Trusted Design

Operation DustySky

概要

DustySky (called “NeD Worm” by its developer) is a multi-stage malware in use since May 2015. It is in use by the Molerats (aka Gaza cybergang), a politically motivated group whose main objective, we believe, is intelligence gathering. Operating since 2012, the group’s activity has been reported by Norman [1], Kaspersky[2] [3], FireEye[4], and PwC[5]. These attacks are targeted, but not spear-phished. I.e., malicious email messages are sent to selected targets rather than random mass distribution, but are not tailored specifically to each and every target. Dozens of targets may receive the exact same message. The email message and the lure document are written in Hebrew, Arabic or English – depending on the target audience.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 45.96
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1003.007 - Proc Filesystem
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1083 - File and Directory Discovery
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1574.002 - DLL Side-Loading
  • T1569.002 - Service Execution
MITREへのリンク →

Contagious Interview

Score: 36.79
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

Scattered Spider

Score: 34.37
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1560.003 - Archive via Custom Method
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
  • T1588.005 - Exploits
MITREへのリンク →

FIN4

Score: 9.20
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Ember Bear

Score: 21.95
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1578 - Modify Cloud Compute Infrastructure
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 47.31
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Andariel

Score: 12.52
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
MITREへのリンク →

Magic Hound

Score: 32.02
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1578 - Modify Cloud Compute Infrastructure
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
MITREへのリンク →

HAFNIUM

Score: 28.45
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1099 - Timestomp
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
MITREへのリンク →

APT41

Score: 19.17
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1560.003 - Archive via Custom Method
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

TA551

Score: 9.72
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
MITREへのリンク →

HEXANE

Score: 12.78
Matched TTPs:
  • T1099 - Timestomp
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

APT29

Score: 18.26
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Gamaredon Group

Score: 27.94
Matched TTPs:
  • T1099 - Timestomp
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1059.013 - Container CLI/API
  • T1200 - Hardware Additions
MITREへのリンク →

TA2541

Score: 12.36
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

Lotus Blossom

Score: 9.27
Matched TTPs:
  • T1099 - Timestomp
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 21.93
Matched TTPs:
  • T1099 - Timestomp
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1569.002 - Service Execution
MITREへのリンク →

Turla

Score: 26.36
Matched TTPs:
  • T1099 - Timestomp
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1131 - Authentication Package
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1569.002 - Service Execution
MITREへのリンク →

FIN8

Score: 5.92
Matched TTPs:
  • T1099 - Timestomp
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustard Tempest

Score: 12.50
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
MITREへのリンク →

TA505

Score: 10.89
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT3

Score: 6.23
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
MITREへのリンク →

Silent Librarian

Score: 11.74
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
MITREへのリンク →

Kimsuky

Score: 50.15
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

Moonstone Sleet

Score: 24.39
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 10.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1552.008 - Chat Messages
MITREへのリンク →

Lazarus Group

Score: 28.85
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
  • T1569.002 - Service Execution
MITREへのリンク →

OilRig

Score: 19.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 14.68
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 8.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Salt Typhoon

Score: 11.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Play

Score: 6.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 7.86
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1591.003 - Identify Business Tempo
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Ke3chang

Score: 14.40
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1003.007 - Proc Filesystem
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 24.16
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 8.78
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

FIN7

Score: 23.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
MITREへのリンク →

Darkhotel

Score: 9.94
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 11.37
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Cinnamon Tempest

Score: 8.28
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackTech

Score: 6.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

MuddyWater

Score: 14.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Confucius

Score: 8.98
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Sidewinder

Score: 9.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Transparent Tribe

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 19.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 10.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1183 - Image File Execution Options Injection
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Leviathan

Score: 14.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
MITREへのリンク →

APT33

Score: 11.83
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

ZIRCONIUM

Score: 16.69
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1056.002 - GUI Input Capture
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
MITREへのリンク →

EXOTIC LILY

Score: 16.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1134.002 - Create Process with Token
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 7.03
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 7.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

Earth Lusca

Score: 16.35
Matched TTPs:
  • T1543.003 - Windows Service
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Storm-1811

Score: 16.08
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 13.21
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1083 - File and Directory Discovery
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
MITREへのリンク →

Patchwork

Score: 7.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

LazyScripter

Score: 10.95
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

APT42

Score: 6.56
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
MITREへのリンク →

APT39

Score: 9.97
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 46.30
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1583.005 - Botnet
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1131 - Authentication Package
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1548.004 - Elevated Execution with Prompt
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1200 - Hardware Additions
  • T1564.004 - NTFS File Attributes
MITREへのリンク →

Star Blizzard

Score: 12.06
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 11.76
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 20.69
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Saint Bear

Score: 8.88
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
MITREへのリンク →

Tropic Trooper

Score: 5.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

FIN6

Score: 4.25
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
MITREへのリンク →

admin@338

Score: 4.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1003.007 - Proc Filesystem
  • T1218.010 - Regsvr32
MITREへのリンク →

menuPass

Score: 5.38
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
MITREへのリンク →

Threat Group-3390

Score: 13.72
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

BITTER

Score: 5.19
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 9.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1218.010 - Regsvr32
  • T1200 - Hardware Additions
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 8.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.001 - Compiled HTML File
MITREへのリンク →

