Trusted Design

20160203: BE2 extraordinary plugins, Siemens targeting

概要

It examines several additional plugins more closely, targeting details around BE2 Siemens exploitation, and some of their unusual coding failures.We previously introduced an unknown set of plugins and functionality for the linux platform, six in total. For the windows platform, we collected 17 plugins. The incident explained about attacks made through Plugins.The plugins mostly used were related to Windows and Linux functionality .These plugins gave access to the attacker into the system , through this attacker was able to control the systems.The plugin in connection with Windows systems are User mode functionality plugin, plugin which controls Driver and kernel mode functionality,communication plugin and so on.Some of the plugins installed were failed to do the purpose.This incident source also gives details of timing cycle to their visits.This incident might be helpful in analyzing behavior of the attacker and attack vectors used by them.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 19.37
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1218.010 - Regsvr32
  • T1012 - Query Registry
  • T1588.005 - Exploits
MITREへのリンク →

FIN13

Score: 10.69
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1556 - Modify Authentication Process
MITREへのリンク →

Moonstone Sleet

Score: 10.30
Matched TTPs:
  • T1587.001 - Malware
  • T1217 - Browser Information Discovery
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Indrik Spider

Score: 8.65
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
MITREへのリンク →

Lazarus Group

Score: 34.57
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1106 - Native API
  • T1010 - Application Window Discovery
  • T1560 - Archive Collected Data
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Contagious Interview

Score: 16.34
Matched TTPs:
  • T1587.001 - Malware
  • T1204.005 - Malicious Library
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1204.004 - Malicious Copy and Paste
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

OilRig

Score: 25.86
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1195 - Supply Chain Compromise
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1012 - Query Registry
  • T1008 - Fallback Channels
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 16.35
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1212 - Exploitation for Credential Access
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1008 - Fallback Channels
MITREへのリンク →

LuminousMoth

Score: 7.27
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
MITREへのリンク →

Sandworm Team

Score: 19.17
Matched TTPs:
  • T1587.001 - Malware
  • T1106 - Native API
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1499 - Endpoint Denial of Service
MITREへのリンク →

Salt Typhoon

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

APT29

Score: 8.43
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Play

Score: 7.73
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Aoqin Dragon

Score: 4.44
Matched TTPs:
  • T1587.001 - Malware
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

RedCurl

Score: 4.84
Matched TTPs:
  • T1587.001 - Malware
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Moses Staff

Score: 4.41
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Turla

Score: 21.28
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1553.006 - Code Signing Policy Modification
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
MITREへのリンク →

Ke3chang

Score: 13.45
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 14.51
Matched TTPs:
  • T1587.001 - Malware
  • T1574.001 - DLL
  • T1106 - Native API
  • T1176.002 - IDE Extensions
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

TeamTNT

Score: 10.53
Matched TTPs:
  • T1587.001 - Malware
  • T1007 - System Service Discovery
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

FIN7

Score: 17.11
Matched TTPs:
  • T1587.001 - Malware
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
MITREへのリンク →

Medusa Group

Score: 31.79
Matched TTPs:
  • T1652 - Device Driver Discovery
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1608.002 - Upload Tool
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

MuddyWater

Score: 25.80
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Gamaredon Group

Score: 20.69
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1106 - Native API
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1001 - Data Obfuscation
  • T1012 - Query Registry
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Chimera

Score: 16.83
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1106 - Native API
  • T1217 - Browser Information Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1569.002 - Service Execution
MITREへのリンク →

Cinnamon Tempest

Score: 4.05
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Velvet Ant

Score: 12.81
Matched TTPs:
  • T1574.001 - DLL
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Tonto Team

Score: 5.97
Matched TTPs:
  • T1574.001 - DLL
  • T1210 - Exploitation of Remote Services
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Patchwork

Score: 6.67
Matched TTPs:
  • T1574.001 - DLL
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Aquatic Panda

Score: 6.90
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

GALLIUM

Score: 4.05
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

Higaisa

Score: 7.03
Matched TTPs:
  • T1574.001 - DLL
  • T1106 - Native API
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 14.05
Matched TTPs:
  • T1574.001 - DLL
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1569.002 - Service Execution
MITREへのリンク →

Storm-1811

Score: 5.11
Matched TTPs:
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Tropic Trooper

Score: 13.62
Matched TTPs:
  • T1574.001 - DLL
  • T1106 - Native API
  • T1547.004 - Winlogon Helper DLL
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Earth Lusca

Score: 10.84
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
MITREへのリンク →

BRONZE BUTLER

Score: 8.40
Matched TTPs:
  • T1574.001 - DLL
  • T1007 - System Service Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT3

