Trusted Design

Zscaler's Spymel - signed malware

概要

From the Zscaler website: IOC from the Malwr evaluation Several other VT claim to be linked. IOCs from them not included =/ Sophos also has a small write up Introduction ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate. The infection cycle typically starts with a malicious JavaScript file that arrives in a ZIP archive via e-mail attachment. Once the user opens the JavaScript file, it will download and install the malware executable on the victim machine. The malicious JavaScript file, surprisingly, in this case is not obfuscated and easy to read as seen in screenshot below. The Trojan Spymel executable gets downloaded from a remote location hardcoded in the JavaScript.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 12.28
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

BRONZE BUTLER

Score: 11.75
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550.003 - Pass the Ticket
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Gamaredon Group

Score: 24.92
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

OilRig

Score: 26.34
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

APT28

Score: 18.86
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
  • T1550.001 - Application Access Token
MITREへのリンク →

MoustachedBouncer

Score: 6.31
Matched TTPs:
  • T1113 - Screen Capture
  • T1059.007 - JavaScript
  • T1027.002 - Software Packing
MITREへのリンク →

GOLD SOUTHFIELD

Score: 5.62
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT42

Score: 4.26
Matched TTPs:
  • T1113 - Screen Capture
  • T1608.001 - Upload Malware
MITREへのリンク →

Magic Hound

Score: 15.17
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

MuddyWater

Score: 18.82
Matched TTPs:
  • T1113 - Screen Capture
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

Winter Vivern

Score: 10.42
Matched TTPs:
  • T1113 - Screen Capture
  • T1059.007 - JavaScript
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Silence

Score: 8.56
Matched TTPs:
  • T1113 - Screen Capture
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Volt Typhoon

Score: 15.99
Matched TTPs:
  • T1113 - Screen Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1614 - System Location Discovery
  • T1027.002 - Software Packing
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Group5

Score: 3.88
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
MITREへのリンク →

APT39

Score: 15.16
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Kimsuky

Score: 33.28
Matched TTPs:
  • T1113 - Screen Capture
  • T1059.007 - JavaScript
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1620 - Reflective Code Loading
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Dark Caracal

Score: 8.49
Matched TTPs:
  • T1113 - Screen Capture
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

FIN7

Score: 23.05
Matched TTPs:
  • T1113 - Screen Capture
  • T1059.007 - JavaScript
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1620 - Reflective Code Loading
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Lazarus Group

Score: 31.63
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

TA577

Score: 7.18
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1059.007 - JavaScript
  • T1204.001 - Malicious Link
MITREへのリンク →

Moonstone Sleet

Score: 14.15
Matched TTPs:
  • T1027.009 - Embedded Payloads
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Inception

Score: 6.62
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 9.05
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

Darkhotel

Score: 7.21
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Transparent Tribe

Score: 7.00
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Leviathan

Score: 20.42
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Sidewinder

Score: 9.07
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

Saint Bear

Score: 11.23
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

APT33

Score: 5.24
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

BITTER

Score: 5.85
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TA505

Score: 17.02
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

Higaisa

Score: 14.41
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1027.015 - Compression
MITREへのリンク →

APT19

Score: 10.32
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Fox Kitten

Score: 6.57
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Threat Group-3390

Score: 19.01
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

TA2541

Score: 10.92
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Malteiro

Score: 3.95
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Storm-1811

Score: 3.95
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Blue Mockingbird

Score: 7.46
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Tropic Trooper

Score: 5.44
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Mofang

Score: 6.89
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Contagious Interview

Score: 16.19
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.007 - JavaScript
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1027.010 - Command Obfuscation
  • T1204.004 - Malicious Copy and Paste
  • T1204.001 - Malicious Link
MITREへのリンク →

menuPass

Score: 7.07
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Moses Staff

Score: 5.16
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

TeamTNT

Score: 9.28
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027.002 - Software Packing
MITREへのリンク →

