Trusted Design

T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis

概要

Most custom backdoors used by advanced attackers have limited functionality. They evade detection by keeping their code simple and flying under the radar. But during a recent investigation we found a backdoor that takes a very different approach. We refer to this backdoor as T9000, which is a newer variant of the T5000 malware family, also known as Plat1. In addition to the basic functionality all backdoors provide, T9000 allows the attacker to capture encrypted data, take screenshots of specific applications and specifically target Skype users. The malware goes to great lengths to identify a total of 24 potential security products that may be running on a system and customizes its installation mechanism to specifically evade those that are installed. It uses a multi-stage installation process with specific checks at each point to identify if it is undergoing analysis by a security researcher. The primary functionality of this tool is to gather information about the victim.

Created: 2026-02-23

Indicators

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Dragonfly

Score: 15.46
Matched TTPs:
  • T1113 - Screen Capture
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
MITREへのリンク →

BRONZE BUTLER

Score: 14.71
Matched TTPs:
  • T1113 - Screen Capture
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Gamaredon Group

Score: 30.71
Matched TTPs:
  • T1113 - Screen Capture
  • T1497.001 - System Checks
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
MITREへのリンク →

OilRig

Score: 38.85
Matched TTPs:
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT28

Score: 35.85
Matched TTPs:
  • T1113 - Screen Capture
  • T1014 - Rootkit
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

GOLD SOUTHFIELD

Score: 9.28
Matched TTPs:
  • T1113 - Screen Capture
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1195.002 - Compromise Software Supply Chain
MITREへのリンク →

APT42

Score: 14.80
Matched TTPs:
  • T1113 - Screen Capture
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Magic Hound

Score: 30.87
Matched TTPs:
  • T1113 - Screen Capture
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573 - Encrypted Channel
  • T1592.002 - Software
  • T1102.002 - Bidirectional Communication
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

MuddyWater

Score: 30.20
Matched TTPs:
  • T1113 - Screen Capture
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Winter Vivern

Score: 11.07
Matched TTPs:
  • T1113 - Screen Capture
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1056.003 - Web Portal Capture
MITREへのリンク →

Silence

Score: 5.59
Matched TTPs:
  • T1113 - Screen Capture
  • T1055 - Process Injection
  • T1588.002 - Tool
MITREへのリンク →

Volt Typhoon

Score: 32.60
Matched TTPs:
  • T1113 - Screen Capture
  • T1497.001 - System Checks
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1217 - Browser Information Discovery
  • T1074 - Data Staged
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT39

Score: 17.86
Matched TTPs:
  • T1113 - Screen Capture
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
MITREへのリンク →

Kimsuky

Score: 35.63
Matched TTPs:
  • T1113 - Screen Capture
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Dark Caracal

Score: 6.26
Matched TTPs:
  • T1113 - Screen Capture
  • T1005 - Data from Local System
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

FIN7

Score: 38.43
Matched TTPs:
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1674 - Input Injection
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Winnti Group

Score: 4.80
Matched TTPs:
  • T1014 - Rootkit
  • T1057 - Process Discovery
MITREへのリンク →

APT41

Score: 31.54
Matched TTPs:
  • T1014 - Rootkit
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.006 - Indicator Blocking
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1595.003 - Wordlist Scanning
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
  • T1480.001 - Environmental Keying
MITREへのリンク →

Rocke

Score: 24.93
Matched TTPs:
  • T1014 - Rootkit
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1055.002 - Portable Executable Injection
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

TeamTNT

Score: 22.22
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

UNC3886

Score: 25.94
Matched TTPs:
  • T1014 - Rootkit
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1681 - Search Threat Vendor Data
  • T1548 - Abuse Elevation Control Mechanism
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT37

Score: 18.68
Matched TTPs:
  • T1123 - Audio Capture
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1057 - Process Discovery
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

FIN6

Score: 17.03
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1005 - Data from Local System
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1046 - Network Service Discovery
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

CopyKittens

Score: 4.00
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1588.002 - Tool
MITREへのリンク →

Mustang Panda

Score: 43.54
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1678 - Delay Execution
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Lotus Blossom

Score: 8.00
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
MITREへのリンク →

Lazarus Group

Score: 47.61
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1010 - Application Window Discovery
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

FIN13

Score: 13.07
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Moonstone Sleet

Score: 15.58
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1217 - Browser Information Discovery
  • T1195.002 - Compromise Software Supply Chain
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 8.65
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
MITREへのリンク →