Score: 4.75
Matched TTPs:
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 7.83
Matched TTPs:
  • T1574.001 - DLL
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

SideCopy

Score: 4.02
Matched TTPs:
  • T1574.001 - DLL
  • T1106 - Native API
MITREへのリンク →

Daggerfly

Score: 3.97
Matched TTPs:
  • T1574.001 - DLL
  • T1012 - Query Registry
MITREへのリンク →

Threat Group-3390

Score: 14.66
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1608.002 - Upload Tool
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
MITREへのリンク →

BackdoorDiplomacy

Score: 4.05
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
MITREへのリンク →

APT19

Score: 5.33
Matched TTPs:
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Sidewinder

Score: 4.75
Matched TTPs:
  • T1574.001 - DLL
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT41

Score: 17.75
Matched TTPs:
  • T1574.001 - DLL
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
  • T1569.002 - Service Execution
  • T1008 - Fallback Channels
MITREへのリンク →

menuPass

Score: 11.68
Matched TTPs:
  • T1574.001 - DLL
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
MITREへのリンク →

Poseidon Group

Score: 4.04
Matched TTPs:
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
MITREへのリンク →

Volt Typhoon

Score: 15.72
Matched TTPs:
  • T1007 - System Service Discovery
  • T1190 - Exploit Public-Facing Application
  • T1010 - Application Window Discovery
  • T1217 - Browser Information Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

admin@338

Score: 4.02
Matched TTPs:
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT1

Score: 4.89
Matched TTPs:
  • T1007 - System Service Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

Gorgon Group

Score: 4.93
Matched TTPs:
  • T1106 - Native API
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

ToddyCat

Score: 7.80
Matched TTPs:
  • T1106 - Native API
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

APT37

Score: 8.92
Matched TTPs:
  • T1106 - Native API
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

APT38

Score: 15.76
Matched TTPs:
  • T1106 - Native API
  • T1217 - Browser Information Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

TA505

Score: 4.93
Matched TTPs:
  • T1106 - Native API
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Silence

Score: 5.53
Matched TTPs:
  • T1106 - Native API
  • T1588.002 - Tool
  • T1569.002 - Service Execution
MITREへのリンク →

BlackByte

Score: 17.22
Matched TTPs:
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1560 - Archive Collected Data
  • T1562.001 - Disable or Modify Tools
  • T1012 - Query Registry
  • T1569.002 - Service Execution
MITREへのリンク →

Magic Hound

Score: 12.29
Matched TTPs:
  • T1562 - Impair Defenses
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Ember Bear

Score: 18.08
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1210 - Exploitation of Remote Services
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
  • T1588.005 - Exploits
MITREへのリンク →

Rocke

Score: 8.41
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1562.001 - Disable or Modify Tools
  • T1027.004 - Compile After Delivery
MITREへのリンク →

APT28

Score: 32.55
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1546.015 - Component Object Model Hijacking
  • T1203 - Exploitation for Client Execution
  • T1498 - Network Denial of Service
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

GOLD SOUTHFIELD

Score: 4.06
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
MITREへのリンク →

Sea Turtle

Score: 7.43
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

Storm-0501

Score: 9.87
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Fox Kitten

Score: 9.74
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1217 - Browser Information Discovery
  • T1210 - Exploitation of Remote Services
  • T1012 - Query Registry
MITREへのリンク →

Agrius

Score: 3.27
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.001 - Disable or Modify Tools
MITREへのリンク →

Blue Mockingbird

Score: 7.46
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1569.002 - Service Execution
MITREへのリンク →

Leviathan

Score: 8.30
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

INC Ransom

Score: 9.11
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
MITREへのリンク →

Dragonfly

Score: 11.39
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1203 - Exploitation for Client Execution
  • T1012 - Query Registry
MITREへのリンク →

Axiom

Score: 10.09
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1560 - Archive Collected Data
  • T1203 - Exploitation for Client Execution
  • T1001.002 - Steganography
MITREへのリンク →

HAFNIUM

Score: 7.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1057 - Process Discovery
  • T1550.001 - Application Access Token
MITREへのリンク →

APT5

Score: 7.12
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1562.006 - Indicator Blocking
  • T1057 - Process Discovery
MITREへのリンク →

APT39

Score: 11.08
Matched TTPs:
  • T1190 - Exploit Public-Facing Application
  • T1553.006 - Code Signing Policy Modification
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1569.002 - Service Execution
MITREへのリンク →

DarkVishnya

Score: 7.98
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1200 - Hardware Additions
MITREへのリンク →

