Trusted Design

Win32.Bolik.1 - Bolik Banking Trojan

概要

A multicomponent polymorphic file virus that can infect file objects on 32-bit and 64-bit versions of Microsoft Windows. It is designed to perform web injections, intercept traffic, take screenshots, to execute keylogging functions, and to steal login credentials for online banking applications. It can also establish reverse RDP connections (back connect) and launch a local SOCKS5 proxy server and HTTP server in order to perform CMD commands. The virus is known to inherit several characteristic features from Trojan.Carberp and Trojan.PWS.Panda (Zeus). As Carberp’s successor, Trojan.Bolik.1 has borrowed the presence of a virtual file system, which the Trojan saves to one of system directories or to the user folder. Like Zeus, the Trojan has the JUPITER web injection mechanism; yet, it was considerably modified. In particular, Trojan.Bolik.1 uses JSON for data sharing and numeric codes are replaced with line parameters in the configuration block.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

HAFNIUM

Score: 9.58
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1071.001 - Web Protocols
  • T1550.001 - Application Access Token
  • T1078.003 - Local Accounts
MITREへのリンク →

menuPass

Score: 3.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1070.004 - File Deletion
MITREへのリンク →

Wizard Spider

Score: 24.03
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1588.003 - Code Signing Certificates
  • T1055.001 - Dynamic-link Library Injection
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT33

Score: 7.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Fox Kitten

Score: 5.44
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1213.005 - Messaging Applications
MITREへのリンク →

Volt Typhoon

Score: 12.48
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1090.001 - Internal Proxy
MITREへのリンク →

APT1

Score: 4.05
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1588.001 - Malware
MITREへのリンク →

Mustang Panda

Score: 20.95
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1176.002 - IDE Extensions
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Play

Score: 7.74
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

Chimera

Score: 6.40
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

Sea Turtle

Score: 6.94
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1078.003 - Local Accounts
MITREへのリンク →

APT39

Score: 12.22
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
MITREへのリンク →

RedCurl

Score: 9.79
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

APT5

Score: 5.43
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1055 - Process Injection
  • T1070.004 - File Deletion
MITREへのリンク →

Agrius

Score: 5.76
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

GALLIUM

Score: 5.88
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

APT41

Score: 21.06
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1014 - Rootkit
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

MuddyWater

Score: 7.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

APT28

Score: 20.69
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1014 - Rootkit
  • T1204.002 - Malicious File
  • T1546.015 - Component Object Model Hijacking
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1550.001 - Application Access Token
MITREへのリンク →

Turla

Score: 28.31
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.011 - Fileless Storage
  • T1587.001 - Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1570 - Lateral Tool Transfer
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1055.001 - Dynamic-link Library Injection
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

BRONZE BUTLER

Score: 15.20
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1027.001 - Binary Padding
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

UNC3886

Score: 14.54
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Kimsuky

Score: 29.35
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1027.001 - Binary Padding
  • T1218.010 - Regsvr32
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1588.003 - Code Signing Certificates
  • T1078.003 - Local Accounts
MITREへのリンク →

APT3

Score: 8.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

FIN8

Score: 13.60
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Ke3chang

Score: 10.25
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1036.002 - Right-to-Left Override
  • T1071.001 - Web Protocols
MITREへのリンク →

Lotus Blossom

Score: 6.46
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1090.001 - Internal Proxy
MITREへのリンク →

FIN13

Score: 7.81
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1587.001 - Malware
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
MITREへのリンク →

Earth Lusca

Score: 8.75
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
MITREへのリンク →

Magic Hound

Score: 9.47
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

Aquatic Panda

Score: 7.37
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1543.003 - Windows Service
  • T1588.001 - Malware
  • T1070.004 - File Deletion
MITREへのリンク →

INC Ransom

Score: 5.21
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Akira

Score: 4.63
Matched TTPs:
  • T1560.001 - Archive via Utility
  • T1027.001 - Binary Padding
MITREへのリンク →

Dragonfly

Score: 5.95
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
MITREへのリンク →

Gamaredon Group

Score: 17.07
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1491.001 - Internal Defacement
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1027.015 - Compression
MITREへのリンク →

