Trusted Design

Win32.Bolik.1 - Bolik Banking Trojan

概要

A multicomponent polymorphic file virus that can infect file objects on 32-bit and 64-bit versions of Microsoft Windows. It is designed to perform web injections, intercept traffic, take screenshots, to execute keylogging functions, and to steal login credentials for online banking applications. It can also establish reverse RDP connections (back connect) and launch a local SOCKS5 proxy server and HTTP server in order to perform CMD commands. The virus is known to inherit several characteristic features from Trojan.Carberp and Trojan.PWS.Panda (Zeus). As Carberp’s successor, Trojan.Bolik.1 has borrowed the presence of a virtual file system, which the Trojan saves to one of system directories or to the user folder. Like Zeus, the Trojan has the JUPITER web injection mechanism; yet, it was considerably modified. In particular, Trojan.Bolik.1 uses JSON for data sharing and numeric codes are replaced with line parameters in the configuration block.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 9.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
  • T1490 - Inhibit System Recovery
MITREへのリンク →

menuPass

Score: 3.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1070.009 - Clear Persistence
MITREへのリンク →

Wizard Spider

Score: 24.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1587 - Develop Capabilities
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT33

Score: 7.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1556 - Modify Authentication Process
MITREへのリンク →

Fox Kitten

Score: 5.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1588.005 - Exploits
MITREへのリンク →

Volt Typhoon

Score: 12.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1156 - Malicious Shell Modification
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1569.002 - Service Execution
MITREへのリンク →

APT1

Score: 4.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1136.002 - Domain Account
MITREへのリンク →

Mustang Panda

Score: 20.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1136.001 - Local Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Play

Score: 7.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Chimera

Score: 6.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Sea Turtle

Score: 6.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT39

Score: 12.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

RedCurl

Score: 9.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT5

Score: 5.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1684 - Social Engineering
  • T1070.009 - Clear Persistence
MITREへのリンク →

Agrius

Score: 5.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

GALLIUM

Score: 5.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT41

Score: 21.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.001 - OS Exhaustion Flood
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

MuddyWater

Score: 7.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

APT28

Score: 20.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1156 - Malicious Shell Modification
  • T1499.001 - OS Exhaustion Flood
  • T1087.002 - Domain Account
  • T1548.004 - Elevated Execution with Prompt
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1055.008 - Ptrace System Calls
MITREへのリンク →

Turla

Score: 28.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1606.002 - SAML Tokens
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1566.004 - Spearphishing Voice
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

BRONZE BUTLER

Score: 15.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1580 - Cloud Infrastructure Discovery
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

UNC3886

Score: 14.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Kimsuky

Score: 29.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1580 - Cloud Infrastructure Discovery
  • T1027.014 - Polymorphic Code
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT3

Score: 8.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN8

Score: 13.60
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

Ke3chang

Score: 10.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1685.005 - Clear Windows Event Logs
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lotus Blossom

Score: 6.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1569.002 - Service Execution
MITREへのリンク →

FIN13

Score: 7.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1606.002 - SAML Tokens
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
MITREへのリンク →

Earth Lusca

Score: 8.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

Magic Hound

Score: 9.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Aquatic Panda

Score: 7.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1176.001 - Browser Extensions
  • T1136.002 - Domain Account
  • T1070.009 - Clear Persistence
MITREへのリンク →

INC Ransom

Score: 5.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Akira

Score: 4.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1580 - Cloud Infrastructure Discovery
MITREへのリンク →

Dragonfly

Score: 5.95
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
MITREへのリンク →

Gamaredon Group

Score: 17.07
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1606.001 - Web Cookies
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1546.017 - Udev Rules
MITREへのリンク →

OilRig

Score: 37.23
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1048 - Exfiltration Over Alternative Protocol
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1128 - Netsh Helper DLL
  • T1556.009 - Conditional Access Policies
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1556 - Modify Authentication Process
MITREへのリンク →

MoustachedBouncer

Score: 8.88
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1055.003 - Thread Execution Hijacking
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT42

