Trusted Design

Looking Into a Cyber-Attack Facilitator in the Netherlands

概要

A small web hosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious cyber attacks that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is registered in Dubai, United Arab Emirates (UAE). But from public postings on the Internet, it is apparent that the owner doesn’t really care about laws in UAE. In fact, Pawn Storm and another threat actor attacked the UAE government using servers of the VPS provider through highly targeted credential phishing. Other threat actors like DustySky (also known as the Gaza hackers) are also regularly using the VPS provider to host their command-and-control (C&C) servers and to send spear phishing e-mails.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Kimsuky

Score: 21.45
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Sea Turtle

Score: 7.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1218.010 - Regsvr32
MITREへのリンク →

Ember Bear

Score: 7.05
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1175 - Component Object Model and Distributed COM
  • T1218.010 - Regsvr32
MITREへのリンク →

Indrik Spider

Score: 5.87
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1546.016 - Installer Packages
MITREへのリンク →

Agrius

Score: 3.03
Matched TTPs:
  • T1033 - System Owner/User Discovery
MITREへのリンク →

Contagious Interview

Score: 12.58
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1552.003 - Shell History
  • T1547.008 - LSASS Driver
MITREへのリンク →

Sandworm Team

Score: 18.64
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1049 - System Network Connections Discovery
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

Star Blizzard

Score: 5.01
Matched TTPs:
  • T1033 - System Owner/User Discovery
  • T1091 - Replication Through Removable Media
MITREへのリンク →

HAFNIUM

Score: 9.99
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

Ke3chang

Score: 6.24
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Volt Typhoon

Score: 19.36
Matched TTPs:
  • T1176 - Software Extensions
  • T1491 - Defacement
  • T1535 - Unused/Unsupported Cloud Regions
  • T1049 - System Network Connections Discovery
  • T1537 - Transfer Data to Cloud Account
  • T1546.016 - Installer Packages
MITREへのリンク →

Turla

Score: 12.99
Matched TTPs:
  • T1176 - Software Extensions
  • T1547.002 - Authentication Package
  • T1556.009 - Conditional Access Policies
  • T1546.016 - Installer Packages
MITREへのリンク →

APT29

Score: 18.99
Matched TTPs:
  • T1202 - Indirect Command Execution
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA2541

Score: 9.92
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Earth Lusca

Score: 8.09
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
  • T1546.016 - Installer Packages
MITREへのリンク →

Mustang Panda

Score: 7.60
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1055.005 - Thread Local Storage
MITREへのリンク →

Mustard Tempest

Score: 5.26
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1557.003 - DHCP Spoofing
MITREへのリンク →

OilRig

Score: 12.36
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1556.009 - Conditional Access Policies
  • T1547.008 - LSASS Driver
MITREへのリンク →

TeamTNT

Score: 7.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1535 - Unused/Unsupported Cloud Regions
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Gamaredon Group

Score: 10.05
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1547.002 - Authentication Package
  • T1546.017 - Udev Rules
MITREへのリンク →

Threat Group-3390

Score: 8.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

TA505

Score: 4.03
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

BlackByte

Score: 6.89
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

BITTER

Score: 3.47
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

APT32

Score: 12.46
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1592.004 - Client Configurations
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

HEXANE

Score: 4.37
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
MITREへのリンク →

Saint Bear

Score: 5.52
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Moonstone Sleet

Score: 16.14
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1491 - Defacement
  • T1175 - Component Object Model and Distributed COM
  • T1197 - BITS Jobs
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

FIN7

Score: 6.77
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1547.002 - Authentication Package
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

EXOTIC LILY

Score: 5.99
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT42

Score: 7.24
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1175 - Component Object Model and Distributed COM
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Fox Kitten

Score: 3.29
Matched TTPs:
  • T1491 - Defacement
MITREへのリンク →

APT38

Score: 7.74
Matched TTPs:
  • T1491 - Defacement
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Scattered Spider

Score: 17.22
Matched TTPs:
  • T1491 - Defacement
  • T1535 - Unused/Unsupported Cloud Regions
  • T1552.003 - Shell History
  • T1197 - BITS Jobs
  • T1027.002 - Software Packing
MITREへのリンク →

Chimera

Score: 5.68
Matched TTPs:
  • T1491 - Defacement
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Storm-0501

Score: 14.61
Matched TTPs:
  • T1535 - Unused/Unsupported Cloud Regions
  • T1552.003 - Shell History
  • T1027.014 - Polymorphic Code
  • T1055.009 - Proc Memory
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Rocke

Score: 5.49
Matched TTPs:
  • T1535 - Unused/Unsupported Cloud Regions
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

GALLIUM

Score: 5.34
Matched TTPs:
  • T1557.003 - DHCP Spoofing
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

CURIUM

Score: 8.33
Matched TTPs:
  • T1557.003 - DHCP Spoofing
  • T1175 - Component Object Model and Distributed COM
  • T1547.008 - LSASS Driver
MITREへのリンク →

Winter Vivern

Score: 7.06
Matched TTPs:
  • T1548 - Abuse Elevation Control Mechanism
  • T1175 - Component Object Model and Distributed COM
MITREへのリンク →

APT28

Score: 14.39
Matched TTPs:
  • T1175 - Component Object Model and Distributed COM
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1146 - Clear Command History
MITREへのリンク →

Axiom

Score: 12.18
Matched TTPs:
  • T1175 - Component Object Model and Distributed COM
  • T1049 - System Network Connections Discovery
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

Dragonfly

Score: 6.85
Matched TTPs:
  • T1175 - Component Object Model and Distributed COM
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
MITREへのリンク →

BRONZE BUTLER

Score: 5.34
Matched TTPs:
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
MITREへのリンク →

INC Ransom

Score: 8.77
Matched TTPs:
  • T1552.003 - Shell History
  • T1055.009 - Proc Memory
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Medusa Group

Score: 9.72
Matched TTPs:
  • T1552.003 - Shell History
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Cobalt Group

Score: 6.99
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Blue Mockingbird

Score: 5.14
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Leviathan

Score: 10.22
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1546.017 - Udev Rules
MITREへのリンク →

Inception

Score: 4.24
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
MITREへのリンク →

APT37

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Lazarus Group

Score: 13.38
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1547.008 - LSASS Driver
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

APT39

Score: 6.85
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Magic Hound

Score: 4.92
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1547.008 - LSASS Driver
MITREへのリンク →

MuddyWater

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

ZIRCONIUM

Score: 7.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

The White Company

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Patchwork

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Higaisa

Score: 4.65
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1546.017 - Udev Rules
MITREへのリンク →

APT3

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Tropic Trooper

Score: 4.24
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Aoqin Dragon

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT41

Score: 5.94
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Elderwood

Score: 3.55
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Velvet Ant

Score: 5.14
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

RedCurl

Score: 6.59
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1055.009 - Proc Memory
MITREへのリンク →

FIN6

Score: 7.67
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
MITREへのリンク →

Stealth Falcon

Score: 3.62
Matched TTPs:
  • T1556.009 - Conditional Access Policies
MITREへのリンク →

Wizard Spider

Score: 6.02
Matched TTPs:
  • T1556.009 - Conditional Access Policies
  • T1027.007 - Dynamic API Resolution
MITREへのリンク →

Dark Caracal

Score: 4.58
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1547.008 - LSASS Driver
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1130 - Install Root Certificate
MITREへのリンク →

PLATINUM

Score: 4.54
Matched TTPs:
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

Molerats

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.15
Matched TTPs:
  • T1546.017 - Udev Rules
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.81
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1091 - Replication Through Removable Media
  • T1537 - Transfer Data to Cloud Account
  • T1027.014 - Polymorphic Code
  • T1033 - System Owner/User Discovery
  • T1197 - BITS Jobs
  • T1557.003 - DHCP Spoofing
  • T1552.003 - Shell History
MITREへのリンク →

Volt Typhoon

Score: 0.75
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1535 - Unused/Unsupported Cloud Regions
  • T1546.016 - Installer Packages
  • T1176 - Software Extensions
  • T1049 - System Network Connections Discovery
  • T1491 - Defacement
MITREへのリンク →

Sandworm Team

Score: 0.74
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1546.016 - Installer Packages
  • T1033 - System Owner/User Discovery
  • T1557.003 - DHCP Spoofing
  • T1049 - System Network Connections Discovery
MITREへのリンク →

APT29

Score: 0.74
Matched TTPs:
  • T1547.008 - LSASS Driver
  • T1218.009 - Regsvcs/Regasm
  • T1537 - Transfer Data to Cloud Account
  • T1592.004 - Client Configurations
  • T1218.010 - Regsvr32
  • T1202 - Indirect Command Execution
MITREへのリンク →

Scattered Spider

Score: 0.66
Matched TTPs:
  • T1027.002 - Software Packing
  • T1535 - Unused/Unsupported Cloud Regions
  • T1197 - BITS Jobs
  • T1552.003 - Shell History
  • T1491 - Defacement
MITREへのリンク →

Moonstone Sleet

Score: 0.66
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1547.008 - LSASS Driver
  • T1091 - Replication Through Removable Media
  • T1197 - BITS Jobs
  • T1175 - Component Object Model and Distributed COM
  • T1491 - Defacement
MITREへのリンク →

Storm-0501

Score: 0.61
Matched TTPs:
  • T1537 - Transfer Data to Cloud Account
  • T1535 - Unused/Unsupported Cloud Regions
  • T1027.014 - Polymorphic Code
  • T1055.009 - Proc Memory
  • T1552.003 - Shell History
MITREへのリンク →

APT28

Score: 0.57
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1175 - Component Object Model and Distributed COM
  • T1146 - Clear Command History
MITREへのリンク →

OilRig

Score: 0.55
Matched TTPs:
  • T1547.008 - LSASS Driver
  • T1091 - Replication Through Removable Media
  • T1556.009 - Conditional Access Policies
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る