Trusted Design

Malicious VBScript file delivers Pony Loader

概要

researchers observed a spam campaign distributing a malicious Visual Basic script (VBScript) that delivers the Pony Loader credential-stealing malware. The subject of the emails was "UPDATED STATEMENT & INVOICE #725563" and the sender was purportedly "CREDIT & COLLECTION ," although it is unclear if the emails were sent from this account or if the address was forged. CTU researchers observed a low volume of this spam distributed to organizations in multiple verticals and do not believe the activity was targeted. In January 2016, the same email address was observed distributing the Adwind remote access trojan (RAT).

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

APT32

Score: 17.36
Matched TTPs:
  • T1110.001 - Password Guessing
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Scattered Spider

Score: 20.79
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1566.002 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1197 - BITS Jobs
  • T1622 - Debugger Evasion
MITREへのリンク →

FIN4

Score: 11.99
Matched TTPs:
  • T1666 - Modify Cloud Resource Hierarchy
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Ember Bear

Score: 13.40
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

Sandworm Team

Score: 27.87
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1005 - Data from Local System
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Mustard Tempest

Score: 10.52
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1543.002 - Systemd Service
MITREへのリンク →

Kimsuky

Score: 35.89
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1027.014 - Polymorphic Code
  • T1197 - BITS Jobs
  • T1027.010 - Command Obfuscation
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN13

Score: 9.14
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
MITREへのリンク →

Moonstone Sleet

Score: 13.79
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Indrik Spider

Score: 6.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

Lazarus Group

Score: 18.45
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1055.005 - Thread Local Storage
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Contagious Interview

Score: 13.08
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1027.010 - Command Obfuscation
  • T1221 - Template Injection
  • T1547.008 - LSASS Driver
MITREへのリンク →

OilRig

Score: 31.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1027.010 - Command Obfuscation
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

UNC3886

Score: 7.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 6.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
MITREへのリンク →

Salt Typhoon

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT29

Score: 15.32
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 8.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1166 - Setuid and Setgid
MITREへのリンク →

Aoqin Dragon

Score: 3.59
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 12.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1122 - Component Object Model Hijacking
  • T1574.010 - Services File Permissions Weakness
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Moses Staff

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

Turla

Score: 11.03
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1556.009 - Conditional Access Policies
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Ke3chang

Score: 5.96
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 28.10
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1136.001 - Local Account
  • T1608 - Stage Capabilities
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
MITREへのリンク →

TeamTNT

Score: 4.93
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN7

Score: 20.01
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1011.001 - Exfiltration Over Bluetooth
  • T1564.002 - Hidden Users
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BlackTech

Score: 8.44
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

MuddyWater

Score: 18.98
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1518.002 - Backup Software Discovery
  • T1558.001 - Golden Ticket
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Confucius

Score: 8.05
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1665 - Hide Infrastructure
MITREへのリンク →

Mofang

Score: 5.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Sidewinder

Score: 11.30
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Elderwood

Score: 3.81
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Machete

Score: 3.72
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Transparent Tribe

Score: 5.22
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

FIN8

Score: 7.12
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
MITREへのリンク →

APT3

Score: 10.50
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1622 - Debugger Evasion
MITREへのリンク →

APT1

Score: 6.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1622 - Debugger Evasion
MITREへのリンク →

Leviathan

Score: 16.90
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
  • T1546.017 - Udev Rules
MITREへのリンク →

APT33

Score: 5.22
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

ZIRCONIUM

Score: 7.34
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1197 - BITS Jobs
MITREへのリンク →

EXOTIC LILY

Score: 6.34
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

Molerats

Score: 6.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1546.017 - Udev Rules
MITREへのリンク →

Magic Hound

Score: 19.52
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1578.002 - Create Cloud Instance
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 6.25
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 13.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
MITREへのリンク →

TA2541

Score: 9.33
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 6.78
Matched TTPs:
  • T1543.003 - Windows Service
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Storm-1811

Score: 16.67
Matched TTPs:
  • T1543.003 - Windows Service
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1578.002 - Create Cloud Instance
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 15.43
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1526 - Cloud Service Discovery
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

TA577

Score: 4.11
Matched TTPs:
  • T1543.003 - Windows Service
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

Patchwork

Score: 12.16
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
MITREへのリンク →

TA505

Score: 8.47
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1166 - Setuid and Setgid
  • T1027.010 - Command Obfuscation
MITREへのリンク →

LazyScripter

Score: 6.18
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1027.010 - Command Obfuscation
MITREへのリンク →

APT39

Score: 9.24
Matched TTPs:
  • T1543.003 - Windows Service
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 24.22
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

Star Blizzard

Score: 9.62
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1657 - Financial Theft
MITREへのリンク →

CURIUM

Score: 5.86
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 15.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1578.002 - Create Cloud Instance
  • T1622 - Debugger Evasion
MITREへのリンク →

Tropic Trooper

Score: 5.20
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1665 - Hide Infrastructure
MITREへのリンク →

FIN6

Score: 7.44
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

BRONZE BUTLER

Score: 3.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

WIRTE

Score: 5.02
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1027.010 - Command Obfuscation
MITREへのリンク →

menuPass

Score: 6.74
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1622 - Debugger Evasion
MITREへのリンク →