Score: 8.19
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Winter Vivern

Score: 3.47
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Silence

Score: 10.35
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1048 - Exfiltration Over Alternative Protocol
  • T1070.009 - Clear Persistence
MITREへのリンク →

Group5

Score: 3.67
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1070.009 - Clear Persistence
MITREへのリンク →

Dark Caracal

Score: 9.76
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1048 - Exfiltration Over Alternative Protocol
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN7

Score: 16.28
Matched TTPs:
  • T1156 - Malicious Shell Modification
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1011.001 - Exfiltration Over Bluetooth
  • T1490 - Inhibit System Recovery
MITREへのリンク →

APT32

Score: 30.28
Matched TTPs:
  • T1113 - Screen Capture
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1484 - Domain or Tenant Policy Modification
  • T1556 - Modify Authentication Process
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
MITREへのリンク →

Rocke

Score: 7.91
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TeamTNT

Score: 13.91
Matched TTPs:
  • T1499.001 - OS Exhaustion Flood
  • T1606.002 - SAML Tokens
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Moonstone Sleet

Score: 6.05
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Lazarus Group

Score: 29.49
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1606.001 - Web Cookies
  • T1069.001 - Local Groups
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1587 - Develop Capabilities
  • T1569.002 - Service Execution
  • T1556 - Modify Authentication Process
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Contagious Interview

Score: 13.52
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1070.009 - Clear Persistence
  • T1651 - Cloud Administration Command
  • T1556 - Modify Authentication Process
MITREへのリンク →

LuminousMoth

Score: 7.72
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Sandworm Team

Score: 15.00
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1005 - Data from Local System
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Salt Typhoon

Score: 4.84
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1556 - Modify Authentication Process
MITREへのリンク →

APT29

Score: 35.51
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1580 - Cloud Infrastructure Discovery
  • T1138 - Application Shimming
  • T1218.010 - Regsvr32
  • T1218.009 - Regsvcs/Regasm
  • T1546.018 - Python Startup Hooks
  • T1223 - Compiled HTML File
  • T1070.009 - Clear Persistence
  • T1555.004 - Windows Credential Manager
  • T1537 - Transfer Data to Cloud Account
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Aoqin Dragon

Score: 8.67
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Malteiro

Score: 3.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1587 - Develop Capabilities
MITREへのリンク →

Elderwood

Score: 4.33
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

WIRTE

Score: 4.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Tropic Trooper

Score: 15.13
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
  • T1587 - Develop Capabilities
  • T1490 - Inhibit System Recovery
MITREへのリンク →

PLATINUM

Score: 7.78
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1686 - Disable or Modify System Firewall
MITREへのリンク →

TA551

Score: 4.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Threat Group-3390

Score: 17.12
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1526 - Cloud Service Discovery
  • T1546.017 - Udev Rules
MITREへのリンク →

BITTER

Score: 5.44
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ferocious Kitten

Score: 4.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

APT37

Score: 9.55
Matched TTPs:
  • T1087.002 - Domain Account
  • T1684 - Social Engineering
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
MITREへのリンク →

LazyScripter

Score: 5.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
MITREへのリンク →

PROMETHIUM

Score: 5.39
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1490 - Inhibit System Recovery
MITREへのリンク →

TA505

Score: 15.23
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1136.002 - Domain Account
  • T1138 - Application Shimming
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1587 - Develop Capabilities
MITREへのリンク →

Higaisa

Score: 12.58
Matched TTPs:
  • T1087.002 - Domain Account
  • T1580 - Cloud Infrastructure Discovery
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
  • T1569.002 - Service Execution
  • T1546.017 - Udev Rules
MITREへのリンク →

Cobalt Group

Score: 19.28
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1598.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Storm-1811

Score: 3.02
Matched TTPs:
  • T1087.002 - Domain Account
  • T1566.004 - Spearphishing Voice
MITREへのリンク →

Inception

Score: 6.22
Matched TTPs:
  • T1087.002 - Domain Account
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

