Trusted Design

WARP (FAMILY)

概要

The WARP malware family is an HTTP based backdoor written in C++, and the majority of its code base is borrowed from source code available in the public domain. Network communications are implemented using the same WWW client library (w3c.cpp) available from www.dankrusi.com/file_69653F3336383837.html. The malware has system survey functionality (collects hostname, current user, system uptime, CPU speed, etc.) taken directly from the BO2K backdoor available from www.bo2k.com. It also contains the hard disk identification code found at www.winsim.com/diskid32/diskid32.cpp. When the WARP executing remote commands, the malware creates a copy of the ?%SYSTEMROOT%\system32\cmd.exe? file as '%USERPROFILE%\Temp\~ISUN32.EXE'. The version signature information of the duplicate executable is zeroed out. Some WARP variants maintain persistence through the use of DLL search order hijacking.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Gamaredon Group

Score: 27.73
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
  • T1561.001 - Disk Content Wipe
  • T1027.015 - Compression
MITREへのリンク →

FIN7

Score: 25.86
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

APT19

Score: 12.94
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

Kimsuky

Score: 33.60
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1620 - Reflective Code Loading
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1680 - Local Storage Discovery
  • T1584.001 - Domains
MITREへのリンク →

UNC3886

Score: 16.36
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1008 - Fallback Channels
  • T1124 - System Time Discovery
MITREへのリンク →

Carbanak

Score: 7.10
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

APT3

Score: 12.32
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Magic Hound

Score: 14.64
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1584.001 - Domains
MITREへのリンク →

TA551

Score: 5.87
Matched TTPs:
  • T1218.011 - Rundll32
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

Blue Mockingbird

Score: 13.63
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1218.010 - Regsvr32
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Wizard Spider

Score: 13.03
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

APT32

Score: 29.83
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1550.003 - Pass the Ticket
  • T1036.004 - Masquerade Task or Service
  • T1218.010 - Regsvr32
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

Lazarus Group

Score: 50.68
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1620 - Reflective Code Loading
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1574.013 - KernelCallbackTable
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
  • T1027.007 - Dynamic API Resolution
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
  • T1561.001 - Disk Content Wipe
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 14.39
Matched TTPs:
  • T1218.011 - Rundll32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

APT41

Score: 28.41
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
MITREへのリンク →

Sandworm Team

Score: 9.29
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

APT28

Score: 20.79
Matched TTPs:
  • T1218.011 - Rundll32
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
MITREへのリンク →

HAFNIUM

Score: 8.77
Matched TTPs:
  • T1218.011 - Rundll32
  • T1057 - Process Discovery
  • T1071.001 - Web Protocols
  • T1550.001 - Application Access Token
MITREへのリンク →

APT38

Score: 25.18
Matched TTPs:
  • T1218.011 - Rundll32
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1553.005 - Mark-of-the-Web Bypass
  • T1057 - Process Discovery
  • T1036.003 - Rename Legitimate Utilities
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Daggerfly

Score: 10.38
Matched TTPs:
  • T1218.011 - Rundll32
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
MITREへのリンク →

RedCurl

Score: 7.01
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

LazyScripter

Score: 3.91
Matched TTPs:
  • T1218.011 - Rundll32
  • T1608.001 - Upload Malware
MITREへのリンク →

Aquatic Panda

Score: 12.32
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Storm-0501

Score: 10.35
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1027.002 - Software Packing
MITREへのリンク →

MuddyWater

Score: 14.71
Matched TTPs:
  • T1218.011 - Rundll32
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
MITREへのリンク →

Rocke

Score: 10.75
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

TeamTNT

Score: 17.49
Matched TTPs:
  • T1014 - Rootkit
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1680 - Local Storage Discovery
MITREへのリンク →

Volt Typhoon

Score: 20.85
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

BRONZE BUTLER

Score: 13.56
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1550.003 - Pass the Ticket
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
MITREへのリンク →

TA2541

Score: 11.06
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

APT42

Score: 8.87
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

Storm-1811

Score: 4.44
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Indrik Spider

Score: 10.69
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1012 - Query Registry
  • T1136 - Create Account
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Mustard Tempest

Score: 10.93
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1608.001 - Upload Malware
  • T1608.006 - SEO Poisoning
  • T1584.001 - Domains
MITREへのリンク →

WIRTE

Score: 6.64
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

Patchwork

Score: 12.73
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1021.001 - Remote Desktop Protocol
  • T1680 - Local Storage Discovery
MITREへのリンク →

Transparent Tribe

Score: 5.92
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1203 - Exploitation for Client Execution
  • T1584.001 - Domains
MITREへのリンク →

Earth Lusca

Score: 11.69
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1057 - Process Discovery
MITREへのリンク →

BackdoorDiplomacy

Score: 4.97
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

APT29

Score: 21.45
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1550.003 - Pass the Ticket
  • T1553.005 - Mark-of-the-Web Bypass
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1027.006 - HTML Smuggling
  • T1027.002 - Software Packing
MITREへのリンク →

Naikon

Score: 4.97
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

Chimera

Score: 17.28
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
MITREへのリンク →

Ke3chang

Score: 9.74
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

Tropic Trooper

Score: 16.15
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
  • T1680 - Local Storage Discovery
MITREへのリンク →

PROMETHIUM

Score: 5.17
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

INC Ransom

Score: 5.18
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

LuminousMoth

Score: 7.86
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1071.001 - Web Protocols
MITREへのリンク →

OilRig

Score: 26.15
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1543.003 - Windows Service
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1008 - Fallback Channels
MITREへのリンク →

Darkhotel

Score: 11.75
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1497.001 - System Checks
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1124 - System Time Discovery
MITREへのリンク →

