Trusted Design

How to Track Actors Behind Keyloggers Using Embedded Credentials

概要

This past year Unit 42 has seen a resurgence of keylogger activity and it seems like every week a new research blog comes out talking about one of four popular families: KeyBase, iSpy, HawkEye, or PredatorPain. These blogs usually delve into the technical workings of the threats, discuss their relationship to each other, and explain how they evolved from one another through new ownership or branding of the tools. The intent of this blog is not to rehash what has already been discussed, but instead to shift the focus to the actors behind these keylogger threats and show a practical technique for identification. Source : http://researchcenter.paloaltonetworks.com/2016/07/unit42-how-to-track-actors-behind-keyloggers-using-embedded-credentials/

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

HawkEye keylogger (score: 0.68)
HawkEye Keylogger Campaigns Affect Multiple Industries (score: 0.68)
KeyBase Keylogger Malware Family Exposed (score: 0.67)
HawkEye keylogger (score: 0.67)
Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (score: 0.64)

このPulseに関連する脅威アクター (事実ベース)

APT38

Score: 7.56

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Moonstone Sleet

Score: 8.91

Matched TTPs:

T1033 - System Owner/User Discovery
T1217 - Browser Information Discovery
T1591 - Gather Victim Org Information
T1105 - Ingress Tool Transfer

MITREへのリンク →

Ke3chang

Score: 4.28

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN7

Score: 11.92

Matched TTPs:

T1033 - System Owner/User Discovery
T1591 - Gather Victim Org Information
T1591.004 - Identify Roles
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

HAFNIUM

Score: 8.86

Matched TTPs:

T1033 - System Owner/User Discovery
T1593.003 - Code Repositories
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

Winter Vivern

Score: 6.88

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.003 - Web Portal Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

FIN10

Score: 4.23

Matched TTPs:

T1033 - System Owner/User Discovery
T1078.003 - Local Accounts

MITREへのリンク →

APT32

Score: 17.96

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1589 - Gather Victim Identity Information
T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

APT39

Score: 8.12

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1056 - Input Capture
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT37

Score: 3.84

Matched TTPs:

T1033 - System Owner/User Discovery
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Lazarus Group

Score: 13.19

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1591 - Gather Victim Org Information
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Tropic Trooper

Score: 6.50

Matched TTPs:

T1033 - System Owner/User Discovery
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

Threat Group-3390

Score: 9.91

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1608.002 - Upload Tool
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Magic Hound

Score: 22.43

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1567 - Exfiltration Over Web Service
T1589 - Gather Victim Identity Information
T1589.001 - Credentials
T1036.010 - Masquerade Account Name
T1105 - Ingress Tool Transfer
T1591.001 - Determine Physical Locations

MITREへのリンク →

Chimera

Score: 15.44

Matched TTPs:

T1033 - System Owner/User Discovery
T1217 - Browser Information Discovery
T1589.001 - Credentials
T1111 - Multi-Factor Authentication Interception
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer

MITREへのリンク →

Patchwork

Score: 3.84

Matched TTPs:

T1033 - System Owner/User Discovery
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Stealth Falcon

Score: 5.19

Matched TTPs:

T1033 - System Owner/User Discovery
T1555.004 - Windows Credential Manager

MITREへのリンク →

Volt Typhoon

Score: 32.64

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1594 - Search Victim-Owned Websites
T1589 - Gather Victim Identity Information
T1217 - Browser Information Discovery
T1590.006 - Network Security Appliances
T1591 - Gather Victim Org Information
T1593 - Search Open Websites/Domains
T1591.004 - Identify Roles
T1105 - Ingress Tool Transfer
T1596.005 - Scan Databases

MITREへのリンク →

Aquatic Panda

Score: 5.09

Matched TTPs:

T1033 - System Owner/User Discovery
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer

MITREへのリンク →

Gamaredon Group

Score: 5.97

Matched TTPs:

T1033 - System Owner/User Discovery
T1534 - Internal Spearphishing
T1105 - Ingress Tool Transfer

MITREへのリンク →

GALLIUM

Score: 5.09

Matched TTPs:

T1033 - System Owner/User Discovery
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer

MITREへのリンク →

Wizard Spider

Score: 8.71

Matched TTPs:

T1033 - System Owner/User Discovery
T1555.004 - Windows Credential Manager
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT41

Score: 12.65

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer
T1596.005 - Scan Databases

MITREへのリンク →

OilRig

Score: 9.39

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1203 - Exploitation for Client Execution
T1555.004 - Windows Credential Manager
T1105 - Ingress Tool Transfer

MITREへのリンク →

HEXANE

Score: 14.45

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1589 - Gather Victim Identity Information
T1534 - Internal Spearphishing
T1591.004 - Identify Roles
T1105 - Ingress Tool Transfer

MITREへのリンク →

MuddyWater

Score: 3.84

Matched TTPs:

T1033 - System Owner/User Discovery
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Dragonfly

Score: 11.30

Matched TTPs:

T1033 - System Owner/User Discovery
T1591.002 - Business Relationships
T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name
T1105 - Ingress Tool Transfer

MITREへのリンク →

Medusa Group

Score: 6.48

Matched TTPs:

T1033 - System Owner/User Discovery
T1608.002 - Upload Tool
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sandworm Team

Score: 20.32

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1594 - Search Victim-Owned Websites
T1586.001 - Social Media Accounts
T1591.002 - Business Relationships
T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Storm-1811

Score: 9.81

Matched TTPs:

T1033 - System Owner/User Discovery
T1056 - Input Capture
T1036.010 - Masquerade Account Name
T1105 - Ingress Tool Transfer

MITREへのリンク →

Sidewinder

Score: 3.84

Matched TTPs:

T1033 - System Owner/User Discovery
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT3

Score: 9.39

Matched TTPs:

T1033 - System Owner/User Discovery
T1056.001 - Keylogging
T1203 - Exploitation for Client Execution
T1036.010 - Masquerade Account Name
T1105 - Ingress Tool Transfer

MITREへのリンク →

APT28

Score: 25.97

Matched TTPs:

T1056.001 - Keylogging
T1567 - Exfiltration Over Web Service
T1596 - Search Open Technical Databases
T1591 - Gather Victim Org Information
T1589.001 - Credentials
T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer
T1669 - Wi-Fi Networks

MITREへのリンク →

Darkhotel

Score: 4.21

Matched TTPs:

T1056.001 - Keylogging
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Tonto Team

Score: 4.21

Matched TTPs:

T1056.001 - Keylogging
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

PLATINUM

Score: 7.25

Matched TTPs:

T1056.001 - Keylogging
T1105 - Ingress Tool Transfer
T1056.004 - Credential API Hooking

MITREへのリンク →

Kimsuky

Score: 37.74

Matched TTPs:

T1056.001 - Keylogging
T1594 - Search Victim-Owned Websites
T1596 - Search Open Technical Databases
T1593.002 - Search Engines
T1591 - Gather Victim Org Information
T1534 - Internal Spearphishing
T1593 - Search Open Websites/Domains
T1593.001 - Social Media
T1111 - Multi-Factor Authentication Interception
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

APT42

Score: 9.40

Matched TTPs:

T1056.001 - Keylogging
T1056 - Input Capture
T1111 - Multi-Factor Authentication Interception

MITREへのリンク →

FIN13

Score: 8.39

Matched TTPs:

T1056.001 - Keylogging
T1589 - Gather Victim Identity Information
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer

MITREへのリンク →

LAPSUS$

Score: 30.38

Matched TTPs:

T1597.002 - Purchase Technical Data
T1589 - Gather Victim Identity Information
T1591.002 - Business Relationships
T1593.003 - Code Repositories
T1552.008 - Chat Messages
T1589.001 - Credentials
T1591.004 - Identify Roles
T1111 - Multi-Factor Authentication Interception

MITREへのリンク →

Silent Librarian

Score: 3.29

Matched TTPs:

T1594 - Search Victim-Owned Websites

MITREへのリンク →

EXOTIC LILY

Score: 8.62

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1593.001 - Social Media
T1203 - Exploitation for Client Execution

MITREへのリンク →

TA578

Score: 3.29

Matched TTPs:

T1594 - Search Victim-Owned Websites

MITREへのリンク →

Leviathan

Score: 13.46

Matched TTPs:

T1586.001 - Social Media Accounts
T1534 - Internal Spearphishing
T1589.001 - Credentials
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Contagious Interview

Score: 21.66

Matched TTPs:

T1567 - Exfiltration Over Web Service
T1589 - Gather Victim Identity Information
T1681 - Search Threat Vendor Data
T1593.003 - Code Repositories
T1593 - Search Open Websites/Domains
T1593.001 - Social Media

MITREへのリンク →

BlackByte

Score: 4.40

Matched TTPs:

T1567 - Exfiltration Over Web Service
T1105 - Ingress Tool Transfer

MITREへのリンク →

Scattered Spider

Score: 6.99

Matched TTPs:

T1589 - Gather Victim Identity Information
T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

Star Blizzard

Score: 6.21

Matched TTPs:

T1589 - Gather Victim Identity Information
T1593 - Search Open Websites/Domains

MITREへのリンク →

Fox Kitten

Score: 4.06

Matched TTPs:

T1217 - Browser Information Discovery
T1105 - Ingress Tool Transfer

MITREへのリンク →

UNC3886

Score: 5.63

Matched TTPs:

T1681 - Search Threat Vendor Data
T1203 - Exploitation for Client Execution

MITREへのリンク →

APT29

Score: 13.32

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

BRONZE BUTLER

Score: 6.12

Matched TTPs:

T1550.003 - Pass the Ticket
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer

MITREへのリンク →

Mustang Panda

Score: 9.69

Matched TTPs:

T1593 - Search Open Websites/Domains
T1203 - Exploitation for Client Execution
T1105 - Ingress Tool Transfer
T1027.007 - Dynamic API Resolution

MITREへのリンク →

Sea Turtle

Score: 4.16

Matched TTPs:

T1203 - Exploitation for Client Execution
T1078.003 - Local Accounts

MITREへのリンク →

Ember Bear

Score: 4.24

Matched TTPs:

T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash

MITREへのリンク →

Turla

Score: 7.06

Matched TTPs:

T1555.004 - Windows Credential Manager
T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Mustard Tempest

Score: 5.31

Matched TTPs:

T1608.006 - SEO Poisoning
T1105 - Ingress Tool Transfer

MITREへのリンク →

Play

Score: 3.44

Matched TTPs:

T1105 - Ingress Tool Transfer
T1078.003 - Local Accounts

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

Kimsuky

Score: 0.80

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1593.002 - Search Engines
T1593.001 - Social Media
T1550.002 - Pass the Hash
T1593 - Search Open Websites/Domains
T1105 - Ingress Tool Transfer
T1534 - Internal Spearphishing
T1596 - Search Open Technical Databases
T1111 - Multi-Factor Authentication Interception
T1078.003 - Local Accounts
T1056.001 - Keylogging
T1591 - Gather Victim Org Information

MITREへのリンク →

Volt Typhoon

Score: 0.70

Matched TTPs:

T1594 - Search Victim-Owned Websites
T1591 - Gather Victim Org Information
T1593 - Search Open Websites/Domains
T1105 - Ingress Tool Transfer
T1033 - System Owner/User Discovery
T1591.004 - Identify Roles
T1217 - Browser Information Discovery
T1596.005 - Scan Databases
T1590.006 - Network Security Appliances
T1056.001 - Keylogging
T1589 - Gather Victim Identity Information

MITREへのリンク →

LAPSUS$

Score: 0.66

Matched TTPs:

T1591.002 - Business Relationships
T1589.001 - Credentials
T1589 - Gather Victim Identity Information
T1593.003 - Code Repositories
T1591.004 - Identify Roles
T1111 - Multi-Factor Authentication Interception
T1597.002 - Purchase Technical Data
T1552.008 - Chat Messages

MITREへのリンク →

APT28

Score: 0.59

Matched TTPs:

T1589.001 - Credentials
T1203 - Exploitation for Client Execution
T1550.002 - Pass the Hash
T1105 - Ingress Tool Transfer
T1567 - Exfiltration Over Web Service
T1669 - Wi-Fi Networks
T1596 - Search Open Technical Databases
T1056.001 - Keylogging
T1591 - Gather Victim Org Information

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る