EXOTIC LILY

Score: 4.25
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
MITREへのリンク →

Saint Bear

Score: 6.31
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1218.010 - Regsvr32
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

FIN6

Score: 7.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1128 - Netsh Helper DLL
  • T1070.009 - Clear Persistence
  • T1556 - Modify Authentication Process
MITREへのリンク →

Patchwork

Score: 8.75
Matched TTPs:
  • T1087.002 - Domain Account
  • T1580 - Cloud Infrastructure Discovery
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

APT19

Score: 6.66
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1027.014 - Polymorphic Code
  • T1556.005 - Reversible Encryption
MITREへのリンク →

TA2541

Score: 15.63
Matched TTPs:
  • T1087.002 - Domain Account
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1136.002 - Domain Account
  • T1128 - Netsh Helper DLL
  • T1537 - Transfer Data to Cloud Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

Leviathan

Score: 14.14
Matched TTPs:
  • T1087.002 - Domain Account
  • T1580 - Cloud Infrastructure Discovery
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1587 - Develop Capabilities
  • T1546.017 - Udev Rules
MITREへのリンク →

Andariel

Score: 4.74
Matched TTPs:
  • T1087.002 - Domain Account
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
MITREへのリンク →

APT38

Score: 20.71
Matched TTPs:
  • T1087.002 - Domain Account
  • T1176.001 - Browser Extensions
  • T1684 - Social Engineering
  • T1138 - Application Shimming
  • T1048 - Exfiltration Over Alternative Protocol
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Molerats

Score: 3.94
Matched TTPs:
  • T1087.002 - Domain Account
  • T1546.017 - Udev Rules
MITREへのリンク →

The White Company

Score: 5.72
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Sidewinder

Score: 3.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Confucius

Score: 3.47
Matched TTPs:
  • T1087.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BlackTech

Score: 8.87
Matched TTPs:
  • T1087.002 - Domain Account
  • T1685.005 - Clear Windows Event Logs
  • T1218.010 - Regsvr32
  • T1526 - Cloud Service Discovery
MITREへのリンク →

Medusa Group

Score: 19.70
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
  • T1598 - Phishing for Information
  • T1070.009 - Clear Persistence
  • T1537 - Transfer Data to Cloud Account
  • T1556.005 - Reversible Encryption
  • T1216 - System Script Proxy Execution
MITREへのリンク →

Blue Mockingbird

Score: 4.68
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1027.014 - Polymorphic Code
MITREへのリンク →

BlackByte

Score: 15.02
Matched TTPs:
  • T1176.001 - Browser Extensions
  • T1091 - Replication Through Removable Media
  • T1684 - Social Engineering
  • T1606.001 - Web Cookies
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Ember Bear

Score: 11.41
Matched TTPs:
  • T1005 - Data from Local System
  • T1136.002 - Domain Account
  • T1218.010 - Regsvr32
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
MITREへのリンク →

Velvet Ant

Score: 13.03
Matched TTPs:
  • T1684 - Social Engineering
  • T1128 - Netsh Helper DLL
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Moafee

Score: 3.03
Matched TTPs:
  • T1580 - Cloud Infrastructure Discovery
MITREへのリンク →

Leafminer

Score: 4.54
Matched TTPs:
  • T1101 - Security Support Provider
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1685.005 - Clear Windows Event Logs
MITREへのリンク →

LAPSUS$

Score: 6.30
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.005 - Exploits
MITREへのリンク →

Metador

Score: 5.03
Matched TTPs:
  • T1136.002 - Domain Account
  • T1070.009 - Clear Persistence
  • T1556.005 - Reversible Encryption
MITREへのリンク →

BackdoorDiplomacy

Score: 5.39
Matched TTPs:
  • T1136.002 - Domain Account
  • T1587 - Develop Capabilities
MITREへのリンク →

Scattered Spider

Score: 6.30
Matched TTPs:
  • T1136.002 - Domain Account
  • T1588.005 - Exploits
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1589.003 - Employee Names
  • T1130 - Install Root Certificate
MITREへのリンク →

