Trusted Design

WARP (FAMILY)

概要

The WARP malware family is an HTTP based backdoor written in C++, and the majority of its code base is borrowed from source code available in the public domain. Network communications are implemented using the same WWW client library (w3c.cpp) available from www.dankrusi.com/file_69653F3336383837.html. The malware has system survey functionality (collects hostname, current user, system uptime, CPU speed, etc.) taken directly from the BO2K backdoor available from www.bo2k.com. It also contains the hard disk identification code found at www.winsim.com/diskid32/diskid32.cpp. When the WARP executing remote commands, the malware creates a copy of the ?%SYSTEMROOT%\system32\cmd.exe? file as '%USERPROFILE%\Temp\~ISUN32.EXE'. The version signature information of the duplicate executable is zeroed out. Some WARP variants maintain persistence through the use of DLL search order hijacking.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 27.73
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1086 - PowerShell
  • T1546.017 - Udev Rules
MITREへのリンク →

FIN7

Score: 25.86
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT19

Score: 12.94
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Kimsuky

Score: 33.60
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
  • T1053.002 - At
MITREへのリンク →

UNC3886

Score: 16.36
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1055.015 - ListPlanting
  • T1578.001 - Create Snapshot
MITREへのリンク →

Carbanak

Score: 7.10
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
MITREへのリンク →

APT3

Score: 12.32
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
MITREへのリンク →

Magic Hound

Score: 14.64
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1053.002 - At
MITREへのリンク →

TA551

Score: 5.87
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Blue Mockingbird

Score: 13.63
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1027.014 - Polymorphic Code
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Wizard Spider

Score: 13.03
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT32

Score: 29.83
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1592.004 - Client Configurations
  • T1588.001 - Malware
  • T1027.014 - Polymorphic Code
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Lazarus Group

Score: 50.68
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1205 - Traffic Signaling
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1069.001 - Local Groups
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1055.015 - ListPlanting
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
  • T1086 - PowerShell
  • T1216 - System Script Proxy Execution
MITREへのリンク →

TA505

Score: 14.39
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT41

Score: 28.41
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1055.015 - ListPlanting
MITREへのリンク →

Sandworm Team

Score: 9.29
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT28

Score: 20.79
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

HAFNIUM

Score: 8.77
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1583.006 - Web Services
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT38

Score: 25.18
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1138 - Application Shimming
  • T1583.006 - Web Services
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Daggerfly

Score: 10.38
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1089 - Disabling Security Tools
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
MITREへのリンク →

RedCurl

Score: 7.01
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

LazyScripter

Score: 3.91
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Aquatic Panda

Score: 12.32
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1588.001 - Malware
  • T1622 - Debugger Evasion
MITREへのリンク →

Storm-0501

Score: 10.35
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

MuddyWater

Score: 14.71
Matched TTPs:
  • T1583 - Acquire Infrastructure
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1583.006 - Web Services
MITREへのリンク →

Rocke

Score: 10.75
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TeamTNT

Score: 17.49
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Volt Typhoon

Score: 20.85
Matched TTPs:
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
MITREへのリンク →

BRONZE BUTLER

Score: 13.56
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
MITREへのリンク →

TA2541

Score: 11.06
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

APT42

Score: 8.87
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Storm-1811

Score: 4.44
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Indrik Spider

Score: 10.69
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1498 - Network Denial of Service
  • T1622 - Debugger Evasion
MITREへのリンク →

Mustard Tempest

Score: 10.93
Matched TTPs:
  • T1218.013 - Mavinject
  • T1091 - Replication Through Removable Media
  • T1543.002 - Systemd Service
  • T1053.002 - At
MITREへのリンク →

WIRTE

Score: 6.64
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Patchwork

Score: 12.73
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
MITREへのリンク →

Transparent Tribe

Score: 5.92
Matched TTPs:
  • T1218.013 - Mavinject
  • T1218.010 - Regsvr32
  • T1053.002 - At
MITREへのリンク →

Earth Lusca

Score: 11.69
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
MITREへのリンク →

BackdoorDiplomacy

Score: 4.97
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1588.001 - Malware
MITREへのリンク →

APT29

Score: 21.45
Matched TTPs:
  • T1218.013 - Mavinject
  • T1592.004 - Client Configurations
  • T1138 - Application Shimming
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1223 - Compiled HTML File
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Naikon

Score: 4.97
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1588.001 - Malware
MITREへのリンク →

Chimera

Score: 17.28
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
MITREへのリンク →

Ke3chang

Score: 9.74
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Tropic Trooper

Score: 16.15
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

PROMETHIUM

Score: 5.17
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1588.001 - Malware
MITREへのリンク →

INC Ransom

Score: 5.18
Matched TTPs:
  • T1218.013 - Mavinject
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

LuminousMoth

Score: 7.86
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1556.005 - Reversible Encryption
MITREへのリンク →

OilRig

Score: 26.15
Matched TTPs:
  • T1218.013 - Mavinject
  • T1176.001 - Browser Extensions
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1055.015 - ListPlanting
MITREへのリンク →