Contagious Interview

Score: 23.18
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1681 - Search Threat Vendor Data
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1566.003 - Spearphishing via Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LuminousMoth

Score: 11.49
Matched TTPs:
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 27.71
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1592.002 - Software
  • T1195.002 - Compromise Software Supply Chain
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Salt Typhoon

Score: 11.70
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1602.002 - Network Device Configuration Dump
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT29

Score: 15.51
Matched TTPs:
  • T1587.001 - Malware
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Play

Score: 10.83
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 11.93
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1573.002 - Asymmetric Cryptography
  • T1046 - Network Service Discovery
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Moses Staff

Score: 5.62
Matched TTPs:
  • T1587.001 - Malware
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 26.46
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Ke3chang

Score: 12.68
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

Evilnum

Score: 3.44
Matched TTPs:
  • T1497.001 - System Checks
MITREへのリンク →

Darkhotel

Score: 19.10
Matched TTPs:
  • T1497.001 - System Checks
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1497 - Virtualization/Sandbox Evasion
  • T1057 - Process Discovery
  • T1497.002 - User Activity Based Checks
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Aquatic Panda

Score: 12.18
Matched TTPs:
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Poseidon Group

Score: 4.04
Matched TTPs:
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Chimera

Score: 12.18
Matched TTPs:
  • T1007 - System Service Discovery
  • T1217 - Browser Information Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
MITREへのリンク →

Earth Lusca

Score: 17.12
Matched TTPs:
  • T1007 - System Service Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
MITREへのリンク →

admin@338

Score: 5.22
Matched TTPs:
  • T1007 - System Service Discovery
  • T1082 - System Information Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 8.80
Matched TTPs:
  • T1007 - System Service Discovery
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

Windigo

Score: 5.40
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1518 - Software Discovery
MITREへのリンク →

BlackByte

Score: 23.10
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1562 - Impair Defenses
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

ZIRCONIUM

Score: 9.42
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1102.002 - Bidirectional Communication
  • T1012 - Query Registry
MITREへのリンク →

Blue Mockingbird

Score: 10.81
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1574.012 - COR_PROFILER
MITREへのリンク →

HEXANE

Score: 14.53
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
  • T1518 - Software Discovery
MITREへのリンク →

TA2541

Score: 17.40
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT32

Score: 22.15
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
  • T1564.001 - Hidden Files and Directories
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Inception

Score: 12.01
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1518 - Software Discovery
MITREへのリンク →

Higaisa

Score: 5.78
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

CURIUM

Score: 9.02
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Malteiro

Score: 4.67
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.001 - Security Software Discovery
MITREへのリンク →

APT38

Score: 19.65
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055 - Process Injection
  • T1217 - Browser Information Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Scattered Spider

Score: 17.06
Matched TTPs:
  • T1082 - System Information Discovery
  • T1217 - Browser Information Discovery
  • T1588.001 - Malware
  • T1074 - Data Staged
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1213.005 - Messaging Applications
MITREへのリンク →

APT3

Score: 5.66
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sidewinder

Score: 8.86
Matched TTPs:
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

Daggerfly

Score: 6.37
Matched TTPs:
  • T1082 - System Information Discovery
  • T1195.002 - Compromise Software Supply Chain
  • T1012 - Query Registry
MITREへのリンク →

Storm-0501

Score: 8.84
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1518.001 - Security Software Discovery
MITREへのリンク →

SideCopy

Score: 7.82
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
MITREへのリンク →

APT19

Score: 6.37
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN8

Score: 9.45
Matched TTPs:
  • T1082 - System Information Discovery
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Tropic Trooper

Score: 21.23
Matched TTPs:
  • T1082 - System Information Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
  • T1518 - Software Discovery
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Mustard Tempest

Score: 7.72
Matched TTPs:
  • T1082 - System Information Discovery
  • T1608.001 - Upload Malware
  • T1608.006 - SEO Poisoning
MITREへのリンク →

Wizard Spider

Score: 23.31
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1518.002 - Backup Software Discovery
  • T1074 - Data Staged
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1518.001 - Security Software Discovery
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Patchwork

Score: 6.89
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Windshift

Score: 9.89
Matched TTPs:
  • T1082 - System Information Discovery
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1518 - Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Medusa Group

Score: 30.15
Matched TTPs:
  • T1082 - System Information Discovery
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1650 - Acquire Access
  • T1046 - Network Service Discovery
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Stealth Falcon

Score: 6.41
Matched TTPs:
  • T1082 - System Information Discovery
  • T1005 - Data from Local System
  • T1057 - Process Discovery
  • T1012 - Query Registry
MITREへのリンク →