Storm-0501

Score: 4.80
Matched TTPs:
  • T1027.014 - Polymorphic Code
  • T1537 - Transfer Data to Cloud Account
MITREへのリンク →

Axiom

Score: 6.03
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1160 - Launch Daemon
MITREへのリンク →

RedEcho

Score: 3.93
Matched TTPs:
  • T1128 - Netsh Helper DLL
  • T1556.005 - Reversible Encryption
MITREへのリンク →

FIN10

Score: 6.28
Matched TTPs:
  • T1566.004 - Spearphishing Voice
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
MITREへのリンク →

Stealth Falcon

Score: 4.81
Matched TTPs:
  • T1556.009 - Conditional Access Policies
  • T1556.005 - Reversible Encryption
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1130 - Install Root Certificate
  • T1569.002 - Service Execution
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.75
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1218.010 - Regsvr32
  • T1592.002 - Software
  • T1091 - Replication Through Removable Media
  • T1128 - Netsh Helper DLL
  • T1556 - Modify Authentication Process
  • T1156 - Malicious Shell Modification
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1048 - Exfiltration Over Alternative Protocol
  • T1526 - Cloud Service Discovery
  • T1176.001 - Browser Extensions
  • T1556.009 - Conditional Access Policies
  • T1005 - Data from Local System
MITREへのリンク →

APT29

Score: 0.73
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1218.009 - Regsvcs/Regasm
  • T1223 - Compiled HTML File
  • T1218.010 - Regsvr32
  • T1546.018 - Python Startup Hooks
  • T1537 - Transfer Data to Cloud Account
  • T1580 - Cloud Infrastructure Discovery
  • T1087.002 - Domain Account
  • T1138 - Application Shimming
  • T1490 - Inhibit System Recovery
  • T1555.004 - Windows Credential Manager
MITREへのリンク →

APT32

Score: 0.67
Matched TTPs:
  • T1070.009 - Clear Persistence
  • T1490 - Inhibit System Recovery
  • T1684 - Social Engineering
  • T1484 - Domain or Tenant Policy Modification
  • T1566.004 - Spearphishing Voice
  • T1027.014 - Polymorphic Code
  • T1218.010 - Regsvr32
  • T1091 - Replication Through Removable Media
  • T1556 - Modify Authentication Process
  • T1087.002 - Domain Account
  • T1113 - Screen Capture
  • T1556.005 - Reversible Encryption
  • T1176.001 - Browser Extensions
MITREへのリンク →

Turla

Score: 0.66
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1490 - Inhibit System Recovery
  • T1684 - Social Engineering
  • T1566.004 - Spearphishing Voice
  • T1569.002 - Service Execution
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1556.005 - Reversible Encryption
  • T1556.009 - Conditional Access Policies
  • T1136.002 - Domain Account
  • T1587 - Develop Capabilities
MITREへのリンク →

Lazarus Group

Score: 0.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1216 - System Script Proxy Execution
  • T1569.002 - Service Execution
  • T1606.001 - Web Cookies
  • T1218.010 - Regsvr32
  • T1556 - Modify Authentication Process
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1587 - Develop Capabilities
  • T1176.001 - Browser Extensions
  • T1069.001 - Local Groups
MITREへのリンク →

Kimsuky

Score: 0.62
Matched TTPs:
  • T1606.002 - SAML Tokens
  • T1070.009 - Clear Persistence
  • T1684 - Social Engineering
  • T1027.014 - Polymorphic Code
  • T1091 - Replication Through Removable Media
  • T1560.001 - Archive via Utility
  • T1537 - Transfer Data to Cloud Account
  • T1156 - Malicious Shell Modification
  • T1580 - Cloud Infrastructure Discovery
  • T1087.002 - Domain Account
  • T1556.005 - Reversible Encryption
  • T1490 - Inhibit System Recovery
  • T1526 - Cloud Service Discovery
  • T1176.001 - Browser Extensions
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る