Carbanak

Score: 3.44
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
MITREへのリンク →

Akira

Score: 8.52
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1562.001 - Disable or Modify Tools
  • T1531 - Account Access Removal
MITREへのリンク →

Cobalt Group

Score: 14.56
Matched TTPs:
  • T1219 - Remote Access Tools
  • T1218.003 - CMSTP
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

HEXANE

Score: 6.21
Matched TTPs:
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1588.002 - Tool
MITREへのリンク →

FIN6

Score: 12.91
Matched TTPs:
  • T1560 - Archive Collected Data
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
  • T1569.002 - Service Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Scattered Spider

Score: 10.06
Matched TTPs:
  • T1217 - Browser Information Discovery
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Wizard Spider

Score: 11.64
Matched TTPs:
  • T1547.004 - Winlogon Helper DLL
  • T1210 - Exploitation of Remote Services
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1569.002 - Service Execution
MITREへのリンク →

Windshift

Score: 4.04
Matched TTPs:
  • T1057 - Process Discovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Deep Panda

Score: 4.26
Matched TTPs:
  • T1057 - Process Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Darkhotel

Score: 3.01
Matched TTPs:
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Stealth Falcon

Score: 3.75
Matched TTPs:
  • T1057 - Process Discovery
  • T1012 - Query Registry
MITREへのリンク →

Andariel

Score: 3.01
Matched TTPs:
  • T1057 - Process Discovery
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Inception

Score: 6.61
Matched TTPs:
  • T1057 - Process Discovery
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LAPSUS$

Score: 4.98
Matched TTPs:
  • T1588.002 - Tool
  • T1531 - Account Access Removal
MITREへのリンク →

FIN8

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

TA2541

Score: 5.39
Matched TTPs:
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

WIRTE

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1218.010 - Regsvr32
MITREへのリンク →

Lotus Blossom

Score: 3.08
Matched TTPs:
  • T1588.002 - Tool
  • T1012 - Query Registry
MITREへのリンク →

APT42

Score: 3.60
Matched TTPs:
  • T1588.002 - Tool
  • T1573.002 - Asymmetric Cryptography
MITREへのリンク →

Saint Bear

Score: 3.29
Matched TTPs:
  • T1562.001 - Disable or Modify Tools
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

PLATINUM

Score: 4.54
Matched TTPs:
  • T1056.004 - Credential API Hooking
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Lazarus Group

Score: 0.81
Matched TTPs:
  • T1010 - Application Window Discovery
  • T1057 - Process Discovery
  • T1529 - System Shutdown/Reboot
  • T1008 - Fallback Channels
  • T1106 - Native API
  • T1203 - Exploitation for Client Execution
  • T1566.003 - Spearphishing via Service
  • T1562.001 - Disable or Modify Tools
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1574.013 - KernelCallbackTable
  • T1587.001 - Malware
  • T1012 - Query Registry
  • T1560 - Archive Collected Data
MITREへのリンク →

APT28

Score: 0.76
Matched TTPs:
  • T1057 - Process Discovery
  • T1210 - Exploitation of Remote Services
  • T1498 - Network Denial of Service
  • T1190 - Exploit Public-Facing Application
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
  • T1203 - Exploitation for Client Execution
  • T1550.001 - Application Access Token
  • T1588.002 - Tool
  • T1560 - Archive Collected Data
  • T1546.015 - Component Object Model Hijacking
MITREへのリンク →

Medusa Group

Score: 0.76
Matched TTPs:
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1569.002 - Service Execution
  • T1529 - System Shutdown/Reboot
  • T1106 - Native API
  • T1573.002 - Asymmetric Cryptography
  • T1219 - Remote Access Tools
  • T1652 - Device Driver Discovery
  • T1608.002 - Upload Tool
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1057 - Process Discovery
MITREへのリンク →

OilRig

Score: 0.62
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1008 - Fallback Channels
  • T1007 - System Service Discovery
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1566.003 - Spearphishing via Service
  • T1219 - Remote Access Tools
  • T1588.002 - Tool
  • T1012 - Query Registry
  • T1587.001 - Malware
  • T1057 - Process Discovery
MITREへのリンク →

MuddyWater

Score: 0.62
Matched TTPs:
  • T1210 - Exploitation of Remote Services
  • T1559.001 - Component Object Model
  • T1190 - Exploit Public-Facing Application
  • T1027.004 - Compile After Delivery
  • T1203 - Exploitation for Client Execution
  • T1219 - Remote Access Tools
  • T1574.001 - DLL
  • T1588.002 - Tool
  • T1562.001 - Disable or Modify Tools
  • T1218.003 - CMSTP
  • T1057 - Process Discovery
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る