Trusted Design

Possible Credential Stealing Malware

概要

We found a machine on our network making suspicious call outs to a Russian domain, but our anti-malware tool did not block the application. Analysis of malware identified a host of passwords in a memory dump and we later received a report from a third party security firm that the very same user's credentials were found in a Pony malware password dump. These are the IOCs we were able to identify regarding this malware. We believe that the source of the infection was a phishing campaign that had attached RTF files. The files asked the user to enable macros. In this case the user did enable macros and the infection began. The original RTF files and the downloaded executable were stored on the Users temp directory under a randomly generated folder name.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 12.81
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 11.74
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Mustang Panda

Score: 39.61
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1546.005 - Trap
  • T1677 - Poisoned Pipeline Execution
  • T1608 - Stage Capabilities
  • T1169 - Sudo
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Tonto Team

Score: 5.75
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 30.72
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BlackByte

Score: 12.65
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1166 - Setuid and Setgid
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT28

Score: 32.49
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
  • T1546.007 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

Storm-0501

Score: 9.26
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Axiom

Score: 8.62
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1218.010 - Regsvr32
  • T1189 - Drive-by Compromise
MITREへのリンク →

Leviathan

Score: 11.94
Matched TTPs:
  • T1597.002 - Purchase Technical Data
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Mustard Tempest

Score: 9.80
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

Daggerfly

Score: 5.88
Matched TTPs:
  • T1584.008 - Network Devices
  • T1174 - Password Filter DLL
MITREへのリンク →

GALLIUM

Score: 9.40
Matched TTPs:
  • T1584.008 - Network Devices
  • T1546.005 - Trap
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT29

Score: 19.93
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1537 - Transfer Data to Cloud Account
  • T1490 - Inhibit System Recovery
MITREへのリンク →

FIN13

Score: 21.89
Matched TTPs:
  • T1584.008 - Network Devices
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
  • T1686.001 - Cloud Firewall
MITREへのリンク →

Dragonfly

Score: 15.21
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Ke3chang

Score: 18.74
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1685.005 - Clear Windows Event Logs
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Agrius

Score: 7.92
Matched TTPs:
  • T1584.008 - Network Devices
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1166 - Setuid and Setgid
MITREへのリンク →

APT41

Score: 17.15
Matched TTPs:
  • T1584.008 - Network Devices
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

APT5

Score: 9.97
Matched TTPs:
  • T1584.008 - Network Devices
  • T1546.005 - Trap
  • T1677 - Poisoned Pipeline Execution
  • T1166 - Setuid and Setgid
MITREへのリンク →

menuPass

Score: 14.28
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1174 - Password Filter DLL
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Threat Group-3390

Score: 27.91
Matched TTPs:
  • T1584.008 - Network Devices
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

Wizard Spider

Score: 27.29
Matched TTPs:
  • T1584.008 - Network Devices
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1003.001 - LSASS Memory
  • T1588.001 - Malware
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1526 - Cloud Service Discovery
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

MuddyWater

Score: 16.78
Matched TTPs:
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1518.002 - Backup Software Discovery
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

OilRig

Score: 28.52
Matched TTPs:
  • T1178 - SID-History Injection
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1166 - Setuid and Setgid
  • T1556.009 - Conditional Access Policies
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Leafminer

Score: 4.30
Matched TTPs:
  • T1178 - SID-History Injection
  • T1546.005 - Trap
MITREへのリンク →

APT33

Score: 7.46
Matched TTPs:
  • T1178 - SID-History Injection
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
MITREへのリンク →

Kimsuky

Score: 36.12
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1197 - BITS Jobs
  • T1537 - Transfer Data to Cloud Account
  • T1526 - Cloud Service Discovery
  • T1053.002 - At
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Moonstone Sleet

Score: 17.06
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1546.005 - Trap
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Indrik Spider

Score: 8.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1166 - Setuid and Setgid
MITREへのリンク →

Lazarus Group

Score: 26.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1677 - Poisoned Pipeline Execution
  • T1588.001 - Malware
  • T1174 - Password Filter DLL
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Contagious Interview

Score: 11.92
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1552.003 - Shell History
  • T1221 - Template Injection
MITREへのリンク →

UNC3886

Score: 7.15
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
MITREへのリンク →

LuminousMoth

Score: 8.56
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Sandworm Team

Score: 17.35
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Play

Score: 11.04
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1546.005 - Trap
  • T1552.003 - Shell History
  • T1166 - Setuid and Setgid
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 6.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

RedCurl

Score: 16.16
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1608.004 - Drive-by Target
  • T1546.005 - Trap
  • T1574.010 - Services File Permissions Weakness
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Cleaver

