Trusted Design

Uncovering the Seven Pointed Dagger

概要

Threat actors with strategic interest in the affairs of other governments and civil society organizations have been launching targeted exploitation campaigns for years. Typically, these campaigns leverage spear phishing as the delivery vector and often include malicious attachments designed to bypass typical detection controls. In other cases, spear phish directs users to websites that would otherwise be trusted but actually have been compromised by threat actors seeking greater access to fulfill their actions and objectives.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 43.35
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1070.008 - Clear Mailbox Data
  • T1547.005 - Security Support Provider
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

LAPSUS$

Score: 38.93
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1218.008 - Odbcconf
  • T1619 - Cloud Storage Object Discovery
  • T1122 - Component Object Model Hijacking
  • T1592.003 - Firmware
  • T1030 - Data Transfer Size Limits
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Contagious Interview

Score: 48.87
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1021.006 - Windows Remote Management
  • T1183 - Image File Execution Options Injection
  • T1218.008 - Odbcconf
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1030 - Data Transfer Size Limits
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 14.69
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 56.82
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1183 - Image File Execution Options Injection
  • T1193 - Spearphishing Attachment
  • T1546.008 - Accessibility Features
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 11.82
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1598.003 - Spearphishing Link
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 44.66
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1187 - Forced Authentication
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

HAFNIUM

Score: 27.63
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1218.008 - Odbcconf
  • T1059 - Command and Scripting Interpreter
  • T1608.005 - Link Target
  • T1552.008 - Chat Messages
  • T1122 - Component Object Model Hijacking
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT28

Score: 62.56
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1139 - Bash History
  • T1152 - Launchctl
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1548.004 - Elevated Execution with Prompt
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

ZIRCONIUM

Score: 20.44
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 37.53
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1565 - Data Manipulation
  • T1592.003 - Firmware
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 21.94
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Silent Librarian

Score: 17.24
Matched TTPs:
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1546.008 - Accessibility Features
  • T1584.005 - Botnet
MITREへのリンク →

Kimsuky

Score: 70.87
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1152 - Launchctl
  • T1183 - Image File Execution Options Injection
  • T1683.001 - Written Content
  • T1546.008 - Accessibility Features
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1053.002 - At
MITREへのリンク →

EXOTIC LILY

Score: 27.48
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1149 - LC_MAIN Hijacking
  • T1565 - Data Manipulation
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 6.66
Matched TTPs:
  • T1114 - Email Collection
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackTech

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 12.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LuminousMoth

Score: 14.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1584.005 - Botnet
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 7.19
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mofang

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 11.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 6.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 5.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 33.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1584.005 - Botnet
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Transparent Tribe

Score: 17.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Mustang Panda

Score: 31.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 30.46
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT3

Score: 4.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 9.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1053.002 - At
MITREへのリンク →

Lazarus Group

Score: 39.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1070.008 - Clear Mailbox Data
  • T1183 - Image File Execution Options Injection
  • T1677 - Poisoned Pipeline Execution
  • T1608.005 - Link Target
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT33

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

OilRig

Score: 16.04
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 10.16
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 5.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 15.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN4

Score: 3.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 9.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 19.28
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1059.001 - PowerShell
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

RedCurl

Score: 9.09
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 19.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
MITREへのリンク →

Turla

Score: 15.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Wizard Spider

Score: 11.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1059.001 - PowerShell
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA577

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 9.40
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA505

Score: 7.17
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 11.37
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 13.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1677 - Poisoned Pipeline Execution
  • T1030 - Data Transfer Size Limits
MITREへのリンク →

APT39

Score: 8.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Scattered Spider

Score: 26.51
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1019 - System Firmware
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1565 - Data Manipulation
  • T1030 - Data Transfer Size Limits
  • T1197 - BITS Jobs
MITREへのリンク →

Star Blizzard

Score: 23.95
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1565 - Data Manipulation
MITREへのリンク →

Moonstone Sleet

Score: 23.10
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1057 - Process Discovery
  • T1565 - Data Manipulation
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

CURIUM

Score: 20.42
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1218.001 - Compiled HTML File
  • T1565 - Data Manipulation
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 24.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Saint Bear

Score: 10.75
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1030 - Data Transfer Size Limits
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Tropic Trooper

Score: 5.03
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

FIN6

Score: 5.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 6.32
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

menuPass

Score: 10.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Threat Group-3390

Score: 16.15
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.001 - PowerShell
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 17.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
  • T1554 - Compromise Host Software Binary
  • T1055.014 - VDSO Hijacking
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 4.13
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BITTER

Score: 5.86
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

APT41

Score: 16.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1030 - Data Transfer Size Limits
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winter Vivern

Score: 11.33
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT12

Score: 4.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Malteiro

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
MITREへのリンク →

SideCopy

Score: 9.75
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1053.002 - At
MITREへのリンク →

Nomadic Octopus

Score: 3.06
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

Tonto Team

Score: 5.11
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 6.53
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Silence

Score: 3.27
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

IndigoZebra

Score: 7.07
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1608.005 - Link Target
MITREへのリンク →