OilRig

Score: 37.23
Matched TTPs:
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1573.002 - Asymmetric Cryptography
  • T1555.004 - Windows Credential Manager
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1588.003 - Code Signing Certificates
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

MoustachedBouncer

Score: 8.88
Matched TTPs:
  • T1113 - Screen Capture
  • T1659 - Content Injection
  • T1027.002 - Software Packing
MITREへのリンク →

APT42

Score: 8.19
Matched TTPs:
  • T1113 - Screen Capture
  • T1608.001 - Upload Malware
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

Winter Vivern

Score: 3.47
Matched TTPs:
  • T1113 - Screen Capture
  • T1071.001 - Web Protocols
MITREへのリンク →

Silence

Score: 10.35
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1218.001 - Compiled HTML File
  • T1070.004 - File Deletion
MITREへのリンク →

Group5

Score: 3.67
Matched TTPs:
  • T1113 - Screen Capture
  • T1070.004 - File Deletion
MITREへのリンク →

Dark Caracal

Score: 9.76
Matched TTPs:
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1218.001 - Compiled HTML File
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN7

Score: 16.28
Matched TTPs:
  • T1113 - Screen Capture
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1674 - Input Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

APT32

Score: 30.28
Matched TTPs:
  • T1027.011 - Fileless Storage
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1564.004 - NTFS File Attributes
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
MITREへのリンク →

Winnti Group

Score: 3.29
Matched TTPs:
  • T1014 - Rootkit
MITREへのリンク →

Rocke

Score: 7.91
Matched TTPs:
  • T1014 - Rootkit
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

TeamTNT

Score: 13.91
Matched TTPs:
  • T1014 - Rootkit
  • T1587.001 - Malware
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Moonstone Sleet

Score: 6.05
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
MITREへのリンク →

Lazarus Group

Score: 29.49
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1491.001 - Internal Defacement
  • T1574.013 - KernelCallbackTable
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1055.001 - Dynamic-link Library Injection
  • T1090.001 - Internal Proxy
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Contagious Interview

Score: 13.52
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1070.004 - File Deletion
  • T1547.013 - XDG Autostart Entries
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LuminousMoth

Score: 7.72
Matched TTPs:
  • T1587.001 - Malware
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1071.001 - Web Protocols
MITREへのリンク →

Sandworm Team

Score: 15.00
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1195 - Supply Chain Compromise
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

Salt Typhoon

Score: 4.84
Matched TTPs:
  • T1587.001 - Malware
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT29

Score: 35.51
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1027.001 - Binary Padding
  • T1553.005 - Mark-of-the-Web Bypass
  • T1203 - Exploitation for Client Execution
  • T1090.004 - Domain Fronting
  • T1562.008 - Disable or Modify Cloud Logs
  • T1027.006 - HTML Smuggling
  • T1070.004 - File Deletion
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
  • T1078.003 - Local Accounts
MITREへのリンク →

Aoqin Dragon

Score: 8.67
Matched TTPs:
  • T1587.001 - Malware
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1027.002 - Software Packing
MITREへのリンク →

Malteiro

Score: 3.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Elderwood

Score: 4.33
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

WIRTE

Score: 4.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

Tropic Trooper

Score: 15.13
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
  • T1055.001 - Dynamic-link Library Injection
  • T1078.003 - Local Accounts
MITREへのリンク →

PLATINUM

Score: 7.78
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1056.004 - Credential API Hooking
MITREへのリンク →

TA551

Score: 4.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

Threat Group-3390

Score: 17.12
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1588.003 - Code Signing Certificates
  • T1027.015 - Compression
MITREへのリンク →

BITTER

Score: 5.44
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Ferocious Kitten

Score: 4.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

APT37

Score: 9.55
Matched TTPs:
  • T1204.002 - Malicious File
  • T1055 - Process Injection
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

LazyScripter

Score: 5.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
MITREへのリンク →

PROMETHIUM

Score: 5.39
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1078.003 - Local Accounts
MITREへのリンク →

TA505

Score: 15.23
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1588.001 - Malware
  • T1553.005 - Mark-of-the-Web Bypass
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Higaisa

