa Group

Score: 11.57

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1601.001 - Patch System Image
T1537 - Transfer Data to Cloud Account
T1622 - Debugger Evasion
T1094 - Custom Command and Control Protocol

MITREへのリンク →

Sea Turtle

Score: 11.12

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1685 - Disable or Modify Tools
T1059.013 - Container CLI/API

MITREへのリンク →

Storm-0501

Score: 6.27

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1027.014 - Polymorphic Code
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

GALLIUM

Score: 5.81

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.011 - Lua
T1537 - Transfer Data to Cloud Account

MITREへのリンク →

INC Ransom

Score: 3.12

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

Axiom

Score: 6.38

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1622 - Debugger Evasion

MITREへのリンク →

APT41

Score: 8.95

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1059.011 - Lua
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1622 - Debugger Evasion

MITREへのリンク →

HAFNIUM

Score: 5.60

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1055.008 - Ptrace System Calls

MITREへのリンク →

APT5

Score: 3.12

Matched TTPs:

T1140 - Deobfuscate/Decode Files or Information
T1622 - Debugger Evasion

MITREへのリンク →

APT3

Score: 8.84

Matched TTPs:

T1059.011 - Lua
T1218.010 - Regsvr32
T1537 - Transfer Data to Cloud Account
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode

MITREへのリンク →

Aquatic Panda

Score: 3.51

Matched TTPs:

T1601.001 - Patch System Image
T1622 - Debugger Evasion

MITREへのリンク →

Chimera

Score: 3.51

Matched TTPs:

T1601.001 - Patch System Image
T1622 - Debugger Evasion

MITREへのリンク →

Daggerfly

Score: 5.96

Matched TTPs:

T1059.012 - Hypervisor CLI
T1546.016 - Installer Packages
T1027.018 - Invisible Unicode

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1547.002 - Authentication Package
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1091 - Replication Through Removable Media
T1601.001 - Patch System Image
T1622 - Debugger Evasion
T1059.011 - Lua
T1027.018 - Invisible Unicode
T1537 - Transfer Data to Cloud Account
T1526 - Cloud Service Discovery
T1059.010 - AutoHotKey & AutoIT
T1027.014 - Polymorphic Code
T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1546.013 - PowerShell Profile
T1205 - Traffic Signaling

MITREへのリンク →

Lazarus Group

Score: 0.78

Matched TTPs:

T1547.002 - Authentication Package
T1606.002 - SAML Tokens
T1622 - Debugger Evasion
T1132.001 - Standard Encoding
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1059.010 - AutoHotKey & AutoIT
T1546.016 - Installer Packages
T1059.012 - Hypervisor CLI
T1567.002 - Exfiltration to Cloud Storage
T1491.002 - External Defacement
T1087.002 - Domain Account
T1205 - Traffic Signaling

MITREへのリンク →

OilRig

Score: 0.65

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1218.010 - Regsvr32
T1526 - Cloud Service Discovery
T1059.010 - AutoHotKey & AutoIT
T1592.002 - Software
T1156 - Malicious Shell Modification
T1005 - Data from Local System
T1491.002 - External Defacement
T1087.002 - Domain Account

MITREへのリンク →

Gamaredon Group

Score: 0.64

Matched TTPs:

T1546.017 - Udev Rules
T1547.002 - Authentication Package
T1091 - Replication Through Removable Media
T1601.001 - Patch System Image
T1059.011 - Lua
T1059.013 - Container CLI/API
T1027.018 - Invisible Unicode
T1059.010 - AutoHotKey & AutoIT
T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1205 - Traffic Signaling

MITREへのリンク →

FIN7

Score: 0.63

Matched TTPs:

T1547.002 - Authentication Package
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1091 - Replication Through Removable Media
T1601.001 - Patch System Image
T1622 - Debugger Evasion
T1027.018 - Invisible Unicode
T1059.010 - AutoHotKey & AutoIT
T1156 - Malicious Shell Modification
T1087.002 - Domain Account
T1546.013 - PowerShell Profile
T1205 - Traffic Signaling

MITREへのリンク →

Sandworm Team

Score: 0.61

Matched TTPs:

T1547.002 - Authentication Package
T1606.002 - SAML Tokens
T1140 - Deobfuscate/Decode Files or Information
T1091 - Replication Through Removable Media
T1601.001 - Patch System Image
T1059.011 - Lua
T1027.018 - Invisible Unicode
T1218.010 - Regsvr32
T1059.010 - AutoHotKey & AutoIT
T1546.016 - Installer Packages
T1005 - Data from Local System
T1087.002 - Domain Account

MITREへのリンク →

Mustang Panda

Score: 0.59

Matched TTPs:

T1606.002 - SAML Tokens
T1091 - Replication Through Removable Media
T1059.011 - Lua
T1027.018 - Invisible Unicode
T1218.010 - Regsvr32
T1055.005 - Thread Local Storage
T1526 - Cloud Service Discovery
T1059.010 - AutoHotKey & AutoIT
T1567.002 - Exfiltration to Cloud Storage
T1087.002 - Domain Account
T1546.013 - PowerShell Profile

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る

Zscaler's Spymel - signed malware

概要

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

Pulse – 脅威アクター グラフ

Pulse – 脅威アクターグラフ