Trusted Design

Possible Credential Stealing Malware

概要

We found a machine on our network making suspicious call outs to a Russian domain, but our anti-malware tool did not block the application. Analysis of malware identified a host of passwords in a memory dump and we later received a report from a third party security firm that the very same user's credentials were found in a Pony malware password dump. These are the IOCs we were able to identify regarding this malware. We believe that the source of the infection was a phishing campaign that had attached RTF files. The files asked the user to enable macros. In this case the user did enable macros and the infection began. The original RTF files and the downloaded executable were stored on the Users temp directory under a randomly generated folder name.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Ember Bear

Score: 12.81
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT39

Score: 11.74
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Mustang Panda

Score: 39.61
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1070 - Indicator Removal
  • T1027.012 - LNK Icon Smuggling
  • T1678 - Delay Execution
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
  • T1003.003 - NTDS
MITREへのリンク →

Tonto Team

Score: 5.75
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 30.72
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1552.002 - Credentials in Registry
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

BlackByte

Score: 12.65
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1078.002 - Domain Accounts
  • T1569.002 - Service Execution
MITREへのリンク →

APT28

Score: 32.49
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1598 - Phishing for Information
  • T1564.001 - Hidden Files and Directories
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1669 - Wi-Fi Networks
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

Storm-0501

Score: 9.26
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1036.004 - Masquerade Task or Service
  • T1657 - Financial Theft
  • T1027.002 - Software Packing
MITREへのリンク →

Axiom

Score: 8.62
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1203 - Exploitation for Client Execution
  • T1563.002 - RDP Hijacking
MITREへのリンク →

Leviathan

Score: 11.94
Matched TTPs:
  • T1003 - OS Credential Dumping
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Mustard Tempest

Score: 9.80
Matched TTPs:
  • T1583.008 - Malvertising
  • T1608.001 - Upload Malware
  • T1584.001 - Domains
MITREへのリンク →

Daggerfly

Score: 5.88
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1036.003 - Rename Legitimate Utilities
MITREへのリンク →

GALLIUM

Score: 9.40
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.001 - LSASS Memory
  • T1036.003 - Rename Legitimate Utilities
  • T1027.002 - Software Packing
MITREへのリンク →

APT29

Score: 19.93
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1027.002 - Software Packing
  • T1078.003 - Local Accounts
MITREへのリンク →

FIN13

Score: 21.89
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1657 - Financial Theft
  • T1564.001 - Hidden Files and Directories
  • T1003.003 - NTDS
  • T1556 - Modify Authentication Process
MITREへのリンク →

Dragonfly

Score: 15.21
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1003.003 - NTDS
MITREへのリンク →

Ke3chang

Score: 18.74
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1036.002 - Right-to-Left Override
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Agrius

Score: 7.92
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1078.002 - Domain Accounts
MITREへのリンク →

APT41

Score: 17.15
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

APT5

Score: 9.97
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.001 - LSASS Memory
  • T1070 - Indicator Removal
  • T1078.002 - Domain Accounts
MITREへのリンク →

menuPass

Score: 14.28
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.003 - Rename Legitimate Utilities
  • T1003.003 - NTDS
MITREへのリンク →

Threat Group-3390

Score: 27.91
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

Wizard Spider

Score: 27.29
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1547.004 - Winlogon Helper DLL
  • T1036.004 - Masquerade Task or Service
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1588.003 - Code Signing Certificates
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

MuddyWater

Score: 16.78
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1218.003 - CMSTP
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
MITREへのリンク →

OilRig

Score: 28.52
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Leafminer

Score: 4.30
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1003.001 - LSASS Memory
MITREへのリンク →

APT33

Score: 7.46
Matched TTPs:
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 36.12
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1657 - Financial Theft
  • T1027.012 - LNK Icon Smuggling
  • T1598 - Phishing for Information
  • T1027.002 - Software Packing
  • T1588.003 - Code Signing Certificates
  • T1584.001 - Domains
  • T1078.003 - Local Accounts
MITREへのリンク →

Moonstone Sleet

Score: 17.06
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1598 - Phishing for Information
  • T1569.002 - Service Execution
MITREへのリンク →