LAPSUS$

Score: 8.60
Matched TTPs:
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1213.005 - Messaging Applications
MITREへのリンク →

HAFNIUM

Score: 13.25
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1564.001 - Hidden Files and Directories
  • T1550.001 - Application Access Token
MITREへのリンク →

Axiom

Score: 8.95
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1203 - Exploitation for Client Execution
  • T1001.002 - Steganography
MITREへのリンク →

ToddyCat

Score: 8.86
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1518.001 - Security Software Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Fox Kitten

Score: 16.79
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1217 - Browser Information Discovery
  • T1210 - Exploitation of Remote Services
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
  • T1213.005 - Messaging Applications
MITREへのリンク →

Andariel

Score: 10.76
Matched TTPs:
  • T1005 - Data from Local System
  • T1588.001 - Malware
  • T1057 - Process Discovery
  • T1592.002 - Software
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

GALLIUM

Score: 3.77
Matched TTPs:
  • T1005 - Data from Local System
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Agrius

Score: 8.05
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
  • T1046 - Network Service Discovery
MITREへのリンク →

Threat Group-3390

Score: 22.61
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1046 - Network Service Discovery
MITREへのリンク →

Ember Bear

Score: 17.02
Matched TTPs:
  • T1005 - Data from Local System
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
MITREへのリンク →

menuPass

Score: 9.85
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
MITREへのリンク →

WIRTE

Score: 5.16
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 8.35
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1055.002 - Portable Executable Injection
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Molerats

Score: 3.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1057 - Process Discovery
MITREへのリンク →

Storm-1811

Score: 12.63
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1588.002 - Tool
  • T1056 - Input Capture
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

TA505

Score: 8.65
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Leviathan

Score: 7.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Cinnamon Tempest

Score: 3.89
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

LazyScripter

Score: 6.44
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1583.006 - Web Services
MITREへのリンク →

BITTER

Score: 7.94
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1588.002 - Tool
  • T1573 - Encrypted Channel
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 11.12
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1497 - Virtualization/Sandbox Evasion
  • T1583.006 - Web Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 5.99
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

BackdoorDiplomacy

Score: 6.54
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.001 - Malware
  • T1588.002 - Tool
  • T1046 - Network Service Discovery
MITREへのリンク →

BlackTech

Score: 5.58
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
MITREへのリンク →

Sea Turtle

Score: 7.43
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Volatile Cedar

Score: 5.60
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1595.003 - Wordlist Scanning
MITREへのリンク →

INC Ransom

Score: 12.10
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1074 - Data Staged
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1046 - Network Service Discovery
MITREへのリンク →

APT5

Score: 9.58
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1055 - Process Injection
  • T1562.006 - Indicator Blocking
  • T1057 - Process Discovery
MITREへのリンク →

DarkVishnya

Score: 9.74
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1200 - Hardware Additions
  • T1046 - Network Service Discovery
MITREへのリンク →

Carbanak

Score: 5.84
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Akira

Score: 4.39
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Cobalt Group

Score: 19.48
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1055 - Process Injection
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1195.002 - Compromise Software Supply Chain
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

Velvet Ant

Score: 11.13
Matched TTPs:
  • T1055 - Process Injection
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

PLATINUM

Score: 7.00
Matched TTPs:
  • T1055 - Process Injection
  • T1056.004 - Credential API Hooking
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1588.001 - Malware
  • T1588.002 - Tool
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1480.001 - Environmental Keying
MITREへのリンク →

Confucius

Score: 3.51
Matched TTPs:
  • T1583.006 - Web Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1583.006 - Web Services
  • T1588.002 - Tool
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Deep Panda

Score: 4.26
Matched TTPs:
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Thrip

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 5.09
Matched TTPs:
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 3.39
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1518.001 - Security Software Discovery
MITREへのリンク →

Transparent Tribe

Score: 4.16
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Naikon

Score: 3.66
Matched TTPs:
  • T1518.001 - Security Software Discovery
  • T1046 - Network Service Discovery
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81
Matched TTPs:
  • T1529 - System Shutdown/Reboot
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1005 - Data from Local System
  • T1574.013 - KernelCallbackTable
  • T1566.003 - Spearphishing via Service
  • T1583.006 - Web Services
  • T1057 - Process Discovery
  • T1102.002 - Bidirectional Communication
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1010 - Application Window Discovery
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1587.001 - Malware
  • T1560.003 - Archive via Custom Method
  • T1046 - Network Service Discovery
  • T1082 - System Information Discovery
MITREへのリンク →