Darkhotel

Score: 11.75
Matched TTPs:
  • T1218.013 - Mavinject
  • T1562.009 - Safe Mode Boot
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT1

Score: 7.59
Matched TTPs:
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1622 - Debugger Evasion
  • T1053.002 - At
MITREへのリンク →

Sidewinder

Score: 9.66
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
MITREへのリンク →

menuPass

Score: 9.37
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1174 - Password Filter DLL
  • T1622 - Debugger Evasion
MITREへのリンク →

Ember Bear

Score: 4.46
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 16.76
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1570 - Lateral Tool Transfer
  • T1564.007 - VBA Stomping
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Velvet Ant

Score: 8.02
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT5

Score: 4.30
Matched TTPs:
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1622 - Debugger Evasion
MITREへのリンク →

Silence

Score: 7.01
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.009 - Cloud API
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Fox Kitten

Score: 7.12
Matched TTPs:
  • T1218.013 - Mavinject
  • T1588.001 - Malware
  • T1570 - Lateral Tool Transfer
  • T1622 - Debugger Evasion
MITREへのリンク →

ToddyCat

Score: 5.49
Matched TTPs:
  • T1218.013 - Mavinject
  • T1583.006 - Web Services
  • T1665 - Hide Infrastructure
MITREへのリンク →

SideCopy

Score: 8.13
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

Turla

Score: 12.07
Matched TTPs:
  • T1218.013 - Mavinject
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
MITREへのリンク →

Mustang Panda

Score: 14.74
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1055.005 - Thread Local Storage
MITREへのリンク →

FIN13

Score: 9.37
Matched TTPs:
  • T1218.013 - Mavinject
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
MITREへのリンク →

Medusa Group

Score: 18.94
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Lotus Blossom

Score: 6.00
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BlackByte

Score: 14.77
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Threat Group-3390

Score: 19.16
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1546.017 - Udev Rules
MITREへのリンク →

Agrius

Score: 5.15
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1059.010 - AutoHotKey & AutoIT
  • T1622 - Debugger Evasion
MITREへのリンク →

Cobalt Group

Score: 15.89
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1518.002 - Backup Software Discovery
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

Evilnum

Score: 5.17
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
MITREへのリンク →

Tonto Team

Score: 3.23
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

GALLIUM

Score: 7.07
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Higaisa

Score: 18.17
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
  • T1546.017 - Udev Rules
MITREへのリンク →

BlackTech

Score: 3.23
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 3.40
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
MITREへのリンク →

Moonstone Sleet

Score: 7.13
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1556.005 - Reversible Encryption
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Molerats

Score: 6.24
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1546.017 - Udev Rules
MITREへのリンク →

ZIRCONIUM

Score: 10.54
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1570 - Lateral Tool Transfer
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Winter Vivern

Score: 4.85
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Leviathan

Score: 10.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 6.75
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

HEXANE

Score: 5.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1583.006 - Web Services
  • T1622 - Debugger Evasion
MITREへのリンク →

Saint Bear

Score: 7.35
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Dragonfly

Score: 7.21
Matched TTPs:
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN8

Score: 7.41
Matched TTPs:
  • T1059.009 - Cloud API
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN6

Score: 8.89
Matched TTPs:
  • T1588.001 - Malware
  • T1128 - Netsh Helper DLL
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Windshift

Score: 6.84
Matched TTPs:
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Deep Panda

Score: 4.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Stealth Falcon

Score: 4.94
Matched TTPs:
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Andariel

Score: 3.01
Matched TTPs:
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 11.95
Matched TTPs:
  • T1583.006 - Web Services
  • T1078 - Valid Accounts
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Inception

Score: 6.95
Matched TTPs:
  • T1583.006 - Web Services
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

The White Company

Score: 6.14
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1578.001 - Create Snapshot
MITREへのリンク →

Confucius

Score: 5.51
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1665 - Hide Infrastructure
MITREへのリンク →

Axiom

Score: 7.68
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1160 - Launch Daemon
MITREへのリンク →

Aoqin Dragon

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedEcho

Score: 3.93
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Dark Caracal

Score: 3.24
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Scattered Spider

Score: 5.49
Matched TTPs:
  • T1498 - Network Denial of Service
  • T1622 - Debugger Evasion
MITREへのリンク →

Salt Typhoon

Score: 3.84
Matched TTPs:
  • T1498 - Network Denial of Service
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.78
Matched TTPs:
  • T1556.005 - Reversible Encryption
  • T1578.001 - Create Snapshot
  • T1583.006 - Web Services
  • T1205 - Traffic Signaling
  • T1583 - Acquire Infrastructure
  • T1570 - Lateral Tool Transfer
  • T1069.001 - Local Groups
  • T1176.001 - Browser Extensions
  • T1055.015 - ListPlanting
  • T1218.013 - Mavinject
  • T1588.001 - Malware
  • T1059.010 - AutoHotKey & AutoIT
  • T1089 - Disabling Security Tools
  • T1216 - System Script Proxy Execution
  • T1174 - Password Filter DLL
  • T1665 - Hide Infrastructure
  • T1055.005 - Thread Local Storage
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1086 - PowerShell
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る