Trusted Design

FBI CYWATCH A-000067-DM

概要

The FBI has obtained and validated information regarding a group of malicious cyber actors who have compromised and stolen sensitive information from various government and commercial networks. This group utilized the domains listed herein in furtherance of computer network exploitation (CNE) activities in the United States and abroad since at least 2011. Research and analysis indicate that these domains were associated with the command and control (C2) of customized malicious software. Furthermore, these domains have also been used to host malicious files – often through embedded links in spear phish emails. Any activity related to these domains detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Volt Typhoon

Score: 48.41
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1114 - Email Collection
  • T1553.002 - Code Signing
  • T1134.002 - Create Process with Token
  • T1049 - System Network Connections Discovery
  • T1057 - Process Discovery
  • T1552.008 - Chat Messages
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1065 - Uncommonly Used Port
  • T1546.016 - Installer Packages
  • T1574.002 - DLL Side-Loading
  • T1665 - Hide Infrastructure
MITREへのリンク →

LAPSUS$

Score: 30.44
Matched TTPs:
  • T1216.001 - PubPrn
  • T1024 - Custom Cryptographic Protocol
  • T1134.002 - Create Process with Token
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1137.004 - Outlook Home Page
  • T1065 - Uncommonly Used Port
MITREへのリンク →

Scattered Spider

Score: 26.81
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1578 - Modify Cloud Compute Infrastructure
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1019 - System Firmware
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
MITREへのリンク →

FIN4

Score: 6.94
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ember Bear

Score: 22.45
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1578 - Modify Cloud Compute Infrastructure
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 55.01
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1546.016 - Installer Packages
  • T1111 - Multi-Factor Authentication Interception
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Andariel

Score: 10.95
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Magic Hound

Score: 44.55
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1578 - Modify Cloud Compute Infrastructure
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1098.002 - Additional Email Delegate Permissions
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
  • T1053.002 - At
MITREへのリンク →

HAFNIUM

Score: 18.37
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1134.002 - Create Process with Token
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1552.008 - Chat Messages
MITREへのリンク →

APT41

Score: 17.14
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1574.002 - DLL Side-Loading
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA551

Score: 11.59
Matched TTPs:
  • T1539 - Steal Web Session Cookie
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT28

Score: 48.66
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1152 - Launchctl
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

ZIRCONIUM

Score: 18.43
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 26.22
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1055.014 - VDSO Hijacking
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Mustard Tempest

Score: 18.91
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

Silent Librarian

Score: 14.26
Matched TTPs:
  • T1578 - Modify Cloud Compute Infrastructure
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
MITREへのリンク →

Kimsuky

Score: 66.02
Matched TTPs:
  • T1114 - Email Collection
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1583.005 - Botnet
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1152 - Launchctl
  • T1134.002 - Create Process with Token
  • T1552.003 - Shell History
  • T1057 - Process Discovery
  • T1055.014 - VDSO Hijacking
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.014 - Polymorphic Code
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
  • T1003.003 - NTDS
  • T1053.002 - At
MITREへのリンク →

EXOTIC LILY

Score: 24.50
Matched TTPs:
  • T1114 - Email Collection
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1149 - LC_MAIN Hijacking
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA578

Score: 4.65
Matched TTPs:
  • T1114 - Email Collection
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 11.50
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1553.002 - Code Signing
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Moonstone Sleet

Score: 22.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 11.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.008 - Chat Messages
  • T1166 - Setuid and Setgid
  • T1546.016 - Installer Packages
MITREへのリンク →

Lazarus Group

Score: 33.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1606.001 - Web Cookies
  • T1057 - Process Discovery
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 30.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 23.55
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 13.91
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1021.006 - Windows Remote Management
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 7.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Salt Typhoon

Score: 9.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1583.005 - Botnet
  • T1553.002 - Code Signing
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 21.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1546.018 - Python Startup Hooks
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 7.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 7.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1542.004 - ROMMONkit
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 15.90
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 5.34
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 27.82
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TeamTNT

Score: 14.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1519 - Emond
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN7