APT1

Score: 7.59
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
  • T1584.001 - Domains
MITREへのリンク →

Sidewinder

Score: 9.66
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
MITREへのリンク →

menuPass

Score: 9.37
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Ember Bear

Score: 4.46
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT39

Score: 16.76
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1012 - Query Registry
  • T1546.010 - AppInit DLLs
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Velvet Ant

Score: 8.02
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
MITREへのリンク →

APT5

Score: 4.30
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Silence

Score: 7.01
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1112 - Modify Registry
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Fox Kitten

Score: 7.12
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1036.004 - Masquerade Task or Service
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

ToddyCat

Score: 5.49
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1057 - Process Discovery
  • T1680 - Local Storage Discovery
MITREへのリンク →

SideCopy

Score: 8.13
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1608.001 - Upload Malware
  • T1584.001 - Domains
MITREへのリンク →

Turla

Score: 12.07
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
  • T1124 - System Time Discovery
MITREへのリンク →

Mustang Panda

Score: 14.74
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

FIN13

Score: 9.37
Matched TTPs:
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Medusa Group

Score: 18.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1057 - Process Discovery
  • T1573.002 - Asymmetric Cryptography
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Lotus Blossom

Score: 6.00
Matched TTPs:
  • T1543.003 - Windows Service
  • T1112 - Modify Registry
  • T1012 - Query Registry
MITREへのリンク →

BlackByte

Score: 14.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Threat Group-3390

Score: 19.16
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1027.015 - Compression
MITREへのリンク →

Agrius

Score: 5.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cobalt Group

Score: 15.89
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.003 - CMSTP
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Cinnamon Tempest

Score: 5.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Evilnum

Score: 5.17
Matched TTPs:
  • T1497.001 - System Checks
  • T1574.001 - DLL
MITREへのリンク →

Tonto Team

Score: 3.23
Matched TTPs:
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

GALLIUM

Score: 7.07
Matched TTPs:
  • T1574.001 - DLL
  • T1036.003 - Rename Legitimate Utilities
  • T1027.002 - Software Packing
MITREへのリンク →

Higaisa

Score: 18.17
Matched TTPs:
  • T1574.001 - DLL
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1680 - Local Storage Discovery
  • T1124 - System Time Discovery
  • T1027.015 - Compression
MITREへのリンク →

BlackTech

Score: 3.23
Matched TTPs:
  • T1574.001 - DLL
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gorgon Group

Score: 3.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
MITREへのリンク →

Moonstone Sleet

Score: 7.13
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
  • T1569.002 - Service Execution
MITREへのリンク →

Molerats

Score: 6.24
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1027.015 - Compression
MITREへのリンク →

ZIRCONIUM

Score: 10.54
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1012 - Query Registry
  • T1027.002 - Software Packing
  • T1124 - System Time Discovery
MITREへのリンク →

Winter Vivern

Score: 4.85
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1071.001 - Web Protocols
MITREへのリンク →

Leviathan

Score: 10.61
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 6.75
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

HEXANE

Score: 5.14
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1057 - Process Discovery
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Saint Bear

Score: 7.35
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Dragonfly

Score: 7.21
Matched TTPs:
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN8

Score: 7.41
Matched TTPs:
  • T1112 - Modify Registry
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

FIN6

Score: 8.89
Matched TTPs:
  • T1036.004 - Masquerade Task or Service
  • T1573.002 - Asymmetric Cryptography
  • T1021.001 - Remote Desktop Protocol
  • T1569.002 - Service Execution
MITREへのリンク →

Windshift

Score: 6.84
Matched TTPs:
  • T1057 - Process Discovery
  • T1036.001 - Invalid Code Signature
  • T1071.001 - Web Protocols
MITREへのリンク →

Deep Panda

Score: 4.26
Matched TTPs:
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Stealth Falcon

Score: 4.94
Matched TTPs:
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1071.001 - Web Protocols
MITREへのリンク →

Andariel

Score: 3.01
Matched TTPs:
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 11.95
Matched TTPs:
  • T1057 - Process Discovery
  • T1036.001 - Invalid Code Signature
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Inception

Score: 6.95
Matched TTPs:
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

The White Company

Score: 6.14
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1124 - System Time Discovery
MITREへのリンク →

Confucius

Score: 5.51
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1680 - Local Storage Discovery
MITREへのリンク →

Axiom

Score: 7.68
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1021.001 - Remote Desktop Protocol
  • T1001.002 - Steganography
MITREへのリンク →

Aoqin Dragon

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

RedEcho

Score: 3.93
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

Dark Caracal

Score: 3.24
Matched TTPs:
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Scattered Spider

Score: 5.49
Matched TTPs:
  • T1136 - Create Account
  • T1021.001 - Remote Desktop Protocol
MITREへのリンク →

Salt Typhoon

Score: 3.84
Matched TTPs:
  • T1136 - Create Account
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1027.015 - Compression
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.78
Matched TTPs:
  • T1574.001 - DLL
  • T1027.007 - Dynamic API Resolution
  • T1036.005 - Match Legitimate Resource Name or Location
  • T1218.011 - Rundll32
  • T1124 - System Time Discovery
  • T1561.001 - Disk Content Wipe
  • T1620 - Reflective Code Loading
  • T1543.003 - Windows Service
  • T1203 - Exploitation for Client Execution
  • T1680 - Local Storage Discovery
  • T1008 - Fallback Channels
  • T1021.001 - Remote Desktop Protocol
  • T1057 - Process Discovery
  • T1529 - System Shutdown/Reboot
  • T1140 - Deobfuscate/Decode Files or Information
  • T1071.001 - Web Protocols
  • T1036.003 - Rename Legitimate Utilities
  • T1574.013 - KernelCallbackTable
  • T1012 - Query Registry
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る