Mustang Panda

Score: 0.73
Matched TTPs:
  • T1588.002 - Tool
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1560.003 - Archive via Custom Method
  • T1518 - Software Discovery
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1027.007 - Dynamic API Resolution
  • T1622 - Debugger Evasion
  • T1057 - Process Discovery
  • T1564.001 - Hidden Files and Directories
  • T1082 - System Information Discovery
  • T1587.001 - Malware
  • T1678 - Delay Execution
MITREへのリンク →

FIN7

Score: 0.72
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1588.002 - Tool
  • T1113 - Screen Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1608.001 - Upload Malware
  • T1210 - Exploitation of Remote Services
  • T1057 - Process Discovery
  • T1082 - System Information Discovery
  • T1497.002 - User Activity Based Checks
  • T1674 - Input Injection
  • T1102.002 - Bidirectional Communication
  • T1005 - Data from Local System
  • T1219 - Remote Access Tools
  • T1587.001 - Malware
  • T1564.001 - Hidden Files and Directories
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

APT28

Score: 0.65
Matched TTPs:
  • T1588.002 - Tool
  • T1113 - Screen Capture
  • T1211 - Exploitation for Defense Evasion
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1210 - Exploitation of Remote Services
  • T1550.001 - Application Access Token
  • T1014 - Rootkit
  • T1203 - Exploitation for Client Execution
  • T1057 - Process Discovery
  • T1564.001 - Hidden Files and Directories
  • T1102.002 - Bidirectional Communication
  • T1005 - Data from Local System
  • T1048.002 - Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

OilRig

Score: 0.65
Matched TTPs:
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
  • T1113 - Screen Capture
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1608.001 - Upload Malware
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1573.002 - Asymmetric Cryptography
  • T1057 - Process Discovery
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1012 - Query Registry
  • T1082 - System Information Discovery
  • T1497.001 - System Checks
  • T1587.001 - Malware
MITREへのリンク →

Kimsuky

Score: 0.60
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1113 - Screen Capture
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1608.001 - Upload Malware
  • T1560.003 - Archive via Custom Method
  • T1007 - System Service Discovery
  • T1518.001 - Security Software Discovery
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1102.002 - Bidirectional Communication
  • T1082 - System Information Discovery
  • T1587.001 - Malware
  • T1055 - Process Injection
  • T1190 - Exploit Public-Facing Application
  • T1218.010 - Regsvr32
MITREへのリンク →

APT41

Score: 0.59
Matched TTPs:
  • T1195.002 - Compromise Software Supply Chain
  • T1588.002 - Tool
  • T1595.003 - Wordlist Scanning
  • T1480.001 - Environmental Keying
  • T1014 - Rootkit
  • T1203 - Exploitation for Client Execution
  • T1046 - Network Service Discovery
  • T1082 - System Information Discovery
  • T1012 - Query Registry
  • T1005 - Data from Local System
  • T1055 - Process Injection
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
MITREへのリンク →

Medusa Group

Score: 0.58
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1650 - Acquire Access
  • T1529 - System Shutdown/Reboot
  • T1583.006 - Web Services
  • T1046 - Network Service Discovery
  • T1573.002 - Asymmetric Cryptography
  • T1518.001 - Security Software Discovery
  • T1608.002 - Upload Tool
  • T1057 - Process Discovery
  • T1082 - System Information Discovery
  • T1219 - Remote Access Tools
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Volt Typhoon

Score: 0.58
Matched TTPs:
  • T1588.002 - Tool
  • T1113 - Screen Capture
  • T1140 - Deobfuscate/Decode Files or Information
  • T1010 - Application Window Discovery
  • T1007 - System Service Discovery
  • T1518 - Software Discovery
  • T1046 - Network Service Discovery
  • T1074 - Data Staged
  • T1057 - Process Discovery
  • T1012 - Query Registry
  • T1005 - Data from Local System
  • T1497.001 - System Checks
  • T1190 - Exploit Public-Facing Application
  • T1217 - Browser Information Discovery
MITREへのリンク →

Magic Hound

Score: 0.56
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1592.002 - Software
  • T1113 - Screen Capture
  • T1566.003 - Spearphishing via Service
  • T1583.006 - Web Services
  • T1573 - Encrypted Channel
  • T1046 - Network Service Discovery
  • T1057 - Process Discovery
  • T1082 - System Information Discovery
  • T1102.002 - Bidirectional Communication
  • T1005 - Data from Local System
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る