APT32

Score: 19.40
Matched TTPs:
  • T1027.013 - Encrypted/Encoded File
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1550.003 - Pass the Ticket
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Turla

Score: 15.86
Matched TTPs:
  • T1059.007 - JavaScript
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

FIN6

Score: 6.27
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Earth Lusca

Score: 16.02
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

LazyScripter

Score: 7.96
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
MITREへのリンク →

Cobalt Group

Score: 11.87
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Indrik Spider

Score: 9.34
Matched TTPs:
  • T1059.007 - JavaScript
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1584.004 - Server
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Molerats

Score: 8.84
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1204.001 - Malicious Link
  • T1027.015 - Compression
MITREへのリンク →

Leafminer

Score: 5.60
Matched TTPs:
  • T1059.007 - JavaScript
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
MITREへのリンク →

Mustang Panda

Score: 24.67
Matched TTPs:
  • T1059.007 - JavaScript
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1001.003 - Protocol or Service Impersonation
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1204.001 - Malicious Link
MITREへのリンク →

TA578

Score: 3.33
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.001 - Malicious Link
MITREへのリンク →

Evilnum

Score: 3.33
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.001 - Malicious Link
MITREへのリンク →

Star Blizzard

Score: 4.73
Matched TTPs:
  • T1059.007 - JavaScript
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
MITREへのリンク →

FIN13

Score: 6.78
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

UNC3886

Score: 9.19
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1205.001 - Port Knocking
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 5.43
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1204.001 - Malicious Link
MITREへのリンク →

Sandworm Team

Score: 23.97
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT29

Score: 16.95
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1550.003 - Pass the Ticket
  • T1553.005 - Mark-of-the-Web Bypass
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

Play

Score: 5.43
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Aoqin Dragon

Score: 6.43
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

RedCurl

Score: 6.53
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
  • T1204.001 - Malicious Link
MITREへのリンク →

Ke3chang

Score: 7.42
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

APT12

Score: 4.68
Matched TTPs:
  • T1204.002 - Malicious File
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Machete

Score: 3.91
Matched TTPs:
  • T1204.002 - Malicious File
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

WIRTE

Score: 5.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
MITREへのリンク →

APT-C-36

Score: 3.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Gallmaker

Score: 3.08
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

TA551

Score: 5.40
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

HEXANE

Score: 8.67
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN8

Score: 8.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.010 - Command Obfuscation
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

APT37

Score: 8.73
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

PROMETHIUM

Score: 6.69
Matched TTPs:
  • T1204.002 - Malicious File
  • T1205.001 - Port Knocking
  • T1189 - Drive-by Compromise
MITREへのリンク →

Wizard Spider

Score: 8.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.010 - Command Obfuscation
  • T1588.003 - Code Signing Certificates
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

EXOTIC LILY

Score: 5.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

Patchwork

Score: 10.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.010 - Command Obfuscation
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Gorgon Group

Score: 6.49
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
MITREへのリンク →

SideCopy

Score: 6.89
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1614 - System Location Discovery
MITREへのリンク →

Andariel

Score: 4.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT38

Score: 15.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1553.005 - Mark-of-the-Web Bypass
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1036.006 - Space after Filename
  • T1204.001 - Malicious Link
MITREへのリンク →

The White Company

Score: 4.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Confucius

Score: 3.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackTech

Score: 8.26
Matched TTPs:
  • T1204.002 - Malicious File
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1204.001 - Malicious Link
MITREへのリンク →

Windshift

Score: 6.20
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027 - Obfuscated Files or Information
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Agrius

Score: 4.69
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ZIRCONIUM

Score: 7.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1204.001 - Malicious Link
MITREへのリンク →

BlackByte

Score: 6.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cinnamon Tempest

Score: 3.04
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Rocke

Score: 15.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1055.002 - Portable Executable Injection
  • T1027 - Obfuscated Files or Information
  • T1027.004 - Compile After Delivery
  • T1027.002 - Software Packing
MITREへのリンク →