Score: 28.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1011.001 - Exfiltration Over Bluetooth
  • T1057 - Process Discovery
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackTech

Score: 5.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 10.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 7.13
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

Mofang

Score: 5.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 10.38
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 6.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 4.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 10.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1053.002 - At
MITREへのリンク →

FIN8

Score: 3.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 22.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1134.002 - Create Process with Token
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT3

Score: 13.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 7.10
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1053.002 - At
MITREへのリンク →

APT33

Score: 12.32
Matched TTPs:
  • T1543.003 - Windows Service
  • T1583.005 - Botnet
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Molerats

Score: 5.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Windshift

Score: 13.41
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1078 - Valid Accounts
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 7.90
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 10.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 14.49
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 16.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 15.22
Matched TTPs:
  • T1543.003 - Windows Service
  • T1567.001 - Exfiltration to Code Repository
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA577

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 15.36
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1665 - Hide Infrastructure
MITREへのリンク →

TA505

Score: 9.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
  • T1027.018 - Invisible Unicode
MITREへのリンク →

LazyScripter

Score: 8.48
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 5.79
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

APT39

Score: 8.45
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Star Blizzard

Score: 16.37
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 8.26
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 24.75
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1098.007 - Additional Local or Domain Groups
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Velvet Ant

Score: 9.56
Matched TTPs:
  • T1583.005 - Botnet
  • T1027.007 - Dynamic API Resolution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

DarkVishnya

Score: 3.88
Matched TTPs:
  • T1583.005 - Botnet
  • T1199 - Trusted Relationship
MITREへのリンク →

HEXANE

Score: 19.17
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1134.002 - Create Process with Token
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1065 - Uncommonly Used Port
MITREへのリンク →

IndigoZebra

Score: 5.03
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
MITREへのリンク →

Gamaredon Group

Score: 26.29
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1606.001 - Web Cookies
  • T1055.014 - VDSO Hijacking
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1027.018 - Invisible Unicode
  • T1546.017 - Udev Rules
MITREへのリンク →

Threat Group-3390

Score: 17.63
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1218.003 - CMSTP
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.017 - Udev Rules
MITREへのリンク →

SideCopy

Score: 8.88
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1053.002 - At
MITREへのリンク →

BlackByte

Score: 10.50
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1606.001 - Web Cookies
  • T1166 - Setuid and Setgid
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 5.83
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 7.35
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1134.002 - Create Process with Token
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 11.28
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1137.004 - Outlook Home Page
MITREへのリンク →

APT38

Score: 7.89
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Winter Vivern

Score: 6.83
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

menuPass

Score: 10.33
Matched TTPs:
  • T1098.007 - Additional Local or Domain Groups
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.001 - PowerShell
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
MITREへのリンク →

BRONZE BUTLER

Score: 9.33
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Agrius

Score: 4.47
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1166 - Setuid and Setgid
MITREへのリンク →

PLATINUM

Score: 3.95
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Medusa Group

Score: 14.44
Matched TTPs:
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Axiom

Score: 14.70
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1160 - Launch Daemon
MITREへのリンク →

INC Ransom

Score: 9.06
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cinnamon Tempest

Score: 5.66
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
MITREへのリンク →

Storm-0501

Score: 5.27
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Fox Kitten

Score: 5.78
Matched TTPs:
  • T1059.001 - PowerShell
  • T1542.004 - ROMMONkit
MITREへのリンク →

Tonto Team

Score: 4.24
Matched TTPs:
  • T1059.001 - PowerShell
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 5.09
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

GALLIUM

Score: 4.00
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1059.004 - Unix Shell
MITREへのリンク →

FIN6

Score: 5.77
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

WIRTE

Score: 3.60
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
MITREへのリンク →

POLONIUM

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

Aquatic Panda

Score: 3.14
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1166 - Setuid and Setgid
MITREへのリンク →

Silence

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Chimera

Score: 11.40
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1166 - Setuid and Setgid
  • T1027.007 - Dynamic API Resolution
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT19

Score: 5.36
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Blue Mockingbird