APT38

Score: 7.92
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

PLATINUM

Score: 4.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Salt Typhoon

Score: 3.84
Matched TTPs:
  • T1553.002 - Code Signing
MITREへのリンク →

FIN13

Score: 14.15
Matched TTPs:
  • T1553.002 - Code Signing
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.005 - Security Support Provider
  • T1552.003 - Shell History
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

HEXANE

Score: 23.35
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1547.005 - Security Support Provider
  • T1183 - Image File Execution Options Injection
  • T1055.014 - VDSO Hijacking
  • T1565 - Data Manipulation
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

TeamTNT

Score: 5.68
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
MITREへのリンク →

BlackByte

Score: 4.37
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sea Turtle

Score: 9.04
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
MITREへのリンク →

Aoqin Dragon

Score: 3.68
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1218.010 - Regsvr32
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

UNC3886

Score: 5.63
Matched TTPs:
  • T1021.006 - Windows Remote Management
  • T1218.010 - Regsvr32
MITREへのリンク →

Medusa Group

Score: 16.10
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1565 - Data Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Indrik Spider

Score: 8.96
Matched TTPs:
  • T1183 - Image File Execution Options Injection
  • T1552.008 - Chat Messages
  • T1546.016 - Installer Packages
MITREへのリンク →

APT5

Score: 3.62
Matched TTPs:
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

INC Ransom

Score: 8.21
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Water Galura

Score: 4.86
Matched TTPs:
  • T1552.003 - Shell History
  • T1565 - Data Manipulation
MITREへのリンク →

POLONIUM

Score: 7.16
Matched TTPs:
  • T1608.005 - Link Target
  • T1122 - Component Object Model Hijacking
  • T1547.002 - Authentication Package
MITREへのリンク →

Fox Kitten

Score: 5.09
Matched TTPs:
  • T1059.001 - PowerShell
  • T1565 - Data Manipulation
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.03
Matched TTPs:
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Axiom

Score: 11.08
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Chimera

Score: 5.84
Matched TTPs:
  • T1592.003 - Firmware
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volatile Cedar

Score: 4.13
Matched TTPs:
  • T1002 - Data Compressed
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 5.96
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1197 - BITS Jobs
  • T1003.003 - NTDS
  • T1057 - Process Discovery
  • T1546.008 - Accessibility Features
  • T1027.018 - Invisible Unicode
  • T1152 - Launchctl
  • T1024 - Custom Cryptographic Protocol
  • T1690 - Prevent Command History Logging
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1098.007 - Additional Local or Domain Groups
  • T1183 - Image File Execution Options Injection
  • T1543.003 - Windows Service
  • T1552.003 - Shell History
  • T1547.002 - Authentication Package
  • T1053.002 - At
  • T1102.003 - One-Way Communication
  • T1030 - Data Transfer Size Limits
  • T1683.001 - Written Content
  • T1608.005 - Link Target
  • T1114 - Email Collection
  • T1565 - Data Manipulation
  • T1055.014 - VDSO Hijacking
  • T1091 - Replication Through Removable Media
  • T1598.003 - Spearphishing Link
MITREへのリンク →

APT28

Score: 0.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1197 - BITS Jobs
  • T1546.007 - Netsh Helper DLL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1055.008 - Ptrace System Calls
  • T1059.012 - Hypervisor CLI
  • T1139 - Bash History
  • T1057 - Process Discovery
  • T1027.018 - Invisible Unicode
  • T1152 - Launchctl
  • T1592.003 - Firmware
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
  • T1122 - Component Object Model Hijacking
  • T1608.005 - Link Target
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Sandworm Team

Score: 0.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1111 - Multi-Factor Authentication Interception
  • T1546.008 - Accessibility Features
  • T1027.018 - Invisible Unicode
  • T1187 - Forced Authentication
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1183 - Image File Execution Options Injection
  • T1546.016 - Installer Packages
  • T1543.003 - Windows Service
  • T1547.002 - Authentication Package
  • T1564.008 - Email Hiding Rules
  • T1122 - Component Object Model Hijacking
  • T1102.003 - One-Way Communication
  • T1193 - Spearphishing Attachment
  • T1484.002 - Trust Modification
  • T1114 - Email Collection
  • T1565 - Data Manipulation
  • T1091 - Replication Through Removable Media
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Contagious Interview

Score: 0.59
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1183 - Image File Execution Options Injection
  • T1030 - Data Transfer Size Limits
  • T1547.008 - LSASS Driver
  • T1608.005 - Link Target
  • T1044 - File System Permissions Weakness
  • T1552.003 - Shell History
  • T1690 - Prevent Command History Logging
  • T1565 - Data Manipulation
  • T1221 - Template Injection
  • T1098.007 - Additional Local or Domain Groups
  • T1027.018 - Invisible Unicode
  • T1021.006 - Windows Remote Management
  • T1091 - Replication Through Removable Media
  • T1102.003 - One-Way Communication
  • T1547.005 - Security Support Provider
  • T1218.008 - Odbcconf
MITREへのリンク →

Magic Hound

Score: 0.58
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1183 - Image File Execution Options Injection
  • T1098.002 - Additional Email Delegate Permissions
  • T1187 - Forced Authentication
  • T1608.005 - Link Target
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1592.003 - Firmware
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1565 - Data Manipulation
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1547.005 - Security Support Provider
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1098.007 - Additional Local or Domain Groups
  • T1053.002 - At
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る