Indrik Spider

Score: 8.47
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1078.002 - Domain Accounts
MITREへのリンク →

Lazarus Group

Score: 26.75
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1134.002 - Create Process with Token
  • T1070 - Indicator Removal
  • T1036.004 - Masquerade Task or Service
  • T1036.003 - Rename Legitimate Utilities
  • T1203 - Exploitation for Client Execution
  • T1027.007 - Dynamic API Resolution
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Contagious Interview

Score: 11.92
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1657 - Financial Theft
  • T1204.004 - Malicious Copy and Paste
MITREへのリンク →

UNC3886

Score: 7.15
Matched TTPs:
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LuminousMoth

Score: 8.56
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Sandworm Team

Score: 17.35
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1003.003 - NTDS
MITREへのリンク →

Play

Score: 11.04
Matched TTPs:
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
  • T1657 - Financial Theft
  • T1078.002 - Domain Accounts
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 6.43
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

RedCurl

Score: 16.16
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1552.002 - Credentials in Registry
  • T1003.001 - LSASS Memory
  • T1056.002 - GUI Input Capture
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Cleaver

Score: 3.57
Matched TTPs:
  • T1587.001 - Malware
  • T1003.001 - LSASS Memory
MITREへのリンク →

Turla

Score: 19.76
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1134.002 - Create Process with Token
  • T1547.004 - Winlogon Helper DLL
  • T1555.004 - Windows Credential Manager
  • T1078.003 - Local Accounts
MITREへのリンク →

TeamTNT

Score: 7.69
Matched TTPs:
  • T1587.001 - Malware
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1027.002 - Software Packing
MITREへのリンク →

FIN7

Score: 21.66
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1674 - Input Injection
  • T1036.004 - Masquerade Task or Service
  • T1564.001 - Hidden Files and Directories
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
MITREへのリンク →

Malteiro

Score: 5.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
MITREへのリンク →

APT12

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Elderwood

Score: 5.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Transparent Tribe

Score: 9.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
  • T1584.001 - Domains
MITREへのリンク →

WIRTE

Score: 3.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
MITREへのリンク →

APT-C-36

Score: 3.76
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

CURIUM

Score: 4.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
MITREへのリンク →

Tropic Trooper

Score: 13.90
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1547.004 - Winlogon Helper DLL
  • T1203 - Exploitation for Client Execution
  • T1564.001 - Hidden Files and Directories
  • T1078.003 - Local Accounts
MITREへのリンク →

PLATINUM

Score: 3.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1003.001 - LSASS Memory
MITREへのリンク →

FIN8

Score: 8.11
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

BITTER

Score: 7.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Ferocious Kitten

Score: 5.10
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

APT37

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

LazyScripter

Score: 3.64
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
MITREへのリンク →

PROMETHIUM

Score: 5.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036.004 - Masquerade Task or Service
  • T1078.003 - Local Accounts
MITREへのリンク →

TA505

Score: 11.37
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1078.002 - Domain Accounts
  • T1027.002 - Software Packing
MITREへのリンク →

Star Blizzard

Score: 6.09
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
MITREへのリンク →

Higaisa

Score: 9.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1027.015 - Compression
MITREへのリンク →

Magic Hound

Score: 14.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1078.002 - Domain Accounts
  • T1584.001 - Domains
MITREへのリンク →

FIN4

Score: 5.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1056.002 - GUI Input Capture
MITREへのリンク →

Cobalt Group

Score: 7.29
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1218.003 - CMSTP
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Storm-1811

Score: 6.89
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Inception

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

EXOTIC LILY

Score: 5.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 9.01
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

FIN6

Score: 9.97
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Patchwork

Score: 9.50
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

TA459

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gorgon Group

Score: 5.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
MITREへのリンク →

APT19

Score: 5.06
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
MITREへのリンク →

TA2541

Score: 8.84
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

Earth Lusca

Score: 7.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
MITREへのリンク →

SideCopy

Score: 6.92
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1608.001 - Upload Malware
  • T1584.001 - Domains
MITREへのリンク →

Mofang

Score: 4.81
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1027.015 - Compression
MITREへのリンク →