Threat Group-3390

Score: 12.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

Gamaredon Group

Score: 12.90
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1608 - Stage Capabilities
  • T1059.013 - Container CLI/API
  • T1027.010 - Command Obfuscation
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 6.50
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
MITREへのリンク →

Inception

Score: 6.52
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Ajax Security Team

Score: 3.40
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA551

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
MITREへのリンク →

APT41

Score: 7.88
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Higaisa

Score: 9.76
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1665 - Hide Infrastructure
  • T1546.017 - Udev Rules
MITREへのリンク →

TA459

Score: 3.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Naikon

Score: 3.16
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1166 - Setuid and Setgid
MITREへのリンク →

APT19

Score: 3.62
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Malteiro

Score: 4.80
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1552.003 - Shell History
  • T1027.010 - Command Obfuscation
MITREへのリンク →

SideCopy

Score: 5.90
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Andariel

Score: 4.83
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 3.77
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
MITREへのリンク →

Silence

Score: 6.32
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

IndigoZebra

Score: 3.54
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
MITREへのリンク →

APT38

Score: 4.67
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

PLATINUM

Score: 5.41
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

HEXANE

Score: 5.72
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1027.010 - Command Obfuscation
  • T1622 - Debugger Evasion
MITREへのリンク →

LAPSUS$

Score: 12.00
Matched TTPs:
  • T1024 - Custom Cryptographic Protocol
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

Rocke

Score: 5.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1059.013 - Container CLI/API
MITREへのリンク →

Volt Typhoon

Score: 11.86
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1665 - Hide Infrastructure
MITREへのリンク →

BackdoorDiplomacy

Score: 3.93
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1136.002 - Domain Account
MITREへのリンク →

GOLD SOUTHFIELD

Score: 7.50
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Medusa Group

Score: 12.58
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Sea Turtle

Score: 12.62
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1122 - Component Object Model Hijacking
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Storm-0501

Score: 6.74
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
MITREへのリンク →

Fox Kitten

Score: 3.12
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1622 - Debugger Evasion
MITREへのリンク →

Cinnamon Tempest

Score: 6.28
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1166 - Setuid and Setgid
MITREへのリンク →

BlackByte

Score: 7.80
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Agrius

Score: 5.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

ToddyCat

Score: 9.11
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1665 - Hide Infrastructure
  • T1547.008 - LSASS Driver
MITREへのリンク →

Blue Mockingbird

Score: 8.26
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.014 - Polymorphic Code
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

INC Ransom

Score: 11.32
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Axiom

Score: 11.52
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1622 - Debugger Evasion
MITREへのリンク →

HAFNIUM

Score: 7.84
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1049 - System Network Connections Discovery
  • T1122 - Component Object Model Hijacking
MITREへのリンク →

APT5

Score: 5.40
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

Aquatic Panda

Score: 6.39
Matched TTPs:
  • T1136.002 - Domain Account
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Akira

Score: 4.17
Matched TTPs:
  • T1552.003 - Shell History
  • T1622 - Debugger Evasion
MITREへのリンク →

Chimera

Score: 9.17
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1622 - Debugger Evasion
  • T1027.007 - Dynamic API Resolution
  • T1665 - Hide Infrastructure
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1197 - BITS Jobs
  • T1622 - Debugger Evasion
  • T1543.003 - Windows Service
  • T1665 - Hide Infrastructure
  • T1027.010 - Command Obfuscation
  • T1140 - Deobfuscate/Decode Files or Information
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1606.002 - SAML Tokens
  • T1608 - Stage Capabilities
  • T1027.014 - Polymorphic Code
  • T1526 - Cloud Service Discovery
  • T1552.003 - Shell History
  • T1566.002 - Spearphishing Link
MITREへのリンク →

OilRig

Score: 0.71
Matched TTPs:
  • T1556.009 - Conditional Access Policies
  • T1547.008 - LSASS Driver
  • T1005 - Data from Local System
  • T1622 - Debugger Evasion
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1598.003 - Spearphishing Link
  • T1592.002 - Software
  • T1024 - Custom Cryptographic Protocol
  • T1606.002 - SAML Tokens
  • T1166 - Setuid and Setgid
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Sandworm Team

Score: 0.67
Matched TTPs:
  • T1005 - Data from Local System
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1598.003 - Spearphishing Link
  • T1027.010 - Command Obfuscation
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1166 - Setuid and Setgid
  • T1122 - Component Object Model Hijacking
  • T1049 - System Network Connections Discovery
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Mustang Panda

Score: 0.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1136.001 - Local Account
  • T1218.010 - Regsvr32
  • T1027.010 - Command Obfuscation
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1608 - Stage Capabilities
  • T1526 - Cloud Service Discovery
  • T1566.002 - Spearphishing Link
MITREへのリンク →

APT28

Score: 0.61
Matched TTPs:
  • T1146 - Clear Command History
  • T1197 - BITS Jobs
  • T1218.010 - Regsvr32
  • T1140 - Deobfuscate/Decode Files or Information
  • T1598.003 - Spearphishing Link
  • T1024 - Custom Cryptographic Protocol
  • T1122 - Component Object Model Hijacking
  • T1546.007 - Netsh Helper DLL
  • T1566.002 - Spearphishing Link
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る