Score: 5.99
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

GOLD SOUTHFIELD

Score: 3.29
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Sowbug

Score: 3.03
Matched TTPs:
  • T1542.004 - ROMMONkit
MITREへのリンク →

Deep Panda

Score: 5.90
Matched TTPs:
  • T1059.004 - Unix Shell
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT37

Score: 9.79
Matched TTPs:
  • T1078 - Valid Accounts
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Higaisa

Score: 7.48
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
  • T1546.017 - Udev Rules
MITREへのリンク →

Tropic Trooper

Score: 4.33
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Volatile Cedar

Score: 4.13
Matched TTPs:
  • T1002 - Data Compressed
MITREへのリンク →

ToddyCat

Score: 7.64
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Daggerfly

Score: 5.96
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.82
Matched TTPs:
  • T1055.014 - VDSO Hijacking
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1152 - Launchctl
  • T1197 - BITS Jobs
  • T1003.003 - NTDS
  • T1547.002 - Authentication Package
  • T1053.002 - At
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1027.014 - Polymorphic Code
  • T1098.007 - Additional Local or Domain Groups
  • T1665 - Hide Infrastructure
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1102.003 - One-Way Communication
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

Sandworm Team

Score: 0.73
Matched TTPs:
  • T1583.005 - Botnet
  • T1091 - Replication Through Removable Media
  • T1193 - Spearphishing Attachment
  • T1564.008 - Email Hiding Rules
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1187 - Forced Authentication
  • T1111 - Multi-Factor Authentication Interception
  • T1558 - Steal or Forge Kerberos Tickets
  • T1166 - Setuid and Setgid
  • T1098.007 - Additional Local or Domain Groups
  • T1546.016 - Installer Packages
  • T1114 - Email Collection
  • T1566.002 - Spearphishing Link
  • T1102.003 - One-Way Communication
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
  • T1134.002 - Create Process with Token
  • T1049 - System Network Connections Discovery
  • T1543.003 - Windows Service
MITREへのリンク →

APT28

Score: 0.66
Matched TTPs:
  • T1027.018 - Invisible Unicode
  • T1542.004 - ROMMONkit
  • T1547.002 - Authentication Package
  • T1057 - Process Discovery
  • T1558 - Steal or Forge Kerberos Tickets
  • T1098.007 - Additional Local or Domain Groups
  • T1583.005 - Botnet
  • T1566.002 - Spearphishing Link
  • T1152 - Launchctl
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1566.003 - Spearphishing via Service
  • T1059.001 - PowerShell
  • T1197 - BITS Jobs
  • T1199 - Trusted Relationship
  • T1546.007 - Netsh Helper DLL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

Volt Typhoon

Score: 0.61
Matched TTPs:
  • T1553.002 - Code Signing
  • T1134.002 - Create Process with Token
  • T1057 - Process Discovery
  • T1166 - Setuid and Setgid
  • T1665 - Hide Infrastructure
  • T1049 - System Network Connections Discovery
  • T1546.016 - Installer Packages
  • T1114 - Email Collection
  • T1148 - HISTCONTROL
  • T1102.003 - One-Way Communication
  • T1065 - Uncommonly Used Port
  • T1552.008 - Chat Messages
  • T1199 - Trusted Relationship
  • T1685.001 - Disable or Modify Windows Event Log
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

Magic Hound

Score: 0.60
Matched TTPs:
  • T1171 - LLMNR/NBT-NS Poisoning and Relay
  • T1027.018 - Invisible Unicode
  • T1547.002 - Authentication Package
  • T1053.002 - At
  • T1134.002 - Create Process with Token
  • T1166 - Setuid and Setgid
  • T1578 - Modify Cloud Compute Infrastructure
  • T1098.007 - Additional Local or Domain Groups
  • T1098.002 - Additional Email Delegate Permissions
  • T1566.002 - Spearphishing Link
  • T1547.008 - LSASS Driver
  • T1059.012 - Hypervisor CLI
  • T1187 - Forced Authentication
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1024 - Custom Cryptographic Protocol
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る