Andariel

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BRONZE BUTLER

Score: 9.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT38

Score: 12.80
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1112 - Modify Registry
  • T1036.003 - Rename Legitimate Utilities
  • T1027.002 - Software Packing
  • T1569.002 - Service Execution
MITREへのリンク →

Naikon

Score: 6.05
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.004 - Masquerade Task or Service
  • T1078.002 - Domain Accounts
MITREへのリンク →

Molerats

Score: 6.38
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.015 - Compression
MITREへのリンク →

admin@338

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Gamaredon Group

Score: 17.65
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1027.012 - LNK Icon Smuggling
  • T1027.004 - Compile After Delivery
  • T1027.015 - Compression
MITREへのリンク →

Darkhotel

Score: 4.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

The White Company

Score: 5.21
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Silence

Score: 7.36
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1569.002 - Service Execution
MITREへのリンク →

Sidewinder

Score: 5.61
Matched TTPs:
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Confucius

Score: 3.16
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

BlackTech

Score: 9.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1566.001 - Spearphishing Attachment
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Scattered Spider

Score: 14.89
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1657 - Financial Theft
  • T1204 - User Execution
  • T1598 - Phishing for Information
  • T1003.003 - NTDS
MITREへのリンク →

ZIRCONIUM

Score: 11.61
Matched TTPs:
  • T1598.003 - Spearphishing Link
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
  • T1598 - Phishing for Information
  • T1027.002 - Software Packing
MITREへのリンク →

Winter Vivern

Score: 4.54
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1036.004 - Masquerade Task or Service
MITREへのリンク →

APT1

Score: 5.63
Matched TTPs:
  • T1566.001 - Spearphishing Attachment
  • T1003.001 - LSASS Memory
  • T1584.001 - Domains
MITREへのリンク →

Volt Typhoon

Score: 16.09
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1552 - Unsecured Credentials
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1078.002 - Domain Accounts
  • T1027.002 - Software Packing
  • T1003.003 - NTDS
MITREへのリンク →

Cinnamon Tempest

Score: 6.38
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1078.002 - Domain Accounts
MITREへのリンク →

Rocke

Score: 9.91
Matched TTPs:
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.004 - Compile After Delivery
  • T1027.002 - Software Packing
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

APT42

Score: 7.42
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1112 - Modify Registry
  • T1070 - Indicator Removal
MITREへのリンク →

Medusa Group

Score: 21.29
Matched TTPs:
  • T1608.002 - Upload Tool
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1657 - Financial Theft
  • T1027.002 - Software Packing
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
  • T1218.014 - MMC
MITREへのリンク →

Aquatic Panda

Score: 7.68
Matched TTPs:
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1078.002 - Domain Accounts
MITREへのリンク →

Blue Mockingbird

Score: 5.70
Matched TTPs:
  • T1112 - Modify Registry
  • T1003.001 - LSASS Memory
  • T1569.002 - Service Execution
MITREへのリンク →

HAFNIUM

Score: 13.28
Matched TTPs:
  • T1003.001 - LSASS Memory
  • T1564.001 - Hidden Files and Directories
  • T1003.003 - NTDS
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

Fox Kitten

Score: 5.91
Matched TTPs:
  • T1003.001 - LSASS Memory
  • T1036.004 - Masquerade Task or Service
  • T1003.003 - NTDS
MITREへのリンク →

APT3

Score: 7.30
Matched TTPs:
  • T1003.001 - LSASS Memory
  • T1203 - Exploitation for Client Execution
  • T1078.002 - Domain Accounts
  • T1027.002 - Software Packing
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

INC Ransom

Score: 4.92
Matched TTPs:
  • T1657 - Financial Theft
  • T1569.002 - Service Execution
MITREへのリンク →

Akira

Score: 6.66
Matched TTPs:
  • T1657 - Financial Theft
  • T1531 - Account Access Removal
MITREへのリンク →

LAPSUS$

Score: 10.61
Matched TTPs:
  • T1204 - User Execution
  • T1531 - Account Access Removal
  • T1003.003 - NTDS
MITREへのリンク →

Sea Turtle

Score: 7.78
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.004 - Compile After Delivery
  • T1078.003 - Local Accounts
MITREへのリンク →

Chimera

Score: 7.03
Matched TTPs:
  • T1078.002 - Domain Accounts
  • T1003.003 - NTDS
  • T1569.002 - Service Execution
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Velvet Ant

Score: 9.20
Matched TTPs:
  • T1569.002 - Service Execution
  • T1078.003 - Local Accounts
  • T1211 - Exploitation for Defense Evasion
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Mustang Panda

Score: 0.78
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1027.012 - LNK Icon Smuggling
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1070 - Indicator Removal
  • T1203 - Exploitation for Client Execution
  • T1678 - Delay Execution
  • T1003.003 - NTDS
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1587.001 - Malware
  • T1588.003 - Code Signing Certificates
  • T1003 - OS Credential Dumping
  • T1564.001 - Hidden Files and Directories
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Kimsuky

Score: 0.74
Matched TTPs:
  • T1598 - Phishing for Information
  • T1608.001 - Upload Malware
  • T1027.002 - Software Packing
  • T1078.003 - Local Accounts
  • T1027.012 - LNK Icon Smuggling
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1657 - Financial Theft
  • T1587.001 - Malware
  • T1588.003 - Code Signing Certificates
  • T1003.001 - LSASS Memory
  • T1584.001 - Domains
MITREへのリンク →

APT28

Score: 0.70
Matched TTPs:
  • T1598 - Phishing for Information
  • T1669 - Wi-Fi Networks
  • T1204.002 - Malicious File
  • T1598.003 - Spearphishing Link
  • T1003.003 - NTDS
  • T1203 - Exploitation for Client Execution
  • T1211 - Exploitation for Defense Evasion
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1003.001 - LSASS Memory
  • T1550.001 - Application Access Token
  • T1003 - OS Credential Dumping
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

APT32

Score: 0.64
Matched TTPs:
  • T1036.003 - Rename Legitimate Utilities
  • T1608.001 - Upload Malware
  • T1078.003 - Local Accounts
  • T1204.002 - Malicious File
  • T1569.002 - Service Execution
  • T1598.003 - Spearphishing Link
  • T1552.002 - Credentials in Registry
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1566.001 - Spearphishing Attachment
  • T1003.001 - LSASS Memory
  • T1003 - OS Credential Dumping
  • T1564.001 - Hidden Files and Directories
MITREへのリンク →

Wizard Spider

Score: 0.60
Matched TTPs:
  • T1003.002 - Security Account Manager
  • T1547.004 - Winlogon Helper DLL
  • T1204.002 - Malicious File
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1003.003 - NTDS
  • T1112 - Modify Registry
  • T1036.004 - Masquerade Task or Service
  • T1569.002 - Service Execution
  • T1566.001 - Spearphishing Attachment
  • T1588.003 - Code Signing Certificates
  • T1003.001 - LSASS Memory
MITREへのリンク →

Threat Group-3390

Score: 0.59
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1003.002 - Security Account Manager
  • T1027.002 - Software Packing
  • T1003.004 - LSA Secrets
  • T1027.015 - Compression
  • T1204.002 - Malicious File
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1588.003 - Code Signing Certificates
  • T1003.001 - LSASS Memory
  • T1608.002 - Upload Tool
MITREへのリンク →

OilRig

Score: 0.58
Matched TTPs:
  • T1608.001 - Upload Malware
  • T1003.004 - LSA Secrets
  • T1204.002 - Malicious File
  • T1078.002 - Domain Accounts
  • T1555.004 - Windows Credential Manager
  • T1112 - Modify Registry
  • T1203 - Exploitation for Client Execution
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1587.001 - Malware
  • T1137.004 - Outlook Home Page
  • T1588.003 - Code Signing Certificates
  • T1003.001 - LSASS Memory
MITREへのリンク →

Lazarus Group

Score: 0.56
Matched TTPs:
  • T1036.003 - Rename Legitimate Utilities
  • T1204.002 - Malicious File
  • T1134.002 - Create Process with Token
  • T1070 - Indicator Removal
  • T1036.004 - Masquerade Task or Service
  • T1203 - Exploitation for Client Execution
  • T1566.001 - Spearphishing Attachment
  • T1140 - Deobfuscate/Decode Files or Information
  • T1587.001 - Malware
  • T1564.001 - Hidden Files and Directories
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る