Mustard Tempest

Score: 5.10
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1189 - Drive-by Compromise
  • T1204.001 - Malicious Link
MITREへのリンク →

Ember Bear

Score: 6.81
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BackdoorDiplomacy

Score: 3.76
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
MITREへのリンク →

Medusa Group

Score: 11.57
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1027.010 - Command Obfuscation
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1218.014 - MMC
MITREへのリンク →

Sea Turtle

Score: 11.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1608.003 - Install Digital Certificate
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Storm-0501

Score: 6.27
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1027.002 - Software Packing
MITREへのリンク →

GALLIUM

Score: 5.81
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1027.002 - Software Packing
MITREへのリンク →

INC Ransom

Score: 3.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Axiom

Score: 6.38
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT41

Score: 8.95
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

HAFNIUM

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1550.001 - Application Access Token
MITREへのリンク →

APT5

Score: 3.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

APT3

Score: 8.84
Matched TTPs:
  • T1027 - Obfuscated Files or Information
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
MITREへのリンク →

Aquatic Panda

Score: 3.51
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Chimera

Score: 3.51
Matched TTPs:
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Daggerfly

Score: 5.96
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1584.004 - Server
  • T1204.001 - Malicious Link
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.003 - Code Signing Certificates
  • T1608.001 - Upload Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1190 - Exploit Public-Facing Application
  • T1113 - Screen Capture
  • T1027 - Obfuscated Files or Information
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1587.001 - Malware
  • T1059.007 - JavaScript
  • T1027.002 - Software Packing
MITREへのリンク →

Lazarus Group

Score: 0.78
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1204.002 - Malicious File
  • T1584.004 - Server
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1189 - Drive-by Compromise
  • T1021.001 - Remote Desktop Protocol
  • T1102.002 - Bidirectional Communication
  • T1027.007 - Dynamic API Resolution
  • T1587.001 - Malware
  • T1027.013 - Encrypted/Encoded File
  • T1001.003 - Protocol or Service Impersonation
  • T1027.009 - Embedded Payloads
MITREへのリンク →

OilRig

Score: 0.65
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1204.002 - Malicious File
  • T1588.003 - Code Signing Certificates
  • T1608.001 - Upload Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.001 - Remote Desktop Protocol
  • T1113 - Screen Capture
  • T1137.004 - Outlook Home Page
  • T1204.001 - Malicious Link
  • T1587.001 - Malware
  • T1027.013 - Encrypted/Encoded File
  • T1195 - Supply Chain Compromise
MITREへのリンク →

Gamaredon Group

Score: 0.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.015 - Compression
  • T1608.001 - Upload Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1027 - Obfuscated Files or Information
  • T1113 - Screen Capture
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
  • T1027.004 - Compile After Delivery
MITREへのリンク →

FIN7

Score: 0.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1190 - Exploit Public-Facing Application
  • T1113 - Screen Capture
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1021.001 - Remote Desktop Protocol
  • T1204.001 - Malicious Link
  • T1587.001 - Malware
  • T1059.007 - JavaScript
MITREへのリンク →

Sandworm Team

Score: 0.61
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1027 - Obfuscated Files or Information
  • T1102.002 - Bidirectional Communication
  • T1027.010 - Command Obfuscation
  • T1204.001 - Malicious Link
  • T1587.001 - Malware
  • T1195 - Supply Chain Compromise
  • T1584.004 - Server
MITREへのリンク →

Mustang Panda

Score: 0.59
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1204.002 - Malicious File
  • T1588.003 - Code Signing Certificates
  • T1608.001 - Upload Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027 - Obfuscated Files or Information
  • T1204.001 - Malicious Link
  • T1027.007 - Dynamic API Resolution
  • T1587.001 - Malware
  • T1059.007 - JavaScript
  • T1001.003 - Protocol or Service Impersonation
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る