Attacks Against the Mongolian Government
概要
Unit 42 has collected multiple spear phishing emails, weaponized document files, and payloads all targeting various offices of the Mongolian government and deployed between August 2015 and February 2016. The phishing emails and document files leveraged a variety of geopolitically sensitive subject matters as attractive lures, such as events in Beijing, the Dalai Lama, North Korea relations, the Zika virus, and various legitimate appearing announcements. As we began to analyze and tear down the various samples we collected, we found significant overlaps with previously reported and documented adversary groups, attack campaigns, and their toolsets, exemplifying the concept of the Digital Quartermaster.
Created: 2026-02-23
Indicators
類似Pulses
このPulseに関連する脅威アクター (事実ベース)
Score: 21.51
Matched TTPs:
- T1216.001 - PubPrn
- T1019 - System Firmware
- T1193 - Spearphishing Attachment
- T1030 - Data Transfer Size Limits
- T1065 - Uncommonly Used Port
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 29.74
Matched TTPs:
- T1044 - File System Permissions Weakness
- T1021.006 - Windows Remote Management
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 31.00
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1578 - Modify Cloud Compute Infrastructure
- T1566.002 - Spearphishing Link
- T1019 - System Firmware
- T1552.003 - Shell History
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1027.002 - Software Packing
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 6.45
Matched TTPs:
- T1666 - Modify Cloud Resource Hierarchy
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
MITREへのリンク →
Score: 10.35
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1578 - Modify Cloud Compute Infrastructure
- T1550 - Use Alternate Authentication Material
MITREへのリンク →
Score: 26.29
Matched TTPs:
- T1564.008 - Email Hiding Rules
- T1114 - Email Collection
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1193 - Spearphishing Attachment
- T1546.008 - Accessibility Features
- T1102.003 - One-Way Communication
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 13.21
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1114 - Email Collection
- T1566.002 - Spearphishing Link
- T1546.008 - Accessibility Features
MITREへのリンク →
Score: 17.38
Matched TTPs:
- T1578 - Modify Cloud Compute Infrastructure
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
- T1098.002 - Additional Email Delegate Permissions
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 48.99
Matched TTPs:
- T1114 - Email Collection
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1152 - Launchctl
- T1546.008 - Accessibility Features
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1055.014 - VDSO Hijacking
- T1102.003 - One-Way Communication
- T1562.013 - Disable or Modify Network Device Firewall
- T1690 - Prevent Command History Logging
- T1030 - Data Transfer Size Limits
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
MITREへのリンク →
Score: 22.34
Matched TTPs:
- T1114 - Email Collection
- T1057 - Process Discovery
- T1212 - Exploitation for Credential Access
- T1102.003 - One-Way Communication
- T1065 - Uncommonly Used Port
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 16.51
Matched TTPs:
- T1114 - Email Collection
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1149 - LC_MAIN Hijacking
- T1690 - Prevent Command History Logging
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.30
Matched TTPs:
- T1114 - Email Collection
- T1608.005 - Link Target
MITREへのリンク →
Score: 5.11
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.82
Matched TTPs:
- T1543.003 - Windows Service
- T1550 - Use Alternate Authentication Material
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1200 - Hardware Additions
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.47
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 11.77
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1657 - Financial Theft
- T1547.013 - XDG Autostart Entries
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 3.10
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 14.61
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1065 - Uncommonly Used Port
- T1547.013 - XDG Autostart Entries
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 21.17
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1102.003 - One-Way Communication
- T1567.002 - Exfiltration to Cloud Storage
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 3.10
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.16
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 24.08
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1567.002 - Exfiltration to Cloud Storage
- T1547.013 - XDG Autostart Entries
- T1055.005 - Thread Local Storage
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 12.46
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1055.014 - VDSO Hijacking
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 7.23
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1567.001 - Exfiltration to Code Repository
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 12.73
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1608.005 - Link Target
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 6.25
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 8.77
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1212 - Exploitation for Credential Access
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 5.62
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 3.10
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 7.63
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 8.26
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 7.08
Matched TTPs:
- T1543.003 - Windows Service
- T1608.005 - Link Target
- T1218.001 - Compiled HTML File
MITREへのリンク →
Score: 16.86
Matched TTPs:
- T1543.003 - Windows Service
- T1486 - Data Encrypted for Impact
- T1567.003 - Exfiltration to Text Storage Sites
- T1030 - Data Transfer Size Limits
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 13.60
Matched TTPs:
- T1543.003 - Windows Service
- T1608.005 - Link Target
- T1212 - Exploitation for Credential Access
- T1218.001 - Compiled HTML File
- T1547.013 - XDG Autostart Entries
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 9.57
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1567.001 - Exfiltration to Code Repository
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 8.15
Matched TTPs:
- T1543.003 - Windows Service
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.10
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.11
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.48
Matched TTPs:
- T1543.003 - Windows Service
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 3.10
Matched TTPs:
- T1543.003 - Windows Service
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 34.14
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1152 - Launchctl
- T1608.005 - Link Target
- T1057 - Process Discovery
- T1197 - BITS Jobs
- T1146 - Clear Command History
- T1200 - Hardware Additions
- T1547.013 - XDG Autostart Entries
- T1588.003 - Code Signing Certificates
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 10.24
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1657 - Financial Theft
- T1102.003 - One-Way Communication
MITREへのリンク →
Score: 17.20
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1057 - Process Discovery
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1126 - Network Share Connection Removal
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 12.07
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1218.001 - Compiled HTML File
- T1578.001 - Create Snapshot
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 19.66
Matched TTPs:
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1193 - Spearphishing Attachment
- T1657 - Financial Theft
- T1200 - Hardware Additions
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 5.92
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1030 - Data Transfer Size Limits
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1200 - Hardware Additions
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.33
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1548.006 - TCC Manipulation
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1212 - Exploitation for Credential Access
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 6.58
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1550 - Use Alternate Authentication Material
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 8.94
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.003 - CMSTP
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 13.59
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1055.014 - VDSO Hijacking
- T1200 - Hardware Additions
- T1547.013 - XDG Autostart Entries
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 4.24
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1200 - Hardware Additions
MITREへのリンク →
Score: 4.17
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1547.013 - XDG Autostart Entries
- T1547.008 - LSASS Driver
MITREへのリンク →
Score: 7.03
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1030 - Data Transfer Size Limits
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1218.001 - Compiled HTML File
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 10.46
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1567.002 - Exfiltration to Cloud Storage
- T1578.001 - Create Snapshot
- T1546.017 - Udev Rules
MITREへのリンク →
Score: 3.40
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1552.003 - Shell History
MITREへのリンク →
Score: 5.27
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1657 - Financial Theft
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.80
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1212 - Exploitation for Credential Access
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.66
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 4.03
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1200 - Hardware Additions
MITREへのリンク →
Score: 3.47
Matched TTPs:
- T1598.003 - Spearphishing Link
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 16.32
Matched TTPs:
- T1218.003 - CMSTP
- T1552.003 - Shell History
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
- T1094 - Custom Command and Control Protocol
MITREへのリンク →
Score: 5.88
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 3.37
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.71
Matched TTPs:
- T1550 - Use Alternate Authentication Material
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 5.31
Matched TTPs:
- T1071.003 - Mail Protocols
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 6.72
Matched TTPs:
- T1021.006 - Windows Remote Management
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 6.59
Matched TTPs:
- T1552.003 - Shell History
- T1562.013 - Disable or Modify Network Device Firewall
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1552.003 - Shell History
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.64
Matched TTPs:
- T1552.003 - Shell History
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 5.81
Matched TTPs:
- T1552.003 - Shell History
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 3.30
Matched TTPs:
- T1552.003 - Shell History
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 5.13
Matched TTPs:
- T1608.005 - Link Target
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
Score: 11.17
Matched TTPs:
- T1055.014 - VDSO Hijacking
- T1212 - Exploitation for Credential Access
- T1065 - Uncommonly Used Port
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 8.86
Matched TTPs:
- T1212 - Exploitation for Credential Access
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
- T1578.001 - Create Snapshot
MITREへのリンク →
Score: 7.82
Matched TTPs:
- T1562.013 - Disable or Modify Network Device Firewall
- T1685 - Disable or Modify Tools
MITREへのリンク →
Score: 3.29
Matched TTPs:
- T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →
Score: 3.12
Matched TTPs:
- T1547.013 - XDG Autostart Entries
- T1548.006 - TCC Manipulation
MITREへのリンク →
このPulseに関連する脅威アクター (推論ベース)
Score: 0.85
Matched TTPs:
- T1030 - Data Transfer Size Limits
- T1552.003 - Shell History
- T1057 - Process Discovery
- T1126 - Network Share Connection Removal
- T1114 - Email Collection
- T1055.014 - VDSO Hijacking
- T1543.003 - Windows Service
- T1546.008 - Accessibility Features
- T1608.005 - Link Target
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1562.013 - Disable or Modify Network Device Firewall
- T1690 - Prevent Command History Logging
- T1152 - Launchctl
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1102.003 - One-Way Communication
MITREへのリンク →
Score: 0.63
Matched TTPs:
- T1588.003 - Code Signing Certificates
- T1057 - Process Discovery
- T1548.006 - TCC Manipulation
- T1608.005 - Link Target
- T1566.002 - Spearphishing Link
- T1598.003 - Spearphishing Link
- T1146 - Clear Command History
- T1197 - BITS Jobs
- T1152 - Launchctl
- T1200 - Hardware Additions
- T1550 - Use Alternate Authentication Material
- T1547.013 - XDG Autostart Entries
MITREへのリンク →
Score: 0.56
Matched TTPs:
- T1030 - Data Transfer Size Limits
- T1666 - Modify Cloud Resource Hierarchy
- T1552.003 - Shell History
- T1548.006 - TCC Manipulation
- T1019 - System Firmware
- T1566.002 - Spearphishing Link
- T1578 - Modify Cloud Compute Infrastructure
- T1197 - BITS Jobs
- T1547.013 - XDG Autostart Entries
- T1027.002 - Software Packing
MITREへのリンク →
Related CVEs
このPulseに見つかったCVEはありません。
Pulse – 脅威アクター グラフ
← Pulse一覧に戻る
Trusted Design