Score: 12.58
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.001 - Binary Padding
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1090.001 - Internal Proxy
  • T1027.015 - Compression
MITREへのリンク →

Cobalt Group

Score: 19.28
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1218.008 - Odbcconf
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

Storm-1811

Score: 3.02
Matched TTPs:
  • T1204.002 - Malicious File
  • T1570 - Lateral Tool Transfer
MITREへのリンク →

Inception

Score: 6.22
Matched TTPs:
  • T1204.002 - Malicious File
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

EXOTIC LILY

Score: 4.25
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Saint Bear

Score: 6.31
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

FIN6

Score: 7.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Patchwork

Score: 8.75
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.001 - Binary Padding
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

APT19

Score: 6.66
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
  • T1071.001 - Web Protocols
MITREへのリンク →

TA2541

Score: 15.63
Matched TTPs:
  • T1204.002 - Malicious File
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1573.002 - Asymmetric Cryptography
  • T1027.002 - Software Packing
  • T1027.015 - Compression
MITREへのリンク →

Mofang

Score: 3.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

Leviathan

Score: 14.14
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.001 - Binary Padding
  • T1218.010 - Regsvr32
  • T1203 - Exploitation for Client Execution
  • T1055.001 - Dynamic-link Library Injection
  • T1027.015 - Compression
MITREへのリンク →

Andariel

Score: 4.74
Matched TTPs:
  • T1204.002 - Malicious File
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT38

Score: 20.71
Matched TTPs:
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1055 - Process Injection
  • T1553.005 - Mark-of-the-Web Bypass
  • T1218.001 - Compiled HTML File
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Molerats

Score: 3.94
Matched TTPs:
  • T1204.002 - Malicious File
  • T1027.015 - Compression
MITREへのリンク →

The White Company

Score: 5.72
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
MITREへのリンク →

Sidewinder

Score: 3.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Confucius

Score: 3.47
Matched TTPs:
  • T1204.002 - Malicious File
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

BlackTech

Score: 8.87
Matched TTPs:
  • T1204.002 - Malicious File
  • T1036.002 - Right-to-Left Override
  • T1203 - Exploitation for Client Execution
  • T1588.003 - Code Signing Certificates
MITREへのリンク →

Medusa Group

Score: 19.70
Matched TTPs:
  • T1543.003 - Windows Service
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1650 - Acquire Access
  • T1070.004 - File Deletion
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1529 - System Shutdown/Reboot
MITREへのリンク →

Blue Mockingbird

Score: 4.68
Matched TTPs:
  • T1543.003 - Windows Service
  • T1218.010 - Regsvr32
MITREへのリンク →

BlackByte

Score: 15.02
Matched TTPs:
  • T1543.003 - Windows Service
  • T1608.001 - Upload Malware
  • T1055 - Process Injection
  • T1491.001 - Internal Defacement
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 11.41
Matched TTPs:
  • T1195 - Supply Chain Compromise
  • T1588.001 - Malware
  • T1203 - Exploitation for Client Execution
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
MITREへのリンク →

Velvet Ant

Score: 13.03
Matched TTPs:
  • T1055 - Process Injection
  • T1573.002 - Asymmetric Cryptography
  • T1570 - Lateral Tool Transfer
  • T1090.001 - Internal Proxy
  • T1078.003 - Local Accounts
MITREへのリンク →

Moafee

Score: 3.03
Matched TTPs:
  • T1027.001 - Binary Padding
MITREへのリンク →

Leafminer

Score: 4.54
Matched TTPs:
  • T1055.013 - Process Doppelgänging
MITREへのリンク →

Scarlet Mimic

Score: 3.44
Matched TTPs:
  • T1036.002 - Right-to-Left Override
MITREへのリンク →

LAPSUS$

Score: 6.30
Matched TTPs:
  • T1588.001 - Malware
  • T1213.005 - Messaging Applications
MITREへのリンク →

Metador

Score: 5.03
Matched TTPs:
  • T1588.001 - Malware
  • T1070.004 - File Deletion
  • T1071.001 - Web Protocols
MITREへのリンク →

BackdoorDiplomacy

Score: 5.39
Matched TTPs:
  • T1588.001 - Malware
  • T1055.001 - Dynamic-link Library Injection
MITREへのリンク →

Scattered Spider

Score: 6.30
Matched TTPs:
  • T1588.001 - Malware
  • T1213.005 - Messaging Applications
MITREへのリンク →

Equation

Score: 8.67
Matched TTPs:
  • T1542.002 - Component Firmware
  • T1564.005 - Hidden File System
MITREへのリンク →

Storm-0501

Score: 4.80
Matched TTPs:
  • T1218.010 - Regsvr32
  • T1027.002 - Software Packing
MITREへのリンク →

Axiom

Score: 6.03
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1001.002 - Steganography
MITREへのリンク →

RedEcho

Score: 3.93
Matched TTPs:
  • T1573.002 - Asymmetric Cryptography
  • T1071.001 - Web Protocols
MITREへのリンク →

FIN10

Score: 6.28
Matched TTPs:
  • T1570 - Lateral Tool Transfer
  • T1070.004 - File Deletion
  • T1078.003 - Local Accounts
MITREへのリンク →

Stealth Falcon

Score: 4.81
Matched TTPs:
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
MITREへのリンク →

Strider

Score: 7.06
Matched TTPs:
  • T1564.005 - Hidden File System
  • T1090.001 - Internal Proxy
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

OilRig

Score: 0.75
Matched TTPs:
  • T1137.004 - Outlook Home Page
  • T1573.002 - Asymmetric Cryptography
  • T1070.004 - File Deletion
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1195 - Supply Chain Compromise
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1588.003 - Code Signing Certificates
  • T1587.001 - Malware
  • T1555.004 - Windows Credential Manager
  • T1071.001 - Web Protocols
  • T1113 - Screen Capture
  • T1608.001 - Upload Malware
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT29

Score: 0.73
Matched TTPs:
  • T1078.003 - Local Accounts
  • T1070.004 - File Deletion
  • T1204.002 - Malicious File
  • T1027.001 - Binary Padding
  • T1562.008 - Disable or Modify Cloud Logs
  • T1587.001 - Malware
  • T1651 - Cloud Administration Command
  • T1027.002 - Software Packing
  • T1553.005 - Mark-of-the-Web Bypass
  • T1090.004 - Domain Fronting
  • T1027.006 - HTML Smuggling
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT32

Score: 0.67
Matched TTPs:
  • T1564.004 - NTFS File Attributes
  • T1570 - Lateral Tool Transfer
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1078.003 - Local Accounts
  • T1070.004 - File Deletion
  • T1027.011 - Fileless Storage
  • T1055 - Process Injection
  • T1543.003 - Windows Service
  • T1204.002 - Malicious File
  • T1218.010 - Regsvr32
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Turla

Score: 0.66
Matched TTPs:
  • T1078.003 - Local Accounts
  • T1027.011 - Fileless Storage
  • T1055 - Process Injection
  • T1588.001 - Malware
  • T1587.001 - Malware
  • T1555.004 - Windows Credential Manager
  • T1055.001 - Dynamic-link Library Injection
  • T1560.001 - Archive via Utility
  • T1570 - Lateral Tool Transfer
  • T1090.001 - Internal Proxy
  • T1071.001 - Web Protocols
MITREへのリンク →

Lazarus Group

Score: 0.62
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1529 - System Shutdown/Reboot
  • T1070.004 - File Deletion
  • T1574.013 - KernelCallbackTable
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1587.001 - Malware
  • T1055.001 - Dynamic-link Library Injection
  • T1491.001 - Internal Defacement
  • T1090.001 - Internal Proxy
  • T1071.001 - Web Protocols
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Kimsuky

Score: 0.62
Matched TTPs:
  • T1078.003 - Local Accounts
  • T1055 - Process Injection
  • T1113 - Screen Capture
  • T1204.002 - Malicious File
  • T1543.003 - Windows Service
  • T1027.001 - Binary Padding
  • T1218.010 - Regsvr32
  • T1588.003 - Code Signing Certificates
  • T1587.001 - Malware
  • T1027.002 - Software Packing
  • T1560.001 - Archive via Utility
  • T1608.001 - Upload Malware
  • T1071.001 - Web Protocols
  • T1070.004 - File Deletion
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る