Higaisa

Score: 5.30
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Malteiro

Score: 7.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

SideCopy

Score: 6.47
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

APT37

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

IndigoZebra

Score: 3.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
MITREへのリンク →

APT38

Score: 6.26
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1503 - Credentials from Web Browsers
  • T1199 - Trusted Relationship
MITREへのリンク →

DarkHydrus

Score: 4.88
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1200 - Hardware Additions
MITREへのリンク →

PLATINUM

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

APT5

Score: 5.31
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Aquatic Panda

Score: 5.83
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Chimera

Score: 3.37
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1199 - Trusted Relationship
MITREへのリンク →

Velvet Ant

Score: 5.96
Matched TTPs:
  • T1583.005 - Botnet
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackByte

Score: 7.06
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Rocke

Score: 5.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
MITREへのリンク →

BackdoorDiplomacy

Score: 4.78
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.68
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

Medusa Group

Score: 20.56
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1056.002 - GUI Input Capture
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 10.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Storm-0501

Score: 7.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Fox Kitten

Score: 5.31
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.005 - Exploits
MITREへのリンク →

Agrius

Score: 3.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

ToddyCat

Score: 3.99
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.008 - LSASS Driver
MITREへのリンク →

INC Ransom

Score: 11.75
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1083 - File and Directory Discovery
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Axiom

Score: 9.87
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

SilverTerrier

Score: 5.81
Matched TTPs:
  • T1131 - Authentication Package
  • T1552.003 - Shell History
MITREへのリンク →

LAPSUS$

Score: 17.65
Matched TTPs:
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1588.005 - Exploits
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.84
Matched TTPs:
  • T1683.001 - Written Content
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.007 - Proc Filesystem
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1057 - Process Discovery
  • T1690 - Prevent Command History Logging
  • T1131 - Authentication Package
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1583.005 - Botnet
  • T1134.002 - Create Process with Token
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1608.005 - Link Target
  • T1552.003 - Shell History
  • T1547.002 - Authentication Package
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Sandworm Team

Score: 0.83
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1005 - Data from Local System
  • T1193 - Spearphishing Attachment
  • T1573 - Encrypted Channel
  • T1183 - Image File Execution Options Injection
  • T1199 - Trusted Relationship
  • T1583.005 - Botnet
  • T1134.002 - Create Process with Token
  • T1564.008 - Email Hiding Rules
  • T1049 - System Network Connections Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.002 - Authentication Package
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
MITREへのリンク →

APT28

Score: 0.79
Matched TTPs:
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1583.005 - Botnet
  • T1056.002 - GUI Input Capture
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
  • T1200 - Hardware Additions
  • T1564.004 - NTFS File Attributes
  • T1131 - Authentication Package
  • T1558 - Steal or Forge Kerberos Tickets
  • T1548.004 - Elevated Execution with Prompt
  • T1146 - Clear Command History
  • T1547.002 - Authentication Package
  • T1608.005 - Link Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Volt Typhoon

Score: 0.78
Matched TTPs:
  • T1057 - Process Discovery
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1134.002 - Create Process with Token
  • T1056.002 - GUI Input Capture
  • T1099 - Timestomp
  • T1552.008 - Chat Messages
  • T1553.002 - Code Signing
  • T1569.002 - Service Execution
  • T1560.003 - Archive via Custom Method
  • T1083 - File and Directory Discovery
  • T1574.002 - DLL Side-Loading
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.007 - Proc Filesystem
  • T1148 - HISTCONTROL
MITREへのリンク →

Scattered Spider

Score: 0.63
Matched TTPs:
  • T1019 - System Firmware
  • T1199 - Trusted Relationship
  • T1136.002 - Domain Account
  • T1197 - BITS Jobs
  • T1566.002 - Spearphishing Link
  • T1578 - Modify Cloud Compute Infrastructure
  • T1560.003 - Archive via Custom Method
  • T1083 - File and Directory Discovery
  • T1588.005 - Exploits
  • T1666 - Modify Cloud Resource Hierarchy
  • T1552.003 - Shell History
MITREへのリンク →

Contagious Interview

Score: 0.62
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.008 - LSASS Driver
  • T1221 - Template Injection
  • T1183 - Image File Execution Options Injection
  • T1690 - Prevent Command History Logging
  • T1131 - Authentication Package
  • T1558 - Steal or Forge Kerberos Tickets
  • T1044 - File System Permissions Weakness
  • T1608.005 - Link Target
  • T1021.006 - Windows Remote Management
  • T1091 - Replication Through Removable Media
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
MITREへのリンク →

Magic Hound

Score: 0.59
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1134.002 - Create Process with Token
  • T1547.008 - LSASS Driver
  • T1099 - Timestomp
  • T1566.002 - Spearphishing Link
  • T1578 - Modify Cloud Compute Infrastructure
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1140 - Deobfuscate/Decode Files or Information
  • T1183 - Image File Execution Options Injection
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る