Score: 3.57
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1546.005 - Trap
MITREへのリンク →

Turla

Score: 19.76
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1557.001 - Name Resolution Poisoning and SMB Relay
  • T1003.001 - LSASS Memory
  • T1556.009 - Conditional Access Policies
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TeamTNT

Score: 7.69
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN7

Score: 21.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Malteiro

Score: 5.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Elderwood

Score: 5.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Transparent Tribe

Score: 9.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
  • T1053.002 - At
MITREへのリンク →

WIRTE

Score: 3.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
MITREへのリンク →

APT-C-36

Score: 3.76
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
MITREへのリンク →

CURIUM

Score: 4.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
MITREへのリンク →

Tropic Trooper

Score: 13.90
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1003.001 - LSASS Memory
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
  • T1490 - Inhibit System Recovery
MITREへのリンク →

PLATINUM

Score: 3.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.005 - Trap
MITREへのリンク →

FIN8

Score: 8.11
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1526 - Cloud Service Discovery
MITREへのリンク →

BITTER

Score: 7.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
MITREへのリンク →

Ferocious Kitten

Score: 5.10
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

APT37

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

LazyScripter

Score: 3.64
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

PROMETHIUM

Score: 5.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1588.001 - Malware
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA505

Score: 11.37
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1166 - Setuid and Setgid
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Star Blizzard

Score: 6.09
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
MITREへのリンク →

Higaisa

Score: 9.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

Magic Hound

Score: 14.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1166 - Setuid and Setgid
  • T1053.002 - At
MITREへのリンク →

FIN4

Score: 5.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1574.010 - Services File Permissions Weakness
MITREへのリンク →

Cobalt Group

Score: 7.29
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1518.002 - Backup Software Discovery
  • T1218.010 - Regsvr32
MITREへのリンク →

Storm-1811

Score: 6.89
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1486 - Data Encrypted for Impact
MITREへのリンク →

Inception

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 9.01
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN6

Score: 9.97
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Patchwork

Score: 9.50
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gorgon Group

Score: 5.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
MITREへのリンク →

APT19

Score: 5.06
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
MITREへのリンク →

TA2541

Score: 8.84
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 7.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1546.005 - Trap
MITREへのリンク →

SideCopy

Score: 6.92
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1053.002 - At
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1546.017 - Udev Rules
MITREへのリンク →

Andariel

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

BRONZE BUTLER

Score: 9.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.005 - Trap
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
MITREへのリンク →

APT38

Score: 12.80
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.009 - Cloud API
  • T1174 - Password Filter DLL
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Naikon

Score: 6.05
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1166 - Setuid and Setgid
MITREへのリンク →

Molerats

Score: 6.38
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1546.017 - Udev Rules
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Gamaredon Group

Score: 17.65
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1608 - Stage Capabilities
  • T1059.013 - Container CLI/API
  • T1546.017 - Udev Rules
MITREへのリンク →

Darkhotel

Score: 4.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.010 - Regsvr32
MITREへのリンク →

The White Company

Score: 5.21
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Silence

Score: 7.36
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Sidewinder

Score: 5.61
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.002 - Spearphishing Link
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

Confucius

Score: 3.16
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackTech

Score: 9.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Scattered Spider

Score: 14.89
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1197 - BITS Jobs
  • T1548.006 - TCC Manipulation
MITREへのリンク →

ZIRCONIUM

Score: 11.61
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
  • T1197 - BITS Jobs
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Winter Vivern

Score: 4.54
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1059.010 - AutoHotKey & AutoIT
  • T1588.001 - Malware
MITREへのリンク →

APT1

Score: 5.63
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1546.005 - Trap
  • T1053.002 - At
MITREへのリンク →

Volt Typhoon

Score: 16.09
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1567 - Exfiltration Over Web Service
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1166 - Setuid and Setgid
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Cinnamon Tempest

Score: 6.38
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1552.003 - Shell History
  • T1166 - Setuid and Setgid
MITREへのリンク →

Rocke

Score: 9.91
Matched TTPs:
  • T1059.010 - AutoHotKey & AutoIT
  • T1059.013 - Container CLI/API
  • T1537 - Transfer Data to Cloud Account
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

APT42

Score: 7.42
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1059.009 - Cloud API
  • T1677 - Poisoned Pipeline Execution
MITREへのリンク →

Medusa Group

Score: 21.29
Matched TTPs:
  • T1218.003 - CMSTP
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1552.003 - Shell History
  • T1537 - Transfer Data to Cloud Account
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Aquatic Panda

Score: 7.68
Matched TTPs:
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1166 - Setuid and Setgid
MITREへのリンク →

Blue Mockingbird

Score: 5.70
Matched TTPs:
  • T1059.009 - Cloud API
  • T1546.005 - Trap
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HAFNIUM

Score: 13.28
Matched TTPs:
  • T1546.005 - Trap
  • T1105 - Ingress Tool Transfer
  • T1548.006 - TCC Manipulation
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Fox Kitten

Score: 5.91
Matched TTPs:
  • T1546.005 - Trap
  • T1588.001 - Malware
  • T1548.006 - TCC Manipulation
MITREへのリンク →

APT3

Score: 7.30
Matched TTPs:
  • T1546.005 - Trap
  • T1218.010 - Regsvr32
  • T1166 - Setuid and Setgid
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

INC Ransom

Score: 4.92
Matched TTPs:
  • T1552.003 - Shell History
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Akira

Score: 6.66
Matched TTPs:
  • T1552.003 - Shell History
  • T1601 - Modify System Image
MITREへのリンク →

LAPSUS$

Score: 10.61
Matched TTPs:
  • T1619 - Cloud Storage Object Discovery
  • T1601 - Modify System Image
  • T1548.006 - TCC Manipulation
MITREへのリンク →

Sea Turtle

Score: 7.78
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 7.03
Matched TTPs:
  • T1166 - Setuid and Setgid
  • T1548.006 - TCC Manipulation
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Velvet Ant

Score: 9.20
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1490 - Inhibit System Recovery
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.78
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1677 - Poisoned Pipeline Execution
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
  • T1105 - Ingress Tool Transfer
  • T1169 - Sudo
  • T1546.005 - Trap
  • T1548.006 - TCC Manipulation
  • T1597.002 - Purchase Technical Data
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1490 - Inhibit System Recovery
  • T1606.002 - SAML Tokens
  • T1537 - Transfer Data to Cloud Account
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
  • T1091 - Replication Through Removable Media
  • T1608 - Stage Capabilities
  • T1053.002 - At
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1526 - Cloud Service Discovery
  • T1552.003 - Shell History
  • T1546.005 - Trap
  • T1059.009 - Cloud API
MITREへのリンク →

APT28

Score: 0.70
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1059.010 - AutoHotKey & AutoIT
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1105 - Ingress Tool Transfer
  • T1546.005 - Trap
  • T1548.006 - TCC Manipulation
  • T1597.002 - Purchase Technical Data
  • T1546.007 - Netsh Helper DLL
MITREへのリンク →

APT32

Score: 0.64
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1218.010 - Regsvr32
  • T1490 - Inhibit System Recovery
  • T1091 - Replication Through Removable Media
  • T1027.007 - Dynamic API Resolution
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1174 - Password Filter DLL
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
  • T1546.005 - Trap
  • T1608.004 - Drive-by Target
  • T1059.009 - Cloud API
  • T1597.002 - Purchase Technical Data
MITREへのリンク →

Wizard Spider

Score: 0.60
Matched TTPs:
  • T1584.008 - Network Devices
  • T1548.006 - TCC Manipulation
  • T1003.001 - LSASS Memory
  • T1027.007 - Dynamic API Resolution
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1588.001 - Malware
  • T1166 - Setuid and Setgid
  • T1526 - Cloud Service Discovery
  • T1546.005 - Trap
  • T1059.009 - Cloud API
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Threat Group-3390

Score: 0.59
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1584.008 - Network Devices
  • T1537 - Transfer Data to Cloud Account
  • T1178 - SID-History Injection
  • T1059.010 - AutoHotKey & AutoIT
  • T1218.003 - CMSTP
  • T1091 - Replication Through Removable Media
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
  • T1546.005 - Trap
  • T1059.009 - Cloud API
MITREへのリンク →

OilRig

Score: 0.58
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1606.002 - SAML Tokens
  • T1178 - SID-History Injection
  • T1059.010 - AutoHotKey & AutoIT
  • T1091 - Replication Through Removable Media
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1592.002 - Software
  • T1166 - Setuid and Setgid
  • T1526 - Cloud Service Discovery
  • T1546.005 - Trap
  • T1059.009 - Cloud API
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Lazarus Group

Score: 0.56
Matched TTPs:
  • T1677 - Poisoned Pipeline Execution
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
  • T1606.002 - SAML Tokens
  • T1059.010 - AutoHotKey & AutoIT
  • T1087.002 - Domain Account
  • T1598.003 - Spearphishing Link
  • T1174 - Password Filter DLL
  • T1588.001 - Malware
  • T1105 - Ingress Tool Transfer
  • T1557.001 - Name Resolution Poisoning and SMB Relay
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る