Trusted Design

Threat Spotlight: Spin to Win...Malware

概要

The threat landscape is ever changing and adversaries are always working to find more efficient ways to compromise users. One of the many ways that users are driven to malicious content is through malicious advertisements known as malvertising. Talos has been monitoring several large-scale malvertising campaigns, how the initial exploit occur, and the payloads that are downloaded as a result.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

Lazarus Group

Score: 39.72
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1070.006 - Timestomp
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1547.008 - LSASS Driver
MITREへのリンク →

TA577

Score: 6.65
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1543.003 - Windows Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Moonstone Sleet

Score: 19.26
Matched TTPs:
  • T1132.001 - Standard Encoding
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1573 - Encrypted Channel
  • T1197 - BITS Jobs
  • T1547.008 - LSASS Driver
MITREへのリンク →

Volt Typhoon

Score: 34.99
Matched TTPs:
  • T1148 - HISTCONTROL
  • T1685.001 - Disable or Modify Windows Event Log
  • T1560.003 - Archive via Custom Method
  • T1070.006 - Timestomp
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
  • T1159 - Launch Agent
  • T1574.002 - DLL Side-Loading
MITREへのリンク →

LAPSUS$

Score: 23.80
Matched TTPs:
  • T1216.001 - PubPrn
  • T1019 - System Firmware
  • T1193 - Spearphishing Attachment
  • T1136.002 - Domain Account
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1588.005 - Exploits
MITREへのリンク →

Contagious Interview

Score: 40.40
Matched TTPs:
  • T1044 - File System Permissions Weakness
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1021.006 - Windows Remote Management
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1690 - Prevent Command History Logging
  • T1059.006 - Python
  • T1221 - Template Injection
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Ember Bear

Score: 24.97
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1519 - Emond
  • T1003.003 - NTDS
MITREへのリンク →

Sandworm Team

Score: 55.86
Matched TTPs:
  • T1564.008 - Email Hiding Rules
  • T1606.002 - SAML Tokens
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1049 - System Network Connections Discovery
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1187 - Forced Authentication
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1075 - Pass the Hash
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

APT41

Score: 29.95
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1560.003 - Archive via Custom Method
  • T1089 - Disabling Security Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1002 - Data Compressed
  • T1570 - Lateral Tool Transfer
  • T1574.002 - DLL Side-Loading
  • T1008 - Fallback Channels
MITREへのリンク →

Rocke

Score: 15.38
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1612 - Build Image on Host
  • T1059.013 - Container CLI/API
  • T1105 - Ingress Tool Transfer
  • T1008 - Fallback Channels
MITREへのリンク →

TeamTNT

Score: 18.79
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1612 - Build Image on Host
  • T1519 - Emond
MITREへのリンク →

APT28

Score: 42.93
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1685.001 - Disable or Modify Windows Event Log
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1197 - BITS Jobs
  • T1059.012 - Hypervisor CLI
  • T1146 - Clear Command History
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1055.008 - Ptrace System Calls
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

UNC3886

Score: 13.47
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1021.006 - Windows Remote Management
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

ZIRCONIUM

Score: 21.16
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1608.005 - Link Target
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Leviathan

Score: 23.38
Matched TTPs:
  • T1685.001 - Disable or Modify Windows Event Log
  • T1484.002 - Trust Modification
  • T1543.003 - Windows Service
  • T1562.004 - Disable or Modify System Firewall
  • T1554 - Compromise Host Software Binary
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Mustard Tempest

Score: 18.66
Matched TTPs:
  • T1682 - Query Public AI Services
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1059.012 - Hypervisor CLI
  • T1543.002 - Systemd Service
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Scattered Spider

Score: 27.12
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1566.002 - Spearphishing Link
  • T1019 - System Firmware
  • T1136.002 - Domain Account
  • T1552.003 - Shell History
  • T1619 - Cloud Storage Object Discovery
  • T1199 - Trusted Relationship
  • T1197 - BITS Jobs
  • T1588.005 - Exploits
MITREへのリンク →

TA505

Score: 15.22
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT3

Score: 9.32
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN13

Score: 15.34
Matched TTPs:
  • T1560.003 - Archive via Custom Method
  • T1606.002 - SAML Tokens
  • T1089 - Disabling Security Tools
  • T1558 - Steal or Forge Kerberos Tickets
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

Kimsuky

Score: 53.54
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1213.006 - Databases
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1683.001 - Written Content
  • T1552.003 - Shell History
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1197 - BITS Jobs
  • T1027.018 - Invisible Unicode
  • T1003.003 - NTDS
  • T1008 - Fallback Channels
MITREへのリンク →

Indrik Spider

Score: 7.16
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1570 - Lateral Tool Transfer
  • T1546.016 - Installer Packages
MITREへのリンク →

OilRig

Score: 27.29
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1570 - Lateral Tool Transfer
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

LuminousMoth

Score: 17.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT29

Score: 26.38
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1562.004 - Disable or Modify System Firewall
  • T1138 - Application Shimming
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1223 - Compiled HTML File
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Play

Score: 5.47
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

Aoqin Dragon

Score: 6.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
MITREへのリンク →

RedCurl

Score: 20.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1591.003 - Identify Business Tempo
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1574.010 - Services File Permissions Weakness
  • T1128 - Netsh Helper DLL
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Turla

Score: 25.60
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Ke3chang

Score: 10.41
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1027.008 - Stripped Payloads
  • T1199 - Trusted Relationship
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Mustang Panda

Score: 43.70
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1569.001 - Launchctl
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1169 - Sudo
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN7

Score: 29.43
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1608.005 - Link Target
  • T1564.002 - Hidden Users
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1547.002 - Authentication Package
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Darkhotel

Score: 10.83
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1564.002 - Hidden Users
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Gamaredon Group

Score: 36.77
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1606.001 - Web Cookies
  • T1554 - Compromise Host Software Binary
  • T1199 - Trusted Relationship
  • T1061 - Graphical User Interface
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BRONZE BUTLER

Score: 17.50
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1008 - Fallback Channels
MITREへのリンク →

Cinnamon Tempest

Score: 8.55
Matched TTPs:
  • T1591.003 - Identify Business Tempo
  • T1089 - Disabling Security Tools
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
MITREへのリンク →

BlackTech

Score: 6.88
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

MuddyWater

Score: 17.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Confucius

Score: 6.31
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sidewinder

Score: 14.86
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1657 - Financial Theft
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Elderwood

Score: 6.07
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Machete

Score: 4.57
Matched TTPs:
  • T1543.003 - Windows Service
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Transparent Tribe

Score: 11.77
Matched TTPs:
  • T1543.003 - Windows Service
  • T1115 - Clipboard Data
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Evilnum

Score: 4.54
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN8

Score: 8.93
Matched TTPs:
  • T1543.003 - Windows Service
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT32

Score: 27.74
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1105 - Ingress Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT1

Score: 4.75
Matched TTPs:
  • T1543.003 - Windows Service
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT33

Score: 5.15
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

EXOTIC LILY

Score: 15.16
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1690 - Prevent Command History Logging
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Magic Hound

Score: 24.87
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1562.004 - Disable or Modify System Firewall
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1187 - Forced Authentication
  • T1547.002 - Authentication Package
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windshift

Score: 12.03
Matched TTPs:
  • T1543.003 - Windows Service
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
  • T1027.018 - Invisible Unicode
  • T1547.008 - LSASS Driver
MITREへのリンク →

Cobalt Group

Score: 10.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

FIN4

Score: 6.94
Matched TTPs:
  • T1543.003 - Windows Service
  • T1574.010 - Services File Permissions Weakness
  • T1027.018 - Invisible Unicode
MITREへのリンク →

TA2541

Score: 12.85
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Earth Lusca

Score: 22.65
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Storm-1811

Score: 17.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1089 - Disabling Security Tools
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
  • T1486 - Data Encrypted for Impact
  • T1567.003 - Exfiltration to Text Storage Sites
  • T1547.008 - LSASS Driver
MITREへのリンク →

Wizard Spider

Score: 3.66
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Patchwork

Score: 14.39
Matched TTPs:
  • T1543.003 - Windows Service
  • T1566.002 - Spearphishing Link
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
  • T1008 - Fallback Channels
MITREへのリンク →

LazyScripter

Score: 13.96
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1558 - Steal or Forge Kerberos Tickets
  • T1136.002 - Domain Account
  • T1612 - Build Image on Host
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

APT42

Score: 9.54
Matched TTPs:
  • T1543.003 - Windows Service
  • T1091 - Replication Through Removable Media
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
MITREへのリンク →

APT39

Score: 8.29
Matched TTPs:
  • T1543.003 - Windows Service
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1570 - Lateral Tool Transfer
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Silent Librarian

Score: 3.31
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1199 - Trusted Relationship
MITREへのリンク →

Star Blizzard

Score: 12.19
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
MITREへのリンク →

CURIUM

Score: 13.40
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Dragonfly

Score: 27.66
Matched TTPs:
  • T1566.002 - Spearphishing Link
  • T1115 - Clipboard Data
  • T1562.004 - Disable or Modify System Firewall
  • T1193 - Spearphishing Attachment
  • T1657 - Financial Theft
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
MITREへのリンク →

Chimera

Score: 4.82
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Velvet Ant

Score: 8.61
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1128 - Netsh Helper DLL
  • T1566.003 - Spearphishing via Service
MITREへのリンク →

RTM

Score: 6.79
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1059.012 - Hypervisor CLI
  • T1008 - Fallback Channels
MITREへのリンク →

Tonto Team

Score: 3.23
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

Aquatic Panda

Score: 7.63
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1562.004 - Disable or Modify System Firewall
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Higaisa

Score: 3.23
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1218.010 - Regsvr32
MITREへのリンク →

Tropic Trooper

Score: 15.01
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1159 - Launch Agent
  • T1105 - Ingress Tool Transfer
MITREへのリンク →

SideCopy

Score: 10.08
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1091 - Replication Through Removable Media
  • T1657 - Financial Theft
  • T1159 - Launch Agent
MITREへのリンク →

Daggerfly

Score: 12.86
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1573 - Encrypted Channel
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Threat Group-3390

Score: 20.15
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1115 - Clipboard Data
  • T1091 - Replication Through Removable Media
  • T1218.003 - CMSTP
  • T1199 - Trusted Relationship
  • T1573 - Encrypted Channel
  • T1218.010 - Regsvr32
  • T1570 - Lateral Tool Transfer
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

BackdoorDiplomacy

Score: 5.04
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

APT19

Score: 4.35
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

menuPass

Score: 4.77
Matched TTPs:
  • T1089 - Disabling Security Tools
  • T1558 - Steal or Forge Kerberos Tickets
  • T1199 - Trusted Relationship
MITREへのリンク →

HAFNIUM

Score: 20.82
Matched TTPs:
  • T1027.008 - Stripped Payloads
  • T1059 - Command and Scripting Interpreter
  • T1049 - System Network Connections Discovery
  • T1608.005 - Link Target
  • T1105 - Ingress Tool Transfer
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

APT5

Score: 3.84
Matched TTPs:
  • T1027.008 - Stripped Payloads
MITREへのリンク →

APT38

Score: 12.36
Matched TTPs:
  • T1675 - ESXi Administration Command
  • T1138 - Application Shimming
  • T1199 - Trusted Relationship
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

BlackByte

Score: 11.67
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1606.001 - Web Cookies
  • T1102.002 - Bidirectional Communication
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

BITTER

Score: 7.94
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1683 - Generate Content
  • T1218.010 - Regsvr32
MITREへのリンク →

HEXANE

Score: 11.81
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1070.006 - Timestomp
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
  • T1159 - Launch Agent
MITREへのリンク →

Saint Bear

Score: 6.84
Matched TTPs:
  • T1091 - Replication Through Removable Media
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Winter Vivern

Score: 11.53
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1562.004 - Disable or Modify System Firewall
  • T1218.001 - Compiled HTML File
  • T1059.012 - Hypervisor CLI
  • T1027.018 - Invisible Unicode
MITREへのリンク →

PLATINUM

Score: 3.95
Matched TTPs:
  • T1558 - Steal or Forge Kerberos Tickets
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

MoustachedBouncer

Score: 4.54
Matched TTPs:
  • T1055.003 - Thread Execution Hijacking
MITREへのリンク →

Medusa Group

Score: 21.34
Matched TTPs:
  • T1218.003 - CMSTP
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1598 - Phishing for Information
  • T1094 - Custom Command and Control Protocol
MITREへのリンク →

Volatile Cedar

Score: 6.72
Matched TTPs:
  • T1562.004 - Disable or Modify System Firewall
  • T1002 - Data Compressed
MITREへのリンク →

Metador

Score: 3.31
Matched TTPs:
  • T1136.002 - Domain Account
  • T1199 - Trusted Relationship
MITREへのリンク →

Andariel

Score: 9.56
Matched TTPs:
  • T1136.002 - Domain Account
  • T1187 - Forced Authentication
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Axiom

Score: 14.70
Matched TTPs:
  • T1049 - System Network Connections Discovery
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1114.002 - Remote Email Collection
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

Inception

Score: 7.61
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1159 - Launch Agent
MITREへのリンク →

FIN6

Score: 8.64
Matched TTPs:
  • T1612 - Build Image on Host
  • T1199 - Trusted Relationship
  • T1128 - Netsh Helper DLL
  • T1547.008 - LSASS Driver
MITREへのリンク →

Fox Kitten

Score: 8.60
Matched TTPs:
  • T1612 - Build Image on Host
  • T1570 - Lateral Tool Transfer
  • T1588.005 - Exploits
MITREへのリンク →

INC Ransom

Score: 6.66
Matched TTPs:
  • T1552.003 - Shell History
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

Malteiro

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Storm-0501

Score: 6.14
Matched TTPs:
  • T1552.003 - Shell History
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

AppleJeus

Score: 5.81
Matched TTPs:
  • T1552.003 - Shell History
  • T1562.013 - Disable or Modify Network Device Firewall
MITREへのリンク →

POLONIUM

Score: 5.26
Matched TTPs:
  • T1608.005 - Link Target
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

TA578

Score: 3.37
Matched TTPs:
  • T1608.005 - Link Target
  • T1027.018 - Invisible Unicode
MITREへのリンク →

Sea Turtle

Score: 9.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1218.010 - Regsvr32
  • T1059.013 - Container CLI/API
MITREへのリンク →

Lotus Blossom

Score: 3.08
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Carbanak

Score: 3.25
Matched TTPs:
  • T1199 - Trusted Relationship
  • T1547.002 - Authentication Package
MITREへのリンク →

GOLD SOUTHFIELD

Score: 6.21
Matched TTPs:
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1573 - Encrypted Channel
MITREへのリンク →

APT37

Score: 5.66
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
  • T1059.012 - Hypervisor CLI
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1547.002 - Authentication Package
  • T1218.010 - Regsvr32
MITREへのリンク →

Dark Caracal

Score: 4.29
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1547.008 - LSASS Driver
MITREへのリンク →

Windigo

Score: 4.51
Matched TTPs:
  • T1059.012 - Hypervisor CLI
  • T1159 - Launch Agent
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Sandworm Team

Score: 0.82
Matched TTPs:
  • T1543.003 - Windows Service
  • T1562.004 - Disable or Modify System Firewall
  • T1218.010 - Regsvr32
  • T1547.002 - Authentication Package
  • T1075 - Pass the Hash
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1193 - Spearphishing Attachment
  • T1102.003 - One-Way Communication
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1187 - Forced Authentication
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1484.002 - Trust Modification
  • T1546.016 - Installer Packages
  • T1573 - Encrypted Channel
  • T1005 - Data from Local System
  • T1049 - System Network Connections Discovery
  • T1564.008 - Email Hiding Rules
MITREへのリンク →

Kimsuky

Score: 0.76
Matched TTPs:
  • T1543.003 - Windows Service
  • T1552.003 - Shell History
  • T1683.001 - Written Content
  • T1690 - Prevent Command History Logging
  • T1547.002 - Authentication Package
  • T1197 - BITS Jobs
  • T1091 - Replication Through Removable Media
  • T1027.018 - Invisible Unicode
  • T1608 - Stage Capabilities
  • T1608.005 - Link Target
  • T1102.003 - One-Way Communication
  • T1562.013 - Disable or Modify Network Device Firewall
  • T1008 - Fallback Channels
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1606.002 - SAML Tokens
  • T1566.002 - Spearphishing Link
  • T1213.006 - Databases
  • T1003.003 - NTDS
MITREへのリンク →

APT28

Score: 0.66
Matched TTPs:
  • T1608.005 - Link Target
  • T1566.002 - Spearphishing Link
  • T1558 - Steal or Forge Kerberos Tickets
  • T1566.003 - Spearphishing via Service
  • T1685.001 - Disable or Modify Windows Event Log
  • T1059.012 - Hypervisor CLI
  • T1562.004 - Disable or Modify System Firewall
  • T1146 - Clear Command History
  • T1027.018 - Invisible Unicode
  • T1197 - BITS Jobs
  • T1055.008 - Ptrace System Calls
  • T1499.001 - OS Exhaustion Flood
  • T1199 - Trusted Relationship
  • T1218.010 - Regsvr32
  • T1105 - Ingress Tool Transfer
  • T1547.002 - Authentication Package
MITREへのリンク →

Mustang Panda

Score: 0.64
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1566.002 - Spearphishing Link
  • T1102.003 - One-Way Communication
  • T1218.010 - Regsvr32
  • T1612 - Build Image on Host
  • T1027.018 - Invisible Unicode
  • T1169 - Sudo
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1159 - Launch Agent
  • T1105 - Ingress Tool Transfer
  • T1569.001 - Launchctl
  • T1055.005 - Thread Local Storage
  • T1089 - Disabling Security Tools
  • T1608 - Stage Capabilities
MITREへのリンク →

Contagious Interview

Score: 0.61
Matched TTPs:
  • T1552.003 - Shell History
  • T1608.005 - Link Target
  • T1021.006 - Windows Remote Management
  • T1558 - Steal or Forge Kerberos Tickets
  • T1102.003 - One-Way Communication
  • T1547.008 - LSASS Driver
  • T1027.018 - Invisible Unicode
  • T1059.006 - Python
  • T1221 - Template Injection
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1606.002 - SAML Tokens
  • T1690 - Prevent Command History Logging
  • T1044 - File System Permissions Weakness
MITREへのリンク →

Lazarus Group

Score: 0.59
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.005 - Link Target
  • T1218.010 - Regsvr32
  • T1547.008 - LSASS Driver
  • T1059.012 - Hypervisor CLI
  • T1546.016 - Installer Packages
  • T1606.001 - Web Cookies
  • T1132.001 - Standard Encoding
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1606.002 - SAML Tokens
  • T1055.005 - Thread Local Storage
  • T1105 - Ingress Tool Transfer
  • T1547.002 - Authentication Package
  • T1089 - Disabling Security Tools
  • T1070.006 - Timestomp
MITREへのリンク →

Gamaredon Group

Score: 0.55
Matched TTPs:
  • T1554 - Compromise Host Software Binary
  • T1608.005 - Link Target
  • T1612 - Build Image on Host
  • T1061 - Graphical User Interface
  • T1606.001 - Web Cookies
  • T1059.013 - Container CLI/API
  • T1027.018 - Invisible Unicode
  • T1591.003 - Identify Business Tempo
  • T1091 - Replication Through Removable Media
  • T1199 - Trusted Relationship
  • T1570 - Lateral Tool Transfer
  • T1547.002 - Authentication Package
  • T1608 - Stage Capabilities
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る