Trusted Design

Lazarus group: Operation Blockbuster

概要

The Lazarus Group’s activity spans multiple years, going back as far as 2009. However, their activity spikes starting with 2011. The group deployed multiple malware families throughout the years, including malware associated with Operation Troy and DarkSeoul, the Hangman malware (2014-2015) and Wild Positron / Duuzer (2015). The group is known for spearphishing attacks, which include CVE-2015-6585, which was a zero-day vulnerability at the time of discovery. During our analysis of the malware from the SPE attack as well as the connected malware families mentioned above, we observed certain specific traits shared between samples used in separate attacks. In general, such similarities are instances of code sharing and indicate the existence of a relationship between the malware families, which can be used to paint a more complete picture of a threat actor. We describe some of these overlapping features below. Source: https://securelist.com/blog/incidents/73914/operation-blockbuster-revealed/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Turla

Score: 32.74
Matched TTPs:
  • T1056.001 - Keylogging
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT41

Score: 20.88
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1564.003 - Hidden Window
MITREへのリンク →

Scattered Spider

Score: 28.99
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1120 - Peripheral Device Discovery
  • T1218.015 - Electron Applications
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1197 - BITS Jobs
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

TA505

Score: 13.76
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Volt Typhoon

Score: 38.20
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1562.009 - Safe Mode Boot
  • T1686.003 - Windows Host Firewall
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1070.006 - Timestomp
  • T1059.009 - Cloud API
  • T1049 - System Network Connections Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT3

Score: 12.86
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

FIN13

Score: 12.21
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

OilRig

Score: 35.48
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1606.002 - SAML Tokens
  • T1562.009 - Safe Mode Boot
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Gamaredon Group

Score: 49.77
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1061 - Graphical User Interface
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1086 - PowerShell
MITREへのリンク →

APT28

Score: 32.21
Matched TTPs:
  • T1552.005 - Cloud Instance Metadata API
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Kimsuky

Score: 36.31
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1205 - Traffic Signaling
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
  • T1197 - BITS Jobs
  • T1665 - Hide Infrastructure
MITREへのリンク →

Moonstone Sleet

Score: 13.21
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
MITREへのリンク →

Indrik Spider

Score: 10.48
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Lazarus Group

Score: 49.11
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1205 - Traffic Signaling
  • T1050 - New Service
  • T1070.006 - Timestomp
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1069.001 - Local Groups
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1055.005 - Thread Local Storage
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
  • T1086 - PowerShell
MITREへのリンク →

Contagious Interview

Score: 30.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1021.006 - Windows Remote Management
  • T1218.008 - Odbcconf
  • T1016 - System Network Configuration Discovery
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1221 - Template Injection
MITREへのリンク →

UNC3886

Score: 17.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
MITREへのリンク →

LuminousMoth

Score: 10.94
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Sandworm Team

Score: 28.74
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1686.003 - Windows Host Firewall
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

APT29

Score: 12.46
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
MITREへのリンク →

Play

Score: 10.83
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 12.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1591.003 - Identify Business Tempo
  • T1120 - Peripheral Device Discovery
  • T1542.004 - ROMMONkit
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Moses Staff

Score: 5.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Ke3chang

Score: 11.23
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

Mustang Panda

Score: 38.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1092 - Communication Through Removable Media
  • T1569.001 - Launchctl
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 21.95
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1071.003 - Mail Protocols
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN7

Score: 29.81
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1205 - Traffic Signaling
  • T1011.001 - Exfiltration Over Bluetooth
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1578.001 - Create Snapshot
MITREへのリンク →

Darkhotel

Score: 21.00
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1562.009 - Safe Mode Boot
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1064 - Scripting
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

BRONZE BUTLER

Score: 24.81
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1542.004 - ROMMONkit
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
MITREへのリンク →

Cinnamon Tempest

Score: 9.06
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
MITREへのリンク →

Evilnum

Score: 5.17
Matched TTPs:
  • T1562.009 - Safe Mode Boot
  • T1089 - Disabling Security Tools
MITREへのリンク →

Storm-0501

Score: 14.07
Matched TTPs:
  • T1686.003 - Windows Host Firewall
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.015 - Electron Applications
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
MITREへのリンク →

Chimera

Score: 17.32
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
MITREへのリンク →

MuddyWater

Score: 24.95
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Velvet Ant

Score: 10.41
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tonto Team

Score: 3.23
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

Patchwork

Score: 11.84
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

Aquatic Panda

Score: 14.30
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

GALLIUM

Score: 7.34
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
MITREへのリンク →

Higaisa

Score: 17.48
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1569.003 - Systemctl
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
  • T1578.001 - Create Snapshot
MITREへのリンク →

APT32

Score: 20.06
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Storm-1811

Score: 7.77
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1199 - Trusted Relationship
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

Tropic Trooper

Score: 20.78
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1562.011 - Spoof Security Alerting
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1665 - Hide Infrastructure
MITREへのリンク →

Earth Lusca

Score: 20.97
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1003.007 - Proc Filesystem
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

BlackTech

Score: 5.55
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

SideCopy

Score: 9.56
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Daggerfly

Score: 11.39
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1573 - Encrypted Channel
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Naikon

Score: 3.63
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1506 - Web Session Cookie
MITREへのリンク →

Threat Group-3390

Score: 20.21
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BackdoorDiplomacy

Score: 6.51
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT19

Score: 7.19
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

Sidewinder

Score: 13.19
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
  • T1578.001 - Create Snapshot
MITREへのリンク →

menuPass

Score: 11.94
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1542.004 - ROMMONkit
  • T1174 - Password Filter DLL
MITREへのリンク →

Poseidon Group

Score: 4.04
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
MITREへのリンク →

admin@338

Score: 5.22
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1120 - Peripheral Device Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

APT1

Score: 7.35
Matched TTPs:
  • T1003.007 - Proc Filesystem
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
MITREへのリンク →

Windigo

Score: 3.95
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1159 - Launch Agent
MITREへのリンク →

BlackByte

Score: 18.11
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1070.003 - Clear Command History
  • T1091 - Replication Through Removable Media
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
MITREへのリンク →

ZIRCONIUM

Score: 13.05
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1608.005 - Link Target
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1578.001 - Create Snapshot
MITREへのリンク →

Blue Mockingbird

Score: 5.35
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
MITREへのリンク →

HEXANE

Score: 12.14
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1159 - Launch Agent
MITREへのリンク →

TA2541

Score: 14.94
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Rocke

Score: 13.08
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1597 - Search Closed Sources
  • T1059.013 - Container CLI/API
  • T1506 - Web Session Cookie
MITREへのリンク →

APT37

Score: 7.25
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Inception

Score: 7.81
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

CURIUM

Score: 3.80
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1578.001 - Create Snapshot
MITREへのリンク →

Malteiro

Score: 4.67
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1506 - Web Session Cookie
MITREへのリンク →

APT38

Score: 18.49
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1503 - Credentials from Web Browsers
  • T1059.009 - Cloud API
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1174 - Password Filter DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Magic Hound

Score: 22.28
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1070.003 - Clear Command History
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1187 - Forced Authentication
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

APT42

Score: 10.50
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

FIN8

Score: 8.53
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Winter Vivern

Score: 4.24
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Mustard Tempest

Score: 3.18
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Sowbug

Score: 4.24
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1542.004 - ROMMONkit
MITREへのリンク →

Wizard Spider

Score: 16.25
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1038 - DLL Search Order Hijacking
  • T1059.009 - Cloud API
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1506 - Web Session Cookie
MITREへのリンク →

Windshift

Score: 7.37
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1159 - Launch Agent
MITREへのリンク →

Medusa Group

Score: 19.46
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1608.005 - Link Target
  • T1583.006 - Web Services
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

Stealth Falcon

Score: 4.96
Matched TTPs:
  • T1120 - Peripheral Device Discovery
  • T1583.006 - Web Services
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

APT39

Score: 14.28
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1564.007 - VBA Stomping
MITREへのリンク →

Gorgon Group

Score: 9.67
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1050 - New Service
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Agrius

Score: 4.83
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1597 - Search Closed Sources
MITREへのリンク →

Molerats

Score: 3.09
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
MITREへのリンク →

Leviathan

Score: 11.19
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1140 - Deobfuscate/Decode Files or Information
  • T1050 - New Service
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

LazyScripter

Score: 6.44
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
MITREへのリンク →

BITTER

Score: 4.32
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 12.95
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1064 - Scripting
  • T1608.005 - Link Target
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Ember Bear

Score: 12.89
Matched TTPs:
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1136.002 - Domain Account
  • T1597 - Search Closed Sources
  • T1218.010 - Regsvr32
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1573 - Encrypted Channel
MITREへのリンク →

Sea Turtle

Score: 7.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Fox Kitten

Score: 10.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1542.004 - ROMMONkit
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

ToddyCat

Score: 7.72
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1583.006 - Web Services
  • T1506 - Web Session Cookie
  • T1665 - Hide Infrastructure
MITREへのリンク →

INC Ransom

Score: 4.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
MITREへのリンク →

Dragonfly

Score: 14.43
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1578.002 - Create Cloud Instance
MITREへのリンク →

Axiom

Score: 11.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

HAFNIUM

Score: 12.47
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.008 - Odbcconf
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1583.006 - Web Services
MITREへのリンク →

Lotus Blossom

Score: 4.91
Matched TTPs:
  • T1059.009 - Cloud API
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

LAPSUS$

Score: 18.97
Matched TTPs:
  • T1218.008 - Odbcconf
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1564.003 - Hidden Window
  • T1588.005 - Exploits
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 12.35
Matched TTPs:
  • T1136.002 - Domain Account
  • T1583.006 - Web Services
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Confucius

Score: 6.34
Matched TTPs:
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
MITREへのリンク →

APT33

Score: 6.48
Matched TTPs:
  • T1567.001 - Exfiltration to Code Repository
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

FIN6

Score: 5.39
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Cobalt Group

Score: 9.92
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1506 - Web Session Cookie
MITREへのリンク →

The White Company

Score: 5.98
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
MITREへのリンク →

TA551

Score: 3.03
Matched TTPs:
  • T1562.011 - Spoof Security Alerting
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.87
Matched TTPs:
  • T1205 - Traffic Signaling
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1606.002 - SAML Tokens
  • T1174 - Password Filter DLL
  • T1570 - Lateral Tool Transfer
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1665 - Hide Infrastructure
  • T1218.010 - Regsvr32
  • T1578.001 - Create Snapshot
  • T1089 - Disabling Security Tools
  • T1070.006 - Timestomp
  • T1055.005 - Thread Local Storage
  • T1069.001 - Local Groups
  • T1608.005 - Link Target
  • T1050 - New Service
  • T1120 - Peripheral Device Discovery
  • T1086 - PowerShell
MITREへのリンク →

Gamaredon Group

Score: 0.84
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1205 - Traffic Signaling
  • T1562.009 - Safe Mode Boot
  • T1199 - Trusted Relationship
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1542.004 - ROMMONkit
  • T1059.010 - AutoHotKey & AutoIT
  • T1583.006 - Web Services
  • T1591.003 - Identify Business Tempo
  • T1552.005 - Cloud Instance Metadata API
  • T1059.009 - Cloud API
  • T1092 - Communication Through Removable Media
  • T1061 - Graphical User Interface
  • T1059.013 - Container CLI/API
  • T1608.005 - Link Target
  • T1120 - Peripheral Device Discovery
  • T1086 - PowerShell
  • T1506 - Web Session Cookie
MITREへのリンク →

Volt Typhoon

Score: 0.66
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.010 - AutoHotKey & AutoIT
  • T1578.001 - Create Snapshot
  • T1070.006 - Timestomp
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1159 - Launch Agent
  • T1049 - System Network Connections Discovery
  • T1665 - Hide Infrastructure
  • T1562.009 - Safe Mode Boot
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1059.009 - Cloud API
  • T1560.003 - Archive via Custom Method
  • T1686.003 - Windows Host Firewall
MITREへのリンク →

Mustang Panda

Score: 0.66
Matched TTPs:
  • T1169 - Sudo
  • T1091 - Replication Through Removable Media
  • T1059.010 - AutoHotKey & AutoIT
  • T1569.001 - Launchctl
  • T1089 - Disabling Security Tools
  • T1055.005 - Thread Local Storage
  • T1583.006 - Web Services
  • T1159 - Launch Agent
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1120 - Peripheral Device Discovery
  • T1092 - Communication Through Removable Media
  • T1136.001 - Local Account
MITREへのリンク →

Kimsuky

Score: 0.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1205 - Traffic Signaling
  • T1665 - Hide Infrastructure
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1059.009 - Cloud API
  • T1120 - Peripheral Device Discovery
  • T1092 - Communication Through Removable Media
  • T1570 - Lateral Tool Transfer
  • T1506 - Web Session Cookie
MITREへのリンク →

OilRig

Score: 0.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1005 - Data from Local System
  • T1128 - Netsh Helper DLL
  • T1552.005 - Cloud Instance Metadata API
  • T1562.009 - Safe Mode Boot
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1059.009 - Cloud API
  • T1120 - Peripheral Device Discovery
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Turla

Score: 0.61
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1506 - Web Session Cookie
  • T1578.001 - Create Snapshot
  • T1003.007 - Proc Filesystem
  • T1583.006 - Web Services
  • T1552.005 - Cloud Instance Metadata API
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1597 - Search Closed Sources
  • T1570 - Lateral Tool Transfer
  • T1059.009 - Cloud API
  • T1120 - Peripheral Device Discovery
  • T1136.002 - Domain Account
  • T1056.001 - Keylogging
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1542.004 - ROMMONkit
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
  • T1583.006 - Web Services
  • T1566.003 - Spearphishing via Service
  • T1552.005 - Cloud Instance Metadata API
  • T1146 - Clear Command History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1548.004 - Elevated Execution with Prompt
MITREへのリンク →

FIN7

Score: 0.60
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1091 - Replication Through Removable Media
  • T1059.010 - AutoHotKey & AutoIT
  • T1578.001 - Create Snapshot
  • T1573 - Encrypted Channel
  • T1583.006 - Web Services
  • T1205 - Traffic Signaling
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1120 - Peripheral Device Discovery
  • T1092 - Communication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
MITREへのリンク